Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-4612 EXPLOITDB text
Hycus CMS 1.0.3 - SQL Injection via user_name, usr_email, useremail, or q Parameter
Multiple SQL injection vulnerabilities in index.php in Hycus CMS 1.0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) usr_email parameters to user/1/hregister.html, (3) usr_email parameter to user/1/hlogin.html, (4) useremail parameter to user/1/forgotpass.html, and the (5) q parameter to search/1.html. NOTE: some of these details are obtained from third party information.
by High-Tech Bridge SA
CVE-2010-4610 EXPLOITDB text
Html-edit CMS 3.1.8 - Cross-Site Scripting via Error Parameter
Cross-site scripting (XSS) vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to inject arbitrary web script or HTML via the error parameter.
by High-Tech Bridge SA
CVE-2010-4609 EXPLOITDB text
Html-edit CMS 3.1.8 - SQL Injection via nuser Parameter
SQL injection vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to execute arbitrary SQL commands via the nuser parameter in a registrate action.
by High-Tech Bridge SA
CVE-2010-4607 EXPLOITDB text
Habari 0.6.5 - Cross-Site Scripting via additem_form and status_data Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Habari 0.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) additem_form parameter to system/admin/dash_additem.php and the (2) status_data[] parameter to system/admin/dash_status.php. NOTE: some of these details are obtained from third party information.
by High-Tech Bridge SA
CVE-2011-1086 EXPLOITDB MEDIUM text VERIFIED
Openfiler 2.3 - Cross-Site Scripting via Device Parameter
Cross-site scripting (XSS) vulnerability in admin/system.html in Openfiler 2.3 allows remote attackers to inject arbitrary web script or HTML via the device parameter.
by db.pub.mail
CVSS 6.1
CVE-2010-4598 EXPLOITDB text
Ecava IntegraXor < 3.6.4000.0 - Path Traversal via File Name Parameter
Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file_name parameter in an open request.
by Luigi Auriemma
EIP-2026-118344 EXPLOITDB text VERIFIED
Calibre 0.7.34 - Cross-Site Scripting / Directory Traversal
by waraxe
EIP-2026-113888 EXPLOITDB text VERIFIED
WordPress Plugin Mediatricks Viva Thumbs - Multiple Information Disclosure Vulnerabilities
by Richard Brain
EIP-2026-112299 EXPLOITDB text VERIFIED
Social Share - 'Username' SQL Injection
by Aliaksandr Hartsuyeu
EIP-2026-111860 EXPLOITDB text VERIFIED
S9Y Serendipity 1.5.4 - Arbitrary File Upload
by pentesters.ir
EIP-2026-108602 EXPLOITDB text VERIFIED
Joomla! Component com_xgallery 1.0 - Local File Inclusion
by KelvinX
EIP-2026-108110 EXPLOITDB text
jobappr 1.4 - Multiple Vulnerabilities
by giudinvx
EIP-2026-107845 EXPLOITDB text
Injader CMS - Multiple Vulnerabilities
by High-Tech Bridge SA
EIP-2026-107807 EXPLOITDB text VERIFIED
ImpressCMS 1.2.x - 'quicksearch_ContentContent' HTML Injection
by High-Tech Bridge SA
CVE-2010-4613 EXPLOITDB text
Hycus CMS 1.0.3 - Path Traversal via Site Parameter
Multiple directory traversal vulnerabilities in Hycus CMS 1.0.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the site parameter to (1) index.php and (2) admin.php.
by High-Tech Bridge SA
CVE-2010-4611 EXPLOITDB text
html-edit CMS 3.1.8 - Exposure of Sensitive Information via Direct Request to Core Files
Html-edit CMS 3.1.8 allows remote attackers to obtain sensitive information via a direct request to (1) pages.php and (2) menu.php in includes/core_files and (3) extensions/login/frontend/pages/antihacker.php, which reveals the installation path in an error message.
by High-Tech Bridge SA
CVE-2010-4608 EXPLOITDB text
Habari 0.6.5 - Unauthenticated Sensitive Information Exposure via Direct Request
Habari 0.6.5 allows remote attackers to obtain sensitive information via a direct request to (1) header.php and (2) comments_items.php in system/admin/, which reveals the installation path in an error message.
by High-Tech Bridge SA
EIP-2026-107549 EXPLOITDB text VERIFIED
Habari 0.6.5 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
EIP-2026-107230 EXPLOITDB text VERIFIED
FreeNAS 0.7.2.5543 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
by db.pub.mail
EIP-2026-103166 EXPLOITDB text VERIFIED
Mitel Audio and Web Conferencing (AWC) - Arbitrary Shell Command Injection
by Jan Fry
CVE-2010-1677 EXPLOITDB text VERIFIED
MHonArc 2.6.16 - Denial of Service via Nested Start Tags
MHonArc 2.6.16 allows remote attackers to cause a denial of service (CPU consumption) via start tags that are placed within other start tags, as demonstrated by a <bo<bo<bo<bo<body>dy>dy>dy>dy> sequence, a different vulnerability than CVE-2010-4524.
by anonymous
EIP-2026-112944 EXPLOITDB text VERIFIED
Vacation Rental Script 4.0 - Arbitrary File Upload
by Br0ly
EIP-2026-112297 EXPLOITDB text VERIFIED
Social Share - 'postid' SQL Injection
by Aliaksandr Hartsuyeu
EIP-2026-111369 EXPLOITDB text VERIFIED
plx Ad Trader 3.2 - Authentication Bypass
by R4dc0re
EIP-2026-110883 EXPLOITDB text
PHP-Nuke MaticMarket 2.02 - Local File Inclusion
by xer0x
By Source
All 31,386 Writeup 62,526 Exploitdb 50,076 Nomisec 22,480 Github 3,713 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 480 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,614 ruby 6,006 c 3,635 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 137 go 73 postscript 25 typescript 25