Text Exploits
31,394 exploits tracked across all sources.
Webbler CMS 3.1.3 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
by Adrian Pastor
cPanel 10.9.1 - Cross-Site Scripting via resname Parameter
Cross-site scripting (XSS) vulnerability in frontend/x/htaccess/changepro.html in cPanel 10.9.1 allows remote attackers to inject arbitrary web script or HTML via the resname parameter.
by Aria-Security Team
Parallels Confixx 2.0.12-3.3.1 - Remote Code Execution via thisdir Parameter
PHP remote file inclusion vulnerability in admin/business_inc/saveserver.php in SWSoft Confixx Pro 2.0.12 through 3.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the thisdir parameter.
by H4 / XPK
Article Directory - Remote File Inclusion via Page Parameter
PHP remote file inclusion vulnerability in index.php in Article Directory (Article Site Directory) allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
by mozi
PHMe 0.0.2 - 'Function_List.php' Local File Inclusion
by You_You
Alstrasoft Video Share Enterprise 4.x - Multiple Input Validation Vulnerabilities
by Lostmon
AlstraSoft SMS Text Messaging Enterprise - XSS
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft SMS Text Messaging Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) q parameter to (a) admin/membersearch.php, or (3) the userid parameter to (b) admin/edituser.php.
by Lostmon
AlstraSoft SMS Text Messaging Enterprise - XSS
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft SMS Text Messaging Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) q parameter to (a) admin/membersearch.php, or (3) the userid parameter to (b) admin/edituser.php.
by Lostmon
AlstraSoft Affiliate Network Pro - XSS
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to inject arbitrary web script or HTML via vectors in (a) merchants/index.php, including the (1) id or (2) msg parameter in a programedit action; the (3) pgmid parameter in an uploadProducts action; the (4) d, (5) m, or (6) y parameter in a daily action; the (7) err parameter in a ProgramReport action; the (8) i, (9) txtto, (10) txtfrom, or (11) programs parameter in a LinkReport action; or the (12) msg parameter in an add_money action; and one vector in (b) merchants/temp.php using (13) the rowid parameter. NOTE: vector 7 might overlap CVE-2005-3795.1.
by Lostmon
AlstraSoft Affiliate Network Pro - SQL Injection
Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to execute arbitrary SQL commands via (1) the pgmid parameter in an uploadProducts action to merchants/index.php and possibly (2) the rowid parameter to merchants/temp.php.
by Lostmon
AlstraSoft Affiliate Network Pro - XSS
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to inject arbitrary web script or HTML via vectors in (a) merchants/index.php, including the (1) id or (2) msg parameter in a programedit action; the (3) pgmid parameter in an uploadProducts action; the (4) d, (5) m, or (6) y parameter in a daily action; the (7) err parameter in a ProgramReport action; the (8) i, (9) txtto, (10) txtfrom, or (11) programs parameter in a LinkReport action; or the (12) msg parameter in an add_money action; and one vector in (b) merchants/temp.php using (13) the rowid parameter. NOTE: vector 7 might overlap CVE-2005-3795.1.
by Lostmon
ImageRacer 1.0 - SQL Injection via SearchWord Parameter
SQL injection vulnerability in SearchResults.asp in ImageRacer 1.0, when WordSearchCrit is enabled, allows remote attackers to execute arbitrary SQL commands via the SearchWord parameter.
by Aria-Security Team
Alisveris Sitesi Scripti - SQL Injection
Multiple SQL injection vulnerabilities in index.asp in Alisveris Sitesi Scripti allow remote attackers to execute arbitrary SQL commands via the (1) product_id or (2) cat_id parameter in a product mod action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by GeFORC3
Alisveris Sitesi Scripti - Cross-Site Scripting via Search q Parameter
Cross-site scripting (XSS) vulnerability in index.asp in Alisveris Sitesi Scripti allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search mod action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by GeFORC3
bwired - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in bwired allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by g00ns
bwired - SQL Injection via NewsID Parameter
SQL injection vulnerability in index.php in bwired allows remote attackers to execute arbitrary SQL commands via the newsID parameter.
by g00ns
Joomla! 1.5 Beta 2 - 'Search' Remote Code Execution
by Johannes Greil
bwired - Session Fixation via PHPSESSID Parameter
Session fixation vulnerability in bwired allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
by g00ns
WSN Links Basic Edition - SQL Injection via catid Parameter
SQL injection vulnerability in index.php in WSN Links Basic Edition allows remote attackers to execute arbitrary SQL commands via the catid parameter in a displaycat action.
by t0pP8uZz
RCMS Pro RGameScript Pro - Remote File Inclusion via Page.php ID Parameter
PHP remote file inclusion vulnerability in page.php in RCMS Pro RGameScript Pro allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.
by Warpboy
Fileinfo Plugin 2.0.9 - Denial of Service via Invalid RVA Address Function Pointer
The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to cause a denial of service (unhandled exception) via an invalid RVA address function pointer in (1) an IMAGE_THUNK_DATA structure, involving the (a) OriginalFirstThunk and (b) FirstThunk IMAGE_IMPORT_DESCRIPTOR fields, or (2) the AddressOfNames IMAGE_EXPORT_DIRECTORY field in a PE file.
by Gynvael Coldwind
UseBB 1.0.7 - Cross-Site Scripting via PATH_INFO in Install Upgrade Scripts
Multiple cross-site scripting (XSS) vulnerabilities in UseBB 1.0.7, and possibly other 1.0.x versions, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) upgrade-0-2-3.php, (2) upgrade-0-3.php, or (3) upgrade-0-4.php in install/, a different vulnerability than CVE-2005-4193.
by s4mi
UseBB 1.0.7 - Cross-Site Scripting via PATH_INFO in Install Upgrade Scripts
Multiple cross-site scripting (XSS) vulnerabilities in UseBB 1.0.7, and possibly other 1.0.x versions, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) upgrade-0-2-3.php, (2) upgrade-0-3.php, or (3) upgrade-0-4.php in install/, a different vulnerability than CVE-2005-4193.
by s4mi
BlogSite Professional < 1.2 - SQL Injection via news_id Parameter
SQL injection vulnerability in index.php in BlogSite Professional (aka Blog System) 1.x allows remote attackers to execute arbitrary SQL commands via the news_id parameter.
by t0pP8uZz
Linux Kernel < 2.6.22.2 - Denial of Service via Splice Subsystem Page Unlock
fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a denial of service (kernel BUG and system crash), as demonstrated by the fio I/O tool.
by Jens Axboe
CVSS 5.5
By Source