Text Exploits
31,394 exploits tracked across all sources.
Softbiz Auctions Script - SQL Injection
SQL injection vulnerability in product_desc.php in Softbiz Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Khashayar Fereidani
Softbiz Ad Management plus Script 1 - SQL Injection
SQL injection vulnerability in ads.php in Softbiz Ad Management plus Script 1 allows remote authenticated users to execute arbitrary SQL commands via the package parameter.
by Khashayar Fereidani
Dan Costin File Transfer <1.2f - Path Traversal
Directory traversal vulnerability in Dan Costin File Transfer before 1.2f allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) in the filename.
by teeed
RoundCube webmail <2007-12-09 - XSS
Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands.
by Tomas Kuliavas
Francisco Burzi PHP-Nuke 8.0 - Path Traversal via autohtml.php filename Parameter
Directory traversal vulnerability in autohtml.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the filename parameter, a different vector than CVE-2006-4190. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by d3v1l
Falcon Series One 1.4.3 stable - Multiple Input Validation Vulnerabilities
by MhZ91
bitweaver < 2.0.0 - Cross-Site Scripting via PATH_INFO to users/register.php or search/index.php
Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) users/register.php or (2) search/index.php, or an editcomments action in (3) wiki/index.php or (4) forums/index.php. NOTE: the error parameter to users/login.php is covered by CVE-2006-3103.
by Doz
bitweaver < 2.0.0 - Cross-Site Scripting via PATH_INFO to users/register.php or search/index.php
Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) users/register.php or (2) search/index.php, or an editcomments action in (3) wiki/index.php or (4) forums/index.php. NOTE: the error parameter to users/login.php is covered by CVE-2006-3103.
by Doz
bitweaver <= 2.0.0 - SQL Injection via sort_mode or highlight Parameter
Multiple SQL injection vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to wiki/list_pages.php and the (2) highlight parameter to search/index.php. NOTE: the researcher also reported injection via JavaScript code in the Search box, but this is probably a forced SQL error or other separate primary issue.
by Doz
Thomson SpeedTouch 716 - Firmware 5.4.0.14 - XSS
Cross-site scripting (XSS) vulnerability in cgi/b/ic/connect in the Thomson SpeedTouch 716 with firmware 5.4.0.14 allows remote attackers to inject arbitrary web script or HTML via the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Remco Verhoef
F5 FirePass 4100 SSL VPN <6.0.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3.
by Adrian Pastor
XOOPS mylinks_module - SQL Injection via brokenlink.php lid Parameter
SQL injection vulnerability in brokenlink.php in the mylinks module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter.
JPortal Web Portal < 2.3.1 - SQL Injection via Topic Parameter
SQL injection vulnerability in articles.php in JPortal 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter.
by Alexsize
MySQL 5.0.45 - 'Alter' Denial of Service
by Kristian Hermansen
Rapid Classified - 'AgencyCatResult.asp' SQL Injection
by The-0utl4w
CA eTrust SiteMinder Agent - Cross-Site Scripting via SMAUTHREASON Parameter
Cross-site scripting (XSS) vulnerability in forms/smpwservices.fcc in CA (formerly Computer Associates) eTrust SiteMinder Agent allows remote attackers to inject arbitrary web script or HTML via the SMAUTHREASON parameter, a different vector than CVE-2005-2204.
by Giuseppe Gottardi
jPORTAL 2 - SQL Injection via Mailer to Parameter
SQL injection vulnerability in mailer.php in jPORTAL 2 allows remote attackers to execute arbitrary SQL commands via the to parameter.
by Kacper
JPortal 2 - SQL Injection via Mailer to Parameter
SQL injection vulnerability in mailer.php in JPortal 2 allows remote attackers to execute arbitrary SQL commands via the to parameter.
by Kacper
JLMForo System - Cross-Site Scripting via buscador.php clave Parameter
Cross-site scripting (XSS) vulnerability in buscador.php in JLMForo System allows remote attackers to inject arbitrary web script or HTML via the clave parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Jose Luis Gongora Fernandez
CVSS 6.1
Galmeta Post 0.11 - Remote Code Execution via DDS Parameter
PHP remote file inclusion vulnerability in _lib/fckeditor/upload_config.php in Galmeta Post 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the DDS parameter.
by arfis project
easyGB 2.1.1 - Directory Traversal via DatabaseType Parameter
Directory traversal vulnerability in index.php in easyGB 2.1.1 allows remote attackers to include arbitrary files via the DatabaseType parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by h4ck3r
E-Vendejo 0.2 - SQL Injection via articles.php id Parameter
SQL injection vulnerability in articles.php in E-Vendejo 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by r00t
OpenBase <10.0.5 - Command Injection
OpenBase 10.0.5 and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to the (1) AsciiBackup, (2) OEMLicenseInstall, and possibly other stored procedures.
by Kevin Finisterre
MySQL < 5.1.23_bk - Authenticated Denial of Service via CONTAINS Operation on Indexed Column
The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.
by Joe Gallo
i-Gallery 3.4 - Path Traversal via Encoded Backslash Sequences in d Parameter
Directory traversal vulnerability in igallery.asp in Blue-Collar Productions i-Gallery 3.4 allows remote attackers to read arbitrary files via encoded backslash sequences in the d parameter, as demonstrated by a "%5c../../%5c" sequence.
by hackerbinhphuoc
By Source