Text Exploits

EIP-2026-100279 EXPLOITDB text VERIFIED

DotNetNuke 6.1.x - Cross-Site Scripting

by Sajjad Pourali

View

CVE-2013-5311 EXPLOITDB text VERIFIED

Vastal I-Tech phpVID <1.2.3 - SQL Injection

Multiple SQL injection vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to execute arbitrary SQL commands via the "n" parameter to (1) browse_videos.php or (2) members.php. NOTE: the cat parameter is already covered by CVE-2008-4157.

by 3spi0n

View

CVE-2008-4157 EXPLOITDB text VERIFIED

Vastal Phpvid - SQL Injection

SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 1.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2007-3610. NOTE: it was later reported that 1.2.3 is also affected.

by 3spi0n

View

CVE-2008-2335 EXPLOITDB text VERIFIED

Vastal Phpvid - XSS

Cross-site scripting (XSS) vulnerability in search_results.php in Vastal I-Tech phpVID 1.1 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 1.2.3 is also affected.

by 3spi0n

View

EIP-2026-119013 EXPLOITDB text

Oracle Java - 'storeImageArray()' Invalid Array Indexing

by Packet Storm

View

CVE-2013-4241 EXPLOITDB MEDIUM text VERIFIED

Hitmyserver Hms Testimonials < 2.0.11 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) image, (3) url, or (4) testimonial parameter to the Testimonial form (hms-testimonials-addnew page); (5) date_format parameter to the Settings - Default form (hms-testimonials-settings page); (6) name parameter in a Save action to the Settings - Custom Fields form (hms-testimonials-settings-fields page); or (7) name parameter in a Save action to the Settings - Template form (hms-testimonials-templates-new page).

by RogueCoder

CVSS 6.1

View

EIP-2026-112793 EXPLOITDB text

Tribq CMS 5.2.7 - Cross-Site Request Forgery (Adding/Editing New Administrator Account)

by Yashar shahinzadeh

View

CVE-2013-5312 EXPLOITDB text VERIFIED

Vastal I-Tech phpVID 1.2.3 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to browse_videos.php or the (2) cat parameter to groups.php.

by 3spi0n

View

EIP-2026-110231 EXPLOITDB text

Open Real Estate CMS 1.5.1 - Multiple Vulnerabilities

by Yashar shahinzadeh

View

EIP-2026-109515 EXPLOITDB text VERIFIED

MLMAuction Script - 'gallery.php?id' SQL Injection

by 3spi0n

View

CVE-2010-2694 EXPLOITDB text

Joomla! com_redshop 1.0 - SQL Injection

SQL injection vulnerability in the redSHOP Component (com_redshop) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter to index.php.

by Matias Fontanini

View

EIP-2026-107876 EXPLOITDB text VERIFIED

Integrated CMS 1.0 - SQL Injection

by DSST

View

CVE-2013-7368 EXPLOITDB text

Gnew 2013.1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Gnew 2013.1 allow remote attackers to inject arbitrary web script or HTML via the gnew_template parameter to (1) users/profile.php, (2) articles/index.php, or (3) admin/polls.php; (4) category_id parameter to news/submit.php; news_id parameter to (5) news/send.php or (6) comments/add.php; or (7) post_subject or (8) thread_id parameter to posts/edit.php.

by LiquidWorm

View

EIP-2026-105056 EXPLOITDB text

Ajax PHP Penny Auction 1.x 2.x - Multiple Vulnerabilities

by Taha Hunter

View

EIP-2026-118649 EXPLOITDB text VERIFIED

HTC Sync Manager - Multiple DLL Loading Arbitrary Code Execution Vulnerabilities

by Iranian_Dark_Coders_Team

View

CVE-2013-5120 EXPLOITDB text

PHPFox <3.6.0 - SQL Injection

SQL injection vulnerability in PHPFox before 3.6.0 (build4) allows remote attackers to execute arbitrary SQL commands via the search[gender] parameter to user/browse/view_/.

by Matias Fontanini

View

CVE-2013-5121 EXPLOITDB text

PHPFox <3.6.0 - SQL Injection

SQL injection vulnerability in PHPFox before 3.6.0 (build6) allows remote attackers to execute arbitrary SQL commands via the search[sort_by] parameter to user/browse/view_/.

by Matias Fontanini

View

CVE-2013-4880 EXPLOITDB text VERIFIED

BigTree CMS <4.0 RC2 - XSS

Cross-site scripting (XSS) vulnerability in core/admin/modules/developer/modules/views/add.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via the module parameter.

by High-Tech Bridge SA

View

EIP-2026-104977 EXPLOITDB text VERIFIED

Advanced Guestbook - 'addentry.php' Arbitrary File Upload

by Ashiyane Digital Security Team

View

CVE-2013-4884 EXPLOITDB text VERIFIED

McAfee SuperScan 4.0 - XSS

Cross-site scripting (XSS) vulnerability in McAfee SuperScan 4.0 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded sequences in a server response, which is not properly handled in the SuperScan HTML report.

by Trustwave's SpiderLabs

View

EIP-2026-114161 EXPLOITDB text VERIFIED

WordPress Plugin Usernoise 3.7.8 - Persistent Cross-Site Scripting

by RogueCoder

View

EIP-2026-113597 EXPLOITDB text

WordPress Plugin Booking Calendar 4.1.4 - Cross-Site Request Forgery

by Dylan Irzi

View

EIP-2026-111355 EXPLOITDB text VERIFIED

Pluck CMS 4.7 - HTML Code Injection

by Yashar shahinzadeh

View

EIP-2026-108531 EXPLOITDB text

Joomla! Component com_sectionex 2.5.96 - SQL Injection

by Matias Fontanini

View

EIP-2026-103065 EXPLOITDB text VERIFIED

Apache suEXEC - Information Disclosure / Privilege Escalation

by kingcope

View