Text Exploits
31,394 exploits tracked across all sources.
Binn SBuilder - SQL Injection via full_text.php nid Parameter
SQL injection vulnerability in full_text.php in Binn SBuilder allows remote attackers to execute arbitrary SQL commands via the nid parameter.
by JosS
TutorialCMS 1.02 - SQL Injection via activate.php userName Parameter
SQL injection vulnerability in activate.php in TutorialCMS (aka Photoshop Tutorials) 1.02, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the userName parameter.
by ka0x
TaskFreak! < 0.6.1 - Authenticated SQL Injection via sContext Parameter
SQL injection vulnerability in index.php in TaskFreak! 0.6.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sContext parameter.
by TheDefaced
moodle < 1.8.3 - Cross-Site Scripting via install.php dbname Parameter
Cross-site scripting (XSS) vulnerability in install.php for Moodle 1.8.3, and possibly other versions before 1.8.4, allows remote attackers to inject arbitrary web script or HTML via the dbname parameter. NOTE: this issue only exists until the installation is complete.
by Hanno Bock
Agares PhpAutoVideo 2.21 - SQL Injection via articlecat Parameter
SQL injection vulnerability in includes/articleblock.php in Agares PhpAutoVideo 2.21 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter.
by ka0x
Matteo Binda ASP Photo Gallery 1.0 - SQL Injection via id or ricerca Parameter
Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo Gallery 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) Imgbig.asp, (b) thumb.asp, and (c) thumbricerca.asp and the (2) ricerca parameter to (d) thumbricerca.asp.
by trew
VisionBurst vcart 3.3.2 - Remote Code Execution via abs_path Parameter
PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php and (2) checkout.php.
by k1n9k0ng
Member Area System < 1.7 - Remote Code Execution via view_func.php i Parameter
PHP remote file inclusion vulnerability in view_func.php in Member Area System (MAS) 1.7 and possibly others allows remote attackers to execute arbitrary PHP code via a URL in the i parameter. NOTE: a second vector might exist via the l parameter. NOTE: as of 20080118, the vendor has disputed the set of affected versions, stating that the issue "is already fixed, for almost a year."
by ShipNX
ImageAlbum 2.0.0b2 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in ImageAlbum 2.0.0b2 allow remote attackers to execute arbitrary SQL commands via the id, which is not properly handled in (1) classes/IADomain.php, (2) classes/IACollection.php, and (3) classes/IAUser.php, as demonstrated via the id parameter in a collection.imageview action.
by Raw Security
DomPHP 0.81 - SQL Injection via Agenda Cat Parameter
Multiple SQL injection vulnerabilities in DomPHP 0.81 allow remote attackers to execute arbitrary SQL commands via the cat parameter to agenda/index.php, and unspecified other vectors.
by MhZ91
AJchat 0.10 - SQL Injection via Numeric Parameter Hash Bypass
directory.php in AJchat 0.10 allows remote attackers to bypass input validation and conduct SQL injection attacks via a numeric parameter with a value matching the s parameter's hash value, which prevents the associated $_GET["s"] variable from being unset. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in AJChat.
by Eugene Minaev
GStreamer 0.10.15 - Multiple Remote Denial of Service Vulnerabilities
by Sam Hocevar
Apple Quicktime < 7.4.1 - Remote Code Execution via RTSP Reason-Phrase Buffer Overflow
Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message.
by Luigi Auriemma
MTCMS 2.0 - SQL Injection via a or cid Parameter
SQL injection vulnerability in index.php in MTCMS 2.0 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the (1) a or (2) cid parameter.
by Virangar Security
ID-Commerce < 2.0 - SQL Injection via idFamille Parameter
SQL injection vulnerability in liste.php in ID-Commerce 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idFamille parameter.
by consultant.securite
domphp < 0.81 - Remote Code Execution via Page Parameter
PHP remote file inclusion vulnerability in /aides/index.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
by Houssamix
Tuned Studios Classic Theme and others - Path Traversal via Page Parameter
Multiple directory traversal vulnerabilities in index.php in Tuned Studios (1) Subwoofer, (2) Freeze Theme, (3) Orange Cutout, (4) Lonely Maple, (5) Endless, (6) Classic Theme, and (7) Music Theme webpage templates allow remote attackers to include and execute arbitrary files via ".." sequences in the page parameter. NOTE: this can be leveraged for remote file inclusion when running in some PHP 5 environments.
by DSecRG
PHP Webquest 2.6 - Unauthenticated Database Credential Exposure via Direct Request to admin/backup_phpwebquest.php
PHP Webquest 2.6 allows remote attackers to retrieve database credentials via a direct request to admin/backup_phpwebquest.php, which leaks the credentials in an error message if a call to /usr/bin/mysqldump fails. NOTE: this might only be an issue in limited environments.
by MhZ91
osDate 2.0.8 - Remote Code Execution via php121dir Parameter
PHP remote file inclusion vulnerability in php121db.php in osDate 2.0.8 and possibly earlier versions allows remote attackers to execute arbitrary PHP code via a URL in the php121dir parameter.
by Cold Zero
OMEGA INterneSErvicesLosungen 7 - Improper Authentication via Cookie Modification
OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 supports authentication with a cookie that lacks a shared secret, which allows remote attackers to login as an arbitrary user via a modified cookie.
by MC.Iglo
Joomla! Component SMF Forum 1.1.4 - Multiple Cross-Site Scripting Vulnerabilities
by Doz
SAP MaxDB < 7.6.3_build_007 - Remote Command Execution via Shell Metacharacters in exec_sdbinfo
SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe.
by Luigi Auriemma
xine-lib < 1.1.9 - Remote Code Execution via RTSP SDP Abstract Attribute
Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session, related to the rmff_dump_header function and related to disregarding the max field. NOTE: some of these details are obtained from third party information.
by Luigi Auriemma
Sun Java System Identity Manager 6.0 SP1-SP3, 7.0, 7.1 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the (1) cntry or lang parameters to /idm/login.jsp, (2) resultsForm parameter to /idm/account/findForSelect.jsp, or (3) activeControl parameter to /idm/user/main.jsp.
by Jan Fry & Adrian Pastor
Sun Java System Identity Manager 6.0 SP1-SP3, 7.0, 7.1 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the (1) cntry or lang parameters to /idm/login.jsp, (2) resultsForm parameter to /idm/account/findForSelect.jsp, or (3) activeControl parameter to /idm/user/main.jsp.
by Jan Fry & Adrian Pastor
By Source