Text Exploits
31,394 exploits tracked across all sources.
MambAds < 1.5 - SQL Injection via caid Parameter
SQL injection vulnerability in index.php in the MambAds (com_mambads) 1.5 and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the caid parameter.
by Sniper456
North Country Public Radio Public Media Manager 1.3 - Remote Code Execution via NewsCMS indir Parameter
PHP remote file inclusion vulnerability in NewsCMS/news/newstopic_inc.php in North Country Public Radio Public Media Manager (PMM) 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the indir parameter.
by 0in
PHP Fidonet Tosser 1.3.0 - Remote Code Execution via SRC_PATH Parameter
PHP remote file inclusion vulnerability in phfito-post.php in Alex Kocharin PHP Fidonet Tosser (PhFiTo) 1.3.0 in phpFidoNode allows remote attackers to execute arbitrary PHP code via a URL in the SRC_PATH parameter to phfito-post.
by w0cker
lustig.cms BETA 2.5 - Remote Code Execution via Forum View Parameter
PHP remote file inclusion vulnerability in forum/forum.php in lustig.cms BETA 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the view parameter.
by GoLd_M
IntegraMOD Nederland 1.4.2 - Remote Code Execution via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in includes/archive/archive_topic.php in IntegraMOD Nederland 1.4.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
by Mehmet Ince
chupix_cms 0.2.3 - Remote Code Execution via Repertoire Parameter
PHP remote file inclusion vulnerability in admin/include/header.php in chupix 0.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the repertoire parameter.
by 0in
Solidweb Novus 1.0 - Cross-Site Scripting via buscar.asp p Parameter
Cross-site scripting (XSS) vulnerability in buscar.asp in Solidweb Novus 1.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Zutr4
SoftBiz Classifieds PLUS - SQL Injection via store_info.php id Parameter
SQL injection vulnerability in store_info.php in SoftBiz Classifieds PLUS allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Khashayar Fereidani
FrontAccounting 1.13 - Remote Code Execution via path_to_root Parameter
Multiple PHP remote file inclusion vulnerabilities in FrontAccounting (FA) 1.13, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter to (1) access/login.php and (2) includes/lang/language.php, different vectors than CVE-2007-4279.
by kezzap66345
Interspire ActiveKB NX 2.x - SQL Injection via catId Parameter
SQL injection vulnerability in index.php in Interspire ActiveKB NX 2.x allows remote attackers to execute arbitrary SQL commands via the catId parameter in a browse action. NOTE: it was separately reported that ActiveKB 1.5 is also affected.
by Luna-Tic/XTErner
Novus 1.0 - SQL Injection via nota_id Parameter
SQL injection vulnerability in notas.asp in Novus 1.0 allows remote attackers to execute arbitrary SQL commands via the nota_id parameter.
by ka0x
SimpNews 2.41.03 - Cross-Site Scripting via l_username and backurl Parameters
Multiple cross-site scripting (XSS) vulnerabilities in SimpNews 2.41.03 allow remote attackers to inject arbitrary web script or HTML via the (1) l_username parameter to admin/layout2b.php, and the (2) backurl parameter to comment.php.
by Jesper Jurcenoks
SimpNews 2.41.03 - Cross-Site Scripting via l_username and backurl Parameters
Multiple cross-site scripting (XSS) vulnerabilities in SimpNews 2.41.03 allow remote attackers to inject arbitrary web script or HTML via the (1) l_username parameter to admin/layout2b.php, and the (2) backurl parameter to comment.php.
by Jesper Jurcenoks
SimpGB 1.46.02 - Cross-Site Scripting via l_username or l_emoticonlist Parameter
Multiple cross-site scripting (XSS) vulnerabilities in SimpGB 1.46.02 allow remote attackers to inject arbitrary web script or HTML via (1) the l_username parameter to the default URI under admin/ or (2) the l_emoticonlist parameter to admin/emoticonlist.php.
by netVigilance
SimpGB 1.46.02 - Cross-Site Scripting via l_username or l_emoticonlist Parameter
Multiple cross-site scripting (XSS) vulnerabilities in SimpGB 1.46.02 allow remote attackers to inject arbitrary web script or HTML via (1) the l_username parameter to the default URI under admin/ or (2) the l_emoticonlist parameter to admin/emoticonlist.php.
by netVigilance
Dance Music Module for phpNuke - Path Traversal via ACCEPT_FILE Array Parameter
Directory traversal vulnerability in index.php in the Dance Music module for phpNuke, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in an ACCEPT_FILE array parameter to modules.php.
by waraxe
JSPWiki 2.4.103 and 2.5.139-beta - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in JSPWiki 2.4.103 and 2.5.139-beta allow remote attackers to inject arbitrary web script or HTML via the (1) group and (2) members parameters in (a) NewGroup.jsp; the (3) edittime parameter in (b) Edit.jsp; the (4) edittime, (5) author, and (6) link parameters in (c) Comment.jsp; the (7) loginname, (8) wikiname, (9) fullname, and (10) email parameters in (d) UserPreferences.jsp and (e) Login.jsp; the (11) r1 and (12) r2 parameters in (f) Diff.jsp; and the (13) changenote parameter in (g) PageInfo.jsp.
by Jason Kratzer
JSPWiki 2.4.103 and 2.5.139-beta - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in JSPWiki 2.4.103 and 2.5.139-beta allow remote attackers to inject arbitrary web script or HTML via the (1) group and (2) members parameters in (a) NewGroup.jsp; the (3) edittime parameter in (b) Edit.jsp; the (4) edittime, (5) author, and (6) link parameters in (c) Comment.jsp; the (7) loginname, (8) wikiname, (9) fullname, and (10) email parameters in (d) UserPreferences.jsp and (e) Login.jsp; the (11) r1 and (12) r2 parameters in (f) Diff.jsp; and the (13) changenote parameter in (g) PageInfo.jsp.
by Jason Kratzer
JSPWiki 2.4.103 and 2.5.139-beta - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in JSPWiki 2.4.103 and 2.5.139-beta allow remote attackers to inject arbitrary web script or HTML via the (1) group and (2) members parameters in (a) NewGroup.jsp; the (3) edittime parameter in (b) Edit.jsp; the (4) edittime, (5) author, and (6) link parameters in (c) Comment.jsp; the (7) loginname, (8) wikiname, (9) fullname, and (10) email parameters in (d) UserPreferences.jsp and (e) Login.jsp; the (11) r1 and (12) r2 parameters in (f) Diff.jsp; and the (13) changenote parameter in (g) PageInfo.jsp.
by Jason Kratzer
JSPWiki 2.4.103 and 2.5.139-beta - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in JSPWiki 2.4.103 and 2.5.139-beta allow remote attackers to inject arbitrary web script or HTML via the (1) group and (2) members parameters in (a) NewGroup.jsp; the (3) edittime parameter in (b) Edit.jsp; the (4) edittime, (5) author, and (6) link parameters in (c) Comment.jsp; the (7) loginname, (8) wikiname, (9) fullname, and (10) email parameters in (d) UserPreferences.jsp and (e) Login.jsp; the (11) r1 and (12) r2 parameters in (f) Diff.jsp; and the (13) changenote parameter in (g) PageInfo.jsp.
by Jason Kratzer
JSPWiki 2.4.103 and 2.5.139-beta - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in JSPWiki 2.4.103 and 2.5.139-beta allow remote attackers to inject arbitrary web script or HTML via the (1) group and (2) members parameters in (a) NewGroup.jsp; the (3) edittime parameter in (b) Edit.jsp; the (4) edittime, (5) author, and (6) link parameters in (c) Comment.jsp; the (7) loginname, (8) wikiname, (9) fullname, and (10) email parameters in (d) UserPreferences.jsp and (e) Login.jsp; the (11) r1 and (12) r2 parameters in (f) Diff.jsp; and the (13) changenote parameter in (g) PageInfo.jsp.
by Jason Kratzer
JSPWiki 2.4.103 and 2.5.139-beta - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in JSPWiki 2.4.103 and 2.5.139-beta allow remote attackers to inject arbitrary web script or HTML via the (1) group and (2) members parameters in (a) NewGroup.jsp; the (3) edittime parameter in (b) Edit.jsp; the (4) edittime, (5) author, and (6) link parameters in (c) Comment.jsp; the (7) loginname, (8) wikiname, (9) fullname, and (10) email parameters in (d) UserPreferences.jsp and (e) Login.jsp; the (11) r1 and (12) r2 parameters in (f) Diff.jsp; and the (13) changenote parameter in (g) PageInfo.jsp.
by Jason Kratzer
sk.log 0.5.3 - Remote Code Execution via SKIN_URL Parameter
PHP remote file inclusion vulnerability in php-inc/log.inc.php in sk.log 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SKIN_URL parameter.
by w0cker
DFD Cart < 1.1.4 - Remote Code Execution via set_depth Parameter
Multiple PHP remote file inclusion vulnerabilities in DFD Cart 1.1.4 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the set_depth parameter to (1) app.lib/product.control/core.php/product.control.config.php, or (2) customer.browse.list.php or (3) customer.browse.search.php in app.lib/product.control/core.php/customer.area/.
by BiNgZa
bcoos 1.0.10 Arcade Module - 'index.php' SQL Injection
by nights shadow
By Source