Text Exploits
31,394 exploits tracked across all sources.
Tilde CMS 4.x and earlier - SQL Injection via aarstal Parameter
SQL injection vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to execute arbitrary SQL commands via the aarstal parameter in a yeardetail action, a different vector than CVE-2006-1500.
by KiNgOfThEwOrLd
Tilde CMS 4.x and earlier - Cross-Site Scripting via aarstal Parameter
Cross-site scripting (XSS) vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to inject arbitrary web script or HTML via the aarstal parameter in a yeardetail action.
by KiNgOfThEwOrLd
SimpleGallery 0.1.3 - Cross-Site Scripting via Album Parameter
Cross-site scripting (XSS) vulnerability in index.php in SimpleGallery 0.1.3 allows remote attackers to inject arbitrary web script or HTML via the album parameter.
by JosS
Satel Lite for PhpNuke - Directory Traversal via Name Parameter
Directory traversal vulnerability in Satellite.php in Satel Lite for PhpNuke allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the name parameter in a modload action.
by rUnViRuS
Proverbs Web Calendar <1.1 - SQL Injection
Multiple SQL injection vulnerabilities in caladmin.inc.php in Proverbs Web Calendar 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) loginname (aka Username) and (2) loginpass (aka Password) parameters to caladmin.php.
by JosS
PHPSlideShow 0.9.9.2 - Cross-Site Scripting via Directory Parameter
Cross-site scripting (XSS) vulnerability in phpslideshow.php in PHPSlideShow 0.9.9.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the directory parameter. NOTE: this issue was originally reported for toonchapter8.php, but this is probably a site-specific name, since the PHPSlideShow distribution does not contain that file.
by Jose Luis Gongora Fernandez
FMDeluxe 2.1.0 - Cross-Site Scripting via Index.php ID Parameter
Cross-site scripting (XSS) vulnerability in index.php in FMDeluxe 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a category action.
by JosS
Skype 3.6.216 - Voicemail URI Handler Remote Denial of Service
by Critical Security
GWExtranet 3.0 - 'Scp.dll' Multiple HTML Injection Vulnerabilities
by Doz
GOUAE DWD Realty - SQL Injection via Password Parameter
SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the pword (aka Password) parameter. NOTE: some of these details are obtained from third party information.
by Aria-Security Team
IAPR COMMENCE 1.3 - Remote Code Execution via PHP Remote File Inclusion
Multiple PHP remote file inclusion vulnerabilities in IAPR COMMENCE 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the (a) php_root_path and sometimes the (b) privilege_root_path parameter to various PHP scripts under (1) admin/includes/, (2) admin/phase/, (3) includes/, (4) includes/page_includes/, (5) reviewer/includes/, (6) reviewer/phase/, and (7) user/phase/.
by ShAy6oOoN
project_alumni <= 1.0.9 - Cross-Site Scripting via Year Parameter
Multiple cross-site scripting (XSS) vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the year parameter to (1) xml/index.php; or (2) the year parameter to view.page.inc.php, which is reachable through a view action to the top-level index.php.
by tomplixsee
WorkingOnWeb 2.0.1400 - SQL Injection
SQL injection vulnerability in events.php in WorkingOnWeb 2.0.1400 allows remote attackers to execute arbitrary SQL commands via the idevent parameter.
by ka0x
vBTube 1.1 Beta - Cross-Site Scripting via Search Parameter
Cross-site scripting (XSS) vulnerability in vBTube.php in vBTube 1.1 Beta allows remote attackers to inject arbitrary web script or HTML via the search parameter.
by Crackers_Child
Project Alumni <1.0.9 - SQL Injection
Multiple SQL injection vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the year parameter to (1) view.page.inc.php, which is reachable through a view action to index.php; or (2) the year parameter to news.page.inc.php, which is reachable through a news action to index.php.
by tomplixsee
PBLang 4.99.17.q - Remote File Rewriting / Command Execution
by KiNgOfThEwOrLd
CoolShot E-Lite POS 1.0 - Login SQL Injection
by Aria-Security Team
Amber Script 1.0 - Directory Traversal via id Parameter
Directory traversal vulnerability in scripts/include/show_content.php in Amber Script 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
by Crackers_Child
Mp3 ToolBox 1.0 beta 5 - Remote Code Execution via Skin File Parameter
PHP remote file inclusion vulnerability in index.php in Mp3 ToolBox 1.0 beta 5 allows remote attackers to execute arbitrary PHP code via a URL in the skin_file parameter.
by Crackers_Child
Irola My-Time 3.5 - SQL Injection via Login and Password Parameters
Multiple SQL injection vulnerabilities in login.asp in Irola My-Time (aka Timesheet) 3.5 allow remote attackers to execute arbitrary SQL commands via the (1) login (aka Username) and (2) password parameters. NOTE: some of these details are obtained from third party information.
by Aria-Security Team
Bandersnatch 0.4 - Cross-Site Scripting via func, date, or jid Parameter
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Bandersnatch 0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) func or (2) date parameter, or the jid parameter in a (3) log or (4) user action, a different vulnerability than CVE-2007-3910.
by Tim Brown
M2Scripts MySpace Scripts Poll Creator - XSS
Multiple cross-site scripting (XSS) vulnerabilities in index.php in M2Scripts MySpace Scripts Poll Creator allow remote attackers to inject arbitrary web script or HTML via the (1) title, (2) intro, and (3) question parameters, and (4) unspecified answer parameters, in a create_new action. NOTE: some of these details are obtained from third party information.
by Doz
DevMass Shopping Cart <= 1.0 - Remote File Inclusion via kfm_base_path Parameter
PHP remote file inclusion vulnerability in admin/kfm/initialise.php in DevMass Shopping Cart 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the kfm_base_path parameter.
by S.W.A.T.
Content Injector <1.52 - SQL Injection
SQL injection vulnerability in news.php in Content Injector 1.52 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php. NOTE: some of these details are obtained from third party information.
by S.W.A.T.
By Source