Text Exploits
31,394 exploits tracked across all sources.
SiteScape Forum - Remote Code Execution via TCL Code Separator in Query String
support/dispatch.cgi in SiteScape Forum allows remote attackers to execute arbitrary TCL code via code separator characters in the query string.
by niekt0
Apache HTTP Server - Info Disclosure
Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
by Maciej Piotr Falkiewicz
HP Software Update <4.000.005.007 - RCE
The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method.
by porkythepig
xeCMS 1.0 - Path Traversal via List Parameter
Directory traversal vulnerability in view.php in xeCMS 1.0 allows remote attackers to read arbitrary files via a ..%2F (dot dot slash) in the list parameter.
by p4imi0
Net_DNS < 0.03 - Remote File Inclusion via phpdns_basedir Parameter
PHP remote file inclusion vulnerability in DNS/RR.php in Net_DNS 0.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpdns_basedir parameter.
by RoMaNcYxHaCkEr
GF-3XPLORER 2.4 - Remote File Inclusion via Lang_sel Parameter
Multiple directory traversal vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_sel parameter to (1) updater.php and (2) thumber.php.
by MhZ91
GF-3XPLORER 2.4 - Cross-Site Scripting via newdir Parameter
Multiple cross-site scripting (XSS) vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to inject arbitrary web script or HTML via the newdir parameter to index_3x.php, and unspecified other vectors.
by MhZ91
imesh < 7.1.0.37263 - Remote Code Execution via SetHandler Method
The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to execute arbitrary code via a certain argument to the SetHandler method.
by rgod
phpMyRealty 1.0.9 - SQL Injection via Search Type Parameter
Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 allow (1) remote attackers to execute arbitrary SQL commands via the type parameter to search.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the listing_updated_days parameter to admin/findlistings.php. NOTE: some of these details are obtained from third party information.
by Koller
MySpace Content Zone <3.x - Unrestricted File Upload
admin/uploadgames.php in MySpace Content Zone (MCZ) 3.x does not require administrative privileges, which allows remote attackers to perform unrestricted file uploads, as demonstrated by uploading (1) a .php file and (2) a .php%00.jpeg file.
by Don
Mambo 4.6.2 - Cross-Site Scripting via Itemid or Option Parameter
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Mambo 4.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Itemid parameter in a com_frontpage option and the (2) option parameter.
by Beenu Arora
GF-3XPLORER 2.4 - Exposure of Sensitive Information via phpinfo.php
GF-3XPLORER 2.4 allows remote attackers to obtain configuration information via a direct request to explorer/phpinfo.php, which calls the phpinfo function.
by MhZ91
Dokeos 1.8.4 - Authenticated Arbitrary File Upload via Double Extension Bypass
Unrestricted file upload vulnerability in the "My productions" component for main/auth/profile.php (aka the "My profile" page) in Dokeos 1.8.4 allows remote authenticated users to upload and execute arbitrary PHP files via a filename with a double extension, which can then be accessed through a URI under main/upload/users/.
by RoMaNcYxHaCkEr
Adobe Flash Player <9.0.48.0,8.0.35.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer.
by Rich Cannings
Adobe Flash Player <9.0.48.0,8.0.35.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer.
by Adam Barth
GoAhead Web Server - Info Disclosure
goform/QuickStart_c0 on the GoAhead Web Server on the FS4104-AW (aka rooter) VDSL device contains a password in the typepassword field, which allows remote attackers to obtain this password by reading the HTML source, a different vulnerability than CVE-2002-1603.
by NeoCoderz
PHP Security Framework - Multiple Input Validation Vulnerabilities
by DarkFig
Neuron News 1.0 - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities
by hadihadi & black.shadowes
Appian Enterprise BPM <5.6 SP1 - DoS
Unspecified vulnerability in Appian Enterprise Business Process Management (BPM) Suite 5.6 SP1 allows remote attackers to cause a denial of service via a crafted packet to port 5400/tcp.
by Chris Castaldo
PeerCast < 0.1217 - Heap-Based Buffer Overflow via Long SOURCE Request
Heap-based buffer overflow in the handshakeHTTP function in servhs.cpp in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request.
by Luigi Auriemma
WordPress Core 2.3.1 - Unauthorized Post Access
by Michael Brooks
phpRPG 0.8 - Session Hijacking via Insecure Session File Storage
phpRPG 0.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read session ID values in files under tmp/, and then hijack sessions via PHPSESSID cookies.
by Michael Brooks
phpay 2.02.01 - Path Traversal via Config Parameter
Incomplete blacklist vulnerability in main.php in phPay 2.02.01 on Windows allows remote attackers to conduct directory traversal attacks and include and execute arbitrary local files via a ..\ (dot dot backslash) in the config parameter.
by Michael Brooks
PHP Real Estate Classifieds - SQL Injection
SQL injection vulnerability in fullnews.php in PHP Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the id parameter.
by t0pP8uZz
By Source