Text Exploits
31,394 exploits tracked across all sources.
YNP Portal System 2.2.0 - Path Traversal
Directory traversal vulnerability in showpage.cgi in YNP Portal System 2.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter.
by GoLd_M
Cartweaver ColdFusion < 2.16.11 - SQL Injection via Category, Keywords, or ProdID Parameter
Multiple SQL injection vulnerabilities in Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) keywords parameters in (a) Results.cfm, and the (3) ProdID parameter in (b) Details.cfm.
by meoconx
auracms modul_forum_sederhana - SQL Injection via komentar.php id Parameter
SQL injection vulnerability in komentar.php in the Forum Module for auraCMS (Modul Forum Sederhana) allows remote attackers to execute arbitrary SQL commands via the id parameter to the default URI. NOTE: some of these details are obtained from third party information.
by k1tk4t
J! Reactions < 1.8.1 - Remote Code Execution via comPath Parameter
PHP remote file inclusion vulnerability in langset.php in J! Reactions (com_jreactions) 1.8.1 and earlier, a Joomla! component, allows remote attackers to execute arbitrary PHP code via a URL in the comPath parameter.
by Yollubunlar.Org
LANAI CMS 1.2.14 - SQL Injection via FAQ, EZSHOPINGCART, or GALLERY Module Parameters
Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid parameter in an faqviewgroup action in the FAQ Modules, (2) the cid parameter in the EZSHOPINGCART Modules, or (3) the gid parameter in a view action in the GALLERY Modules.
by k1tk4t
LANAI CMS 1.2.14 - SQL Injection via FAQ, EZSHOPINGCART, or GALLERY Module Parameters
Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid parameter in an faqviewgroup action in the FAQ Modules, (2) the cid parameter in the EZSHOPINGCART Modules, or (3) the gid parameter in a view action in the GALLERY Modules.
by k1tk4t
LANAI CMS 1.2.14 - SQL Injection via FAQ, EZSHOPINGCART, or GALLERY Module Parameters
Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid parameter in an faqviewgroup action in the FAQ Modules, (2) the cid parameter in the EZSHOPINGCART Modules, or (3) the gid parameter in a view action in the GALLERY Modules.
by k1tk4t
Next Gen Portfolio Manager - SQL Injection
SQL injection vulnerability in default.asp in Next Gen Portfolio Manager allows remote attackers to execute arbitrary SQL commands via the (1) Users_Email or (2) Users_Password parameter in an ExecuteTheLogin action.
by Aria-Security Team
Tour de France Pool 1.0.1 - Remote File Inclusion via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in admin.tour_toto.php in the Tour de France Pool (com_tour_toto) 1.0.1 module for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
by Yollubunlar.Org
Hunkaray Okul Portali 1.1 - SQL Injection
SQL injection vulnerability in duyuruoku.asp in Hunkaray Okul Portali 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-3080.
by Yollubunlar.Org
WebDirector < 2.2 - Cross-Site Scripting via deslocal Parameter
Cross-site scripting (XSS) vulnerability in index.php in WebDirector 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the deslocal parameter.
by r0t
Firestorm Technologies GMaps <1.00 - SQL Injection
SQL injection vulnerability in index.php in the Firestorm Technologies GMaps (com_gmaps) 1.00 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mapId parameter in a viewmap action.
by Mehmet Ince
Mozilla Firefox 2.0.0.5, Thunderbird <1.5.0.13, SeaMonkey 1.1.3 - XSS via Addon Chrome Privilege Escalation
Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression.
by moz_bug_r_a4
WebEvent <4.03 - XSS
Cross-site scripting (XSS) vulnerability in webevent.cgi in WebEvent 2.61 through 4.03 allows remote attackers to inject arbitrary web script or HTML via the cmd parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by d3hydr8
woliocms - SQL Injection via Member ID or Admin Login Parameters
Multiple SQL injection vulnerabilities in wolioCMS allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to member.php in a page action, related to a SELECT statement in common.php; and the (2) loginid parameter (uid variable), and possibly the (3) pwd parameter, to admin/index.php.
by k1tk4t
IT!CMS 0.2 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in IT!CMS (itcms) 0.2 allow remote attackers to inject arbitrary web script or HTML via the wndtitle parameter to (1) lang-en.php, (2) menu-ed.php, or (3) titletext-ed.php.
by Aria-Security Team
IT!CMS 0.2 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in IT!CMS (itcms) 0.2 allow remote attackers to inject arbitrary web script or HTML via the wndtitle parameter to (1) lang-en.php, (2) menu-ed.php, or (3) titletext-ed.php.
by Aria-Security Team
IT!CMS 0.2 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in IT!CMS (itcms) 0.2 allow remote attackers to inject arbitrary web script or HTML via the wndtitle parameter to (1) lang-en.php, (2) menu-ed.php, or (3) titletext-ed.php.
by Aria-Security Team
Madoa Poll 1.1 - Remote File Inclusion via Madoa Parameter
Multiple PHP remote file inclusion vulnerabilities in Madoa Poll 1.1 allow remote attackers to execute arbitrary PHP code via the Madoa parameter to (1) index.php, (2) vote.php, and (3) admin.php.
by ilker Kandemir
Madoa Poll 1.1 - Remote File Inclusion via Madoa Parameter
Multiple PHP remote file inclusion vulnerabilities in Madoa Poll 1.1 allow remote attackers to execute arbitrary PHP code via the Madoa parameter to (1) index.php, (2) vote.php, and (3) admin.php.
by ilker Kandemir
Madoa Poll 1.1 - Remote File Inclusion via Madoa Parameter
Multiple PHP remote file inclusion vulnerabilities in Madoa Poll 1.1 allow remote attackers to execute arbitrary PHP code via the Madoa parameter to (1) index.php, (2) vote.php, and (3) admin.php.
by ilker Kandemir
Novell Groupwise 6.5 Webaccess - 'User.Id' Cross-Site Scripting
by 0x000000
phpcoupon - Authenticated Privilege Escalation via Billing Parameter Manipulation
user.php in the Billing Control Panel in phpCoupon allows remote authenticated users to obtain Premium Member status, and possibly acquire free coupons, via a modified URL containing a certain billing parameter and REQ=auth, status=success, and custom=upgrade substrings, possibly related to PayPal transactions.
by freeprotect.net
PHP123 Top Sites - SQL Injection via Category Parameter
SQL injection vulnerability in category.php in PHP123 Top Sites allows remote attackers to execute arbitrary SQL commands via the cat parameter.
by t0pP8uZz
fail2ban 0.8 - Denial of Service via SSH Log File Parsing
fail2ban 0.8 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol version identification containing an IP address string, a different vector than CVE-2006-6302.
by Daniel B. Cid
By Source