Text Exploits

EIP-2026-110322 EXPLOITDB text

openSite 0.2.2 Beta - Local File Inclusion

by n0n0x

View

EIP-2026-111172 EXPLOITDB text VERIFIED

phpMySport 1.4 - SQL Injection / Authentication Bypass / Full Path Disclosure

by High-Tech Bridge SA

View

EIP-2026-110732 EXPLOITDB text

PHP MicroCMS 1.0.1 - Cross-Site Request Forgery / Cross-Site Scripting

by High-Tech Bridge SA

View

EIP-2026-110731 EXPLOITDB text VERIFIED

PHP MicroCMS 1.0.1 - 'page_text' Cross-Site Scripting

by High-Tech Bridge SA

View

CVE-2011-0407 EXPLOITDB text

Phenotype CMS 3.0 - SQL Injection via Crafted URI

SQL injection vulnerability in the store function in _phenotype/system/class/PhenoTypeDataObject.class.php in Phenotype CMS 3.0 allows remote attackers to execute arbitrary SQL commands via a crafted URI, as demonstrated by Gallery/gal_id/1/image1,1.html. NOTE: some of these details are obtained from third party information.

by High-Tech Bridge SA

View

CVE-2011-0005 EXPLOITDB text VERIFIED

Joomla com_search 1.0.x-1.0.15 - Cross-Site Scripting via Ordering Parameter

Cross-site scripting (XSS) vulnerability in the com_search module for Joomla! 1.0.x through 1.0.15 allows remote attackers to inject arbitrary web script or HTML via the ordering parameter to index.php.

by Aung Khant

View

EIP-2026-107775 EXPLOITDB text VERIFIED

Ignition 1.3 - 'comment.php' Local File Inclusion

by n0n0x

View

EIP-2026-107020 EXPLOITDB text VERIFIED

F3Site 2011 alfa 1 - Cross-Site Scripting / Cross-Site Request Forgery

by High-Tech Bridge SA

View

EIP-2026-102522 EXPLOITDB text VERIFIED

Openfire 3.6.4 - Multiple Cross-Site Request Forgery Vulnerabilities

by Riyaz Ahemed Walikar

View

EIP-2026-101343 EXPLOITDB text VERIFIED

Lexmark X651de - Printer Ready Message Value HTML Injection

by dave b

View

EIP-2026-113435 EXPLOITDB text VERIFIED

WikLink 0.1.3 - 'getURL.php' SQL Injection

by Aliaksandr Hartsuyeu

View

EIP-2026-109977 EXPLOITDB text

Nucleus 3.61 - Multiple Remote File Inclusions

by n0n0x

View

EIP-2026-102523 EXPLOITDB text VERIFIED

Openfire 3.6.4 - Multiple Cross-Site Scripting Vulnerabilities

by Walikar Riyaz Ahemed Dawalmalik

View

EIP-2026-100171 EXPLOITDB text VERIFIED

BlogEngine.NET 1.6 - Directory Traversal / Information Disclosure

by Deniz Cevik

View

EIP-2026-113469 EXPLOITDB text VERIFIED

WonderCMS 0.3.3 - 'editText.php' Cross-Site Scripting

by High-Tech Bridge SA

View

EIP-2026-111871 EXPLOITDB text

Sahana Agasti 0.6.4 - Multiple Remote File Inclusions

by n0n0x

View

CVE-2011-1081 EXPLOITDB text VERIFIED

OpenLDAP 2.4.x < 2.4.24 - Denial of Service via Empty OldDN in MODRDN Operation

modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field.

by Serge Dubrouski

View

CVE-2011-0519 EXPLOITDB text VERIFIED

Gallarific PHP Photo Gallery script 2.1 - SQL Injection via gallery.php id Parameter

SQL injection vulnerability in gallery.php in Gallarific PHP Photo Gallery script 2.1 and possibly other versions allows remote attackers to execute arbitrary SQL commands via the id parameter.

by AtT4CKxT3rR0r1ST

View

EIP-2026-112582 EXPLOITDB text

Tech Shop Technote 7 - SQL Injection

by MaJ3stY

View

EIP-2026-111872 EXPLOITDB text VERIFIED

Sahana Agasti 0.6.4 - SQL Injection

by dun

View

CVE-2012-5099 EXPLOITDB text VERIFIED

phpb2b < 4.1 - Cross-Site Scripting via list.php q Parameter

Cross-site scripting (XSS) vulnerability in list.php in PHPB2B 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.

by H4ckCity Security Team

View

EIP-2026-109022 EXPLOITDB text VERIFIED

KLINK - SQL Injection

by Mauro Rossi & Andres Gomez

View

EIP-2026-105848 EXPLOITDB text VERIFIED

ChurchInfo 1.2.12 - SQL Injection

by dun

View

CVE-2010-0219 EXPLOITDB text VERIFIED

Apache Axis2 - Remote Code Execution via Default Admin Credentials

Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.

by rgod

View

EIP-2026-107776 EXPLOITDB text VERIFIED

Ignition 1.3 - 'page.php' Local File Inclusion

by cOndemned

View