Text Exploits
31,394 exploits tracked across all sources.
Live for Speed < 0.5x10 - Authenticated Stack-Based Buffer Overflow via Long Skin Name
Stack-based buffer overflow in Live for Speed 0.5X10 and earlier allows remote authenticated users to cause a denial of service (client crash) and possibly execute arbitrary code via a long skin name.
by Luigi Auriemma
Softbiz Recipes Portal Script - SQL Injection via sbcat_id Parameter
SQL injection vulnerability in searchresult.php in Softbiz Recipes Portal Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter.
by Khashayar Fereidani
KwsPHP mg2 1.0 - SQL Injection via Album Parameter
SQL injection vulnerability in index.php in the mg2 1.0 module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the album parameter.
by Mehmet Ince
WWWISIS 7.1 - Path Traversal via IsisScript Parameter
Directory traversal vulnerability in wxis.exe in WWWISIS 7.1 allows local users to read arbitrary files via a .. (dot dot) in the IsisScript parameter to iah.
by JosS
com_colorlab 1.0 - Remote Code Execution via mosConfig_live_site Parameter
PHP remote file inclusion vulnerability in admin.color.php in the com_colorlab (aka com_color) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
by Mehmet Ince
WebDesktop 0.1 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in WebDesktop 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) app parameter to apps/apps.php and the (2) wsk parameter to wsk/wsk.php.
by S.W.A.T.
umi-cms - Cross-Site Scripting via Search String Parameter
Cross-site scripting (XSS) vulnerability in UMI CMS allows remote attackers to inject arbitrary web script or HTML via the search_string parameter to the default URI in search_do/.
by anonymous
Stride CMS 1.0 - SQL Injection via p Parameter or id Parameter or course Parameter or provider Parameter
Multiple SQL injection vulnerabilities in Stride 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the p parameter to main.php in the Content Management System, (2) the id parameter in a sto cmd action to shop.php in the Merchant subsystem, or the (3) course or (4) provider parameter to detail.php in the Courses subsystem.
by durito
Stride CMS 1.0 - SQL Injection via p Parameter or id Parameter or course Parameter or provider Parameter
Multiple SQL injection vulnerabilities in Stride 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the p parameter to main.php in the Content Management System, (2) the id parameter in a sto cmd action to shop.php in the Merchant subsystem, or the (3) course or (4) provider parameter to detail.php in the Courses subsystem.
by durito
Stride CMS 1.0 - SQL Injection via p Parameter or id Parameter or course Parameter or provider Parameter
Multiple SQL injection vulnerabilities in Stride 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the p parameter to main.php in the Content Management System, (2) the id parameter in a sto cmd action to shop.php in the Merchant subsystem, or the (3) course or (4) provider parameter to detail.php in the Courses subsystem.
by durito
Pindorama 0.1 - Remote Code Execution via XMLRPC Client Component Parameter
PHP remote file inclusion vulnerability in active/components/xmlrpc/client.php in Pindorama 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the c[components] parameter.
by S.W.A.T.
picoflat_cms < 0.4.14 - Remote Code Execution via Pagina Parameter
PHP remote file inclusion vulnerability in index.php in PicoFlat CMS 0.4.14 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pagina parameter.
by 0in
Nucleus CMS 3.01 - Cross-Site Scripting via Archive Parameter
Cross-site scripting (XSS) vulnerability in index.php in Nucleus 3.01 allows remote attackers to inject arbitrary web script or HTML via the archive parameter.
by MustLive
Linkliste 1.2 - Remote File Inclusion via styl[top], url_eintrag, or styl[themen] Parameter
Multiple PHP remote file inclusion vulnerabilities in index.php in Linkliste 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) styl[top], (2) url_eintrag, or (3) styl[themen] parameter.
by iNs
Joomla com_search < 1.0.13 - Cross-Site Scripting via searchword Parameter
Cross-site scripting (XSS) vulnerability in the com_search component in Joomla! 1.0.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchword parameter. NOTE: this might be related to CVE-2007-4189.1.
by MustLive
Joomla Flash Uploader 2.5.1 - Remote Code Execution via mosConfig_absolute_path Parameter
Multiple PHP remote file inclusion vulnerabilities in Michael Dempfle Joomla Flash Uploader (com_jfu or com_joomla_flash_uploader) 2.5.1 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) install.joomla_flash_uploader.php and (2) uninstall.joomla_flash_uploader.php.
by mdx
CRS Manager - Remote File Inclusion via DOCUMENT_ROOT Parameter
Multiple PHP remote file inclusion vulnerabilities in CRS Manager allow remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter to (1) index.php or (2) login.php. NOTE: this issue is disputed by CVE, since DOCUMENT_ROOT cannot be modified by an attacker
by iNs
boastMachine 2.8 - Path Traversal via id Parameter
Directory traversal vulnerability in index.php in boastMachine (aka bMachine) 2.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
by iNs
ActiveKB NX 2.5.4 - Cross-Site Scripting via Page Parameter
Multiple cross-site scripting (XSS) vulnerabilities in ActiveKB NX 2.5.4 allow remote attackers to inject arbitrary web script or HTML via the page parameter to the default URI for some directories, as demonstrated by (1) ActiveKB/ and (2) default/categories/ActiveKB/.
by durito
Google Urchin < 5.7.03 - Authentication Bypass via Modified Query Parameters
report.cgi in Google Urchin allows remote attackers to bypass authentication and obtain sensitive information (web server logs) via certain modified query parameters, as demonstrated using the profile, rid, prefs, n, vid, bd, ed, dt, and gtype parameters, a different vulnerability than CVE-2007-5112.
by MustLive
TikiWiki 1.9.8 - Remote Code Execution via tiki-graph_formula.php f Parameter
tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by create_function.
by ShAnKaR
NuSEO PHP Enterprise 1.6 - Remote Code Execution via nuseo_dir Parameter
PHP remote file inclusion vulnerability in admin/nuseo_admin_d.php in NuSEO PHP Enterprise 1.6 (NuSEO.PHP), when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the nuseo_dir parameter.
by BiNgZa
Joomla Flash RSS Reader Component - Remote Code Execution via mosConfig_live_site Parameter
PHP remote file inclusion vulnerability in admin.wmtrssreader.php in the webmaster-tips.net Flash RSS Reader (com_wmtrssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
by Cyber-Crime
Quoc-Huy MP3 Allopass 1.0 - Remote Code Execution via mosConfig_live_site Parameter
Multiple PHP remote file inclusion vulnerabilities in the Quoc-Huy MP3 Allopass (com_mp3_allopass) 1.0 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter to (1) allopass.php and (2) allopass-error.php.
by NoGe
JContentSubscription 1.5.8 - Remote Code Execution via mosConfig_absolute_path Parameter
Multiple PHP remote file inclusion vulnerabilities in the JContentSubscription (com_jcs) 1.5.8 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) jcs.function.php; (2) add.php, (3) history.php, and (4) register.php, in view/; and (5) list.sub.html.php, (6) list.user.sub.html.php, and (7) reports.html.php in views/.
by NoGe
By Source