Text Exploits
31,394 exploits tracked across all sources.
com_recipes - SQL Injection via id Parameter
SQL injection vulnerability in index.php in the Recipes (com_recipes) 1.00 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
by S@BUN
Joomla com_buslicense - SQL Injection via aid Parameter
SQL injection vulnerability in index.php in the buslicense (com_buslicense) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in a list action.
by S@BUN
com_jokes - SQL Injection via CatView Cat Parameter
SQL injection vulnerability in index.php in the Atapin Jokes (com_jokes) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a CatView action.
by S@BUN
Mambo - SQL Injection via EstateAgent Component objid Parameter
SQL injection vulnerability in index.php in the Darko Selesi EstateAgent (com_estateagent) 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the objid parameter in a contact showObject action.
by S@BUN
Joomla Glossary Component - SQL Injection via catid Parameter
SQL injection vulnerability in index.php in the Glossary (com_glossary) 2.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a display action.
by S@BUN
ChronoEngine ChronoForms 2.3.5 - Remote Code Execution via mosConfig_absolute_path Parameter
Multiple PHP remote file inclusion vulnerabilities in ChronoEngine ChronoForms (com_chronocontact) 2.3.5 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) PPS/File.php, (2) Writer.php, and (3) PPS.php in excelwriter/; and (4) BIFFwriter.php, (5) Workbook.php, (6) Worksheet.php, and (7) Format.php in excelwriter/Writer/.
by Crackers_Child
Joomla! / Mambo Component com_buslicense - 'aid' SQL Injection
by S@BUN
2WIRE Routers - 'H04_POST' Access Validation
by Oligarchy Oligarchy
Netwerk Smart Publisher 1.0.1 - Remote Code Execution via filedata Parameter
Eval injection vulnerability in admin/op/disp.php in Netwerk Smart Publisher 1.0.1 allows remote attackers to execute arbitrary PHP code via the filedata parameter.
by GoLd_M
phpcms 1.2.2 - Path Traversal via File Parameter in parser.php
Directory traversal vulnerability in parser/include/class.cache_phpcms.php in phpCMS 1.2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to parser/parser.php, as demonstrated by a filename ending with %00.gif, a different vector than CVE-2005-1840.
by DSecRG
Joomla! and Mambo Newsletter Component - SQL Injection via listid Parameter
SQL injection vulnerability in index.php in the Newsletter (com_newsletter) component for Mambo 4.5 and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.
by S@BUN
Joomla! and Mambo com_mamml - SQL Injection via listid Parameter
SQL injection vulnerability in index.php in the MaMML (com_mamml) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.
by S@BUN
Joomla com_fq - SQL Injection via listid Parameter
SQL injection vulnerability in index.php in the fq (com_fq) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.
by S@BUN
Bigware Shop 2.0 - SQL Injection via pollid Parameter
SQL injection vulnerability in main_bigware_53.tpl.php in Bigware Shop 2.0 allows remote attackers to execute arbitrary SQL commands via the pollid parameter in a results action to main_bigware_53.php.
by D4m14n
ampjuke 0.7.0 - Cross-Site Scripting via Limit Parameter
Cross-site scripting (XSS) vulnerability in index.php in AmpJuke 0.7.0 allows remote attackers to inject arbitrary web script or HTML via the limit parameter in a search action.
by ShaFuck31
phpMyClub 0.0.1 - Path Traversal via page_courante Parameter
Directory traversal vulnerability in phpMyClub 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page_courante parameter to the top-level URI.
by S.W.A.T.
Mambo Module MOStlyCE 2.4 Image Manager Utility - Arbitrary File Upload
by AmnPardaz
Mambo < 4.6.3 - Cross-Site Scripting via Command Parameter
Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to inject arbitrary web script or HTML via the Command parameter.
by AmnPardaz
eTicket 1.5.6-RC4 - Cross-Site Scripting via PATH_INFO
Cross-site scripting (XSS) vulnerability in index.php in eTicket 1.5.6-RC4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
by jekil
Clansphere 2007.4.4 - Path Traversal via Lang Parameter
Directory traversal vulnerability in install.php in Clansphere 2007.4.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
by p4imi0
Bubbling Library 1.32 - Path Traversal via URI Parameter
Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to read arbitrary files via a .. (dot dot) in the uri parameter to dispatcher.php in (1) examples/dispatcher/framework/, (2) examples/dispatcher/, (3) examples/wizard/, and (4) PHP/, different vectors than CVE-2008-0545.
by Stack
VB Marketing - Path Traversal via tseekdir.cgi Location Parameter
Directory traversal vulnerability in tseekdir.cgi in VB Marketing allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the location parameter.
by Sw33t h4cK3r
ASPired2Protect - SQL Injection via Username and Password Parameters
Multiple SQL injection vulnerabilities in login.asp in ASPired2Protect allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: some of these details are obtained from third party information.
by T_L_O_T_D
WP-Cal Plugin 0.3 - SQL Injection via id Parameter
SQL injection vulnerability in functions/editevent.php in the WP-Cal 0.3 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Houssamix
fGallery 2.4.1 - SQL Injection via Album Parameter
SQL injection vulnerability in fim_rss.php in the fGallery 2.4.1 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the album parameter.
by Houssamix
By Source