Text Exploits
31,394 exploits tracked across all sources.
Perdition Mail Retrieval Proxy < 1.17 - Remote Code Execution via IMAP Tag Format String Injection
The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism.
by Bernhard Mueller
phpFaber URLInn 2.0.5 - Remote Code Execution via dir_ws Parameter
PHP remote file inclusion vulnerability in urlinn_includes/config.php in phpFaber URLInn 2.0.5 allows remote attackers to execute arbitrary PHP code via a URL in the dir_ws parameter.
by BiNgZa
miniBB 2.1 - SQL Injection via Table Parameter
SQL injection vulnerability in bb_func_search.php in miniBB 2.1 allows remote attackers to execute arbitrary SQL commands via the table parameter to index.php.
by irk4z
WordPress 2.3 - Cross-Site Scripting via posts_columns Array Parameter
Cross-site scripting (XSS) vulnerability in wp-admin/edit-post-rows.php in WordPress 2.3 allows remote attackers to inject arbitrary web script or HTML via the posts_columns array parameter.
by waraxe
Smart-Shop - Cross-Site Scripting via Email or Command Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Smart-Shop allow remote attackers to inject arbitrary web script or HTML via (1) the email parameter to index.php; or the command parameter to index.php in (2) the default action for the home page, (3) a currencies action, or (4) a basket action.
by Doz
SAXON 5.4 - Cross-Site Scripting via config[news_url] Parameter
Cross-site scripting (XSS) vulnerability in admin/menu.php in SAXON 5.4 allows remote attackers to inject arbitrary web script or HTML via the config[news_url] parameter.
by netVigilance
SAXON 5.4 - SQL Injection via Template Parameter
SQL injection vulnerability in example.php in SAXON 5.4 allows remote attackers to execute arbitrary SQL commands via the template parameter.
by netVigilance
ProfileCMS 1.0 - Unauthenticated Arbitrary PHP File Upload
Unrestricted file upload vulnerability in the profiles script in ProfileCMS 1.0 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving creation of a profile.
Omnistar Live - Cross-Site Scripting via category_id Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Omnistar Live allow remote attackers to inject arbitrary web script or HTML via (1) the category_id parameter to users/kb.php, and possibly (3) the Email Box field in profile.php.
by Doz
MySpace Resource Script 1.21 - Remote Code Execution via rootBase Parameter
PHP remote file inclusion vulnerability in _theme/breadcrumb.php in MySpacePros MySpace Resource Script (MSRS) 1.21 allows remote attackers to execute arbitrary PHP code via a URL in the rootBase parameter.
Blue Coat ProxySG <4.2.6.1, <5.2.2.5 - XSS
Cross-site scripting (XSS) vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists.
by Adrian Pastor
teatro < 1.6 - Remote Code Execution via basePath Parameter
PHP remote file inclusion vulnerability in pub/pub08_comments.php in teatro 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter.
by Alkomandoz Hacker
Sige 0.1 - Remote Code Execution via SYS_PATH Parameter
PHP remote file inclusion vulnerability in inc/sige_init.php in Sige 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the SYS_PATH parameter.
by GoLd_M
JobSite Professional 2.0 - SQL Injection via id Parameter
SQL injection vulnerability in file.php in JobSite Professional 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by ZynbER
FireConfig 0.5 - Unauthenticated Path Traversal via dl.php file Parameter
Directory traversal vulnerability in dl.php in FireConfig 0.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
by GoLd_M
CaupoShop Pro < 2.1 - Remote Code Execution via Index.php Action Parameter
PHP remote file inclusion vulnerability in index.php in CaupoShop Pro 2.x allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.
by mozi
emagic_cms.net 4.0 - SQL Injection via pageId Parameter
SQL injection vulnerability in emc.asp in emagiC CMS.Net 4.0 allows remote attackers to execute arbitrary SQL commands via the pageId parameter.
by hak3r-b0y
GoSamba 1.0.1 - Remote Code Execution via PHP File Inclusion in include_path Parameter
Multiple PHP remote file inclusion vulnerabilities in GoSamba 1.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) HTML_oben.php, (2) inc_freigabe.php, (3) inc_freigabe1.php, or (4) inc_freigabe3.php in include/; (5) inc_group.php; (6) inc_manager.php; (7) inc_newgroup.php; (8) inc_smb_conf.php; (9) inc_user.php; or (10) main.php.
by GoLd_M
Oracle Database Server - SQL Injection via Workspace Manager FINDRICSET Procedure
SQL injection vulnerability in Workspace Manager for Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 allows attackers to execute arbitrary SQL commands via the FINDRICSET procedure in the LT package. NOTE: this is probably covered by CVE-2007-5510, but there are insufficient details to be certain.
by sh2kerr
TikiWiki < 1.9.8.1 - Remote File Inclusion and Execution via Path Traversal
Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in (1) error_handler_file and (2) local_php parameters to (a) tiki-index.php, or (3) encoded "..%2F" sequences in the imp_language parameter to tiki-imexport_languages.php.
by L4teral
Multi-Forums Module 1.3.3 for Invision Power Board and phpBB - SQL Injection via go or cat Parameter
Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums (aka Multi Host Forum Pro) module 1.3.3, for phpBB and Invision Power Board (IPB or IP.Board), allow remote attackers to execute arbitrary SQL commands via the (1) go and (2) cat parameters.
by KiNgOfThEwOrLd
shttp < 0.0.4 - Path Traversal via Safe Path Function
The safe_path function in shttp before 0.0.5 allows remote attackers to conduct directory traversal attacks and read files via a combination of ".." and sub-directory specifiers that resolve to a pathname that is at or below the same level as the web document root, but in a different part of the directory tree.
by Pete Foster
Aleris Web Publishing Server 3.0 - SQL Injection
SQL injection vulnerability in calendar/page.asp in Aleris Web Publishing Server 3.0 allows remote attackers to execute arbitrary SQL commands via the mode parameter.
by joseph.giron13
PHPbasic basicFramework 1.0 - 'Includes.php' Remote File Inclusion
by Alucar
CodeWidgets Web Based Alpha Tabbed Address Book - 'index.asp' SQL Injection
by Aria-Security Team
By Source