Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-4844 EXPLOITDB text VERIFIED
MH Products Easy Online Shop - SQL Injection
SQL injection vulnerability in content.php in MH Products Easy Online Shop allows remote attackers to execute arbitrary SQL commands via the kat parameter.
by Easy Laster
EIP-2026-106273 EXPLOITDB text
CubeCart 3.x - Arbitrary File Upload
by StunTMaN!
EIP-2026-111627 EXPLOITDB text VERIFIED
QualDev eCommerce script - SQL Injection
by ErrNick
EIP-2026-111191 EXPLOITDB text VERIFIED
PHPRS - 'model-kits.php' SQL Injection
by KnocKout
CVE-2010-4719 EXPLOITDB text VERIFIED
com_jradio < 1.5.0 - Path Traversal via Controller Parameter
Directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
by Sid3^effects
CVE-2010-4749 EXPLOITDB text
BLOG:CMS 4.2.1.e - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1.e, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) body parameter to action.php and the (2) amount and (3) action parameters to admin/index.php.
by High-Tech Bridge SA
EIP-2026-112212 EXPLOITDB text VERIFIED
slickMsg - Cross-Site Scripting / HTML Injection
by Aliaksandr Hartsuyeu
CVE-2010-4333 EXPLOITDB text
Pointter PHP Micro-Blogging Social Network 1.8 - Unauthenticated Privilege Escalation via Cookie Manipulation
Pointter PHP Micro-Blogging Social Network 1.8 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies.
by Mark Stanislav
CVE-2010-4332 EXPLOITDB text
Pointter PHP Content Management System 1.0 - Unauthenticated Authentication Bypass via Cookie Manipulation
Pointter PHP Content Management System 1.0 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies.
by Mark Stanislav
CVE-2010-4350 EXPLOITDB text
MantisBT < 1.2.4 - Remote Code Execution via db_type Parameter in admin/upgrade_unattended.php
Directory traversal vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP.
by LiquidWorm
CVE-2010-4349 EXPLOITDB text
MantisBT < 1.2.4 - Information Disclosure via Invalid db_type Parameter
admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to obtain sensitive information via an invalid db_type parameter, which reveals the installation path in an error message, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP.
by LiquidWorm
CVE-2010-4111 EXPLOITDB text VERIFIED
HP Insight Diagnostics < 8.5.1.3712 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.1.3712 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by Richard Brain
CVE-2010-4750 EXPLOITDB text
BLOG:CMS 4.2.1.e - Cross-Site Request Forgery in admin/libs/ADMIN.php
Cross-site request forgery (CSRF) vulnerability in admin/libs/ADMIN.php in BLOG:CMS 4.2.1.e, and possibly earlier, allows remote attackers to hijack the authentication of administrators.
by High-Tech Bridge SA
EIP-2026-105526 EXPLOITDB text VERIFIED
Blog:CMS 4.2.1 e - Multiple HTML Injections / Cross-Site Scripting
by High-Tech Bridge SA
CVE-2010-5315 EXPLOITDB text
BEdita < 3.0.1.2550 "betula" - Cross-Site Request Forgery via News Categories or Admin User Save
Multiple cross-site request forgery (CSRF) vulnerabilities in BEdita before 3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create categories via a data array to news/saveCategories or (2) modify credentials via a data array to admin/saveUser.
by High-Tech Bridge SA
CVE-2010-4604 EXPLOITDB text VERIFIED
IBM Tivoli Storage Manager 5.3.0-5.3.6.7 - Stack-Based Buffer Overflow in GeneratePassword Function
Stack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communications Agent or TCA) in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.2.10, and 6.1.x before 6.1.3.1 on Unix and Linux allows local users to gain privileges by specifying a long LANG environment variable, and then sending a request over a pipe.
by Kryptos Logic
EIP-2026-100807 EXPLOITDB text
Google Urchin 5.7.03 - Local File Inclusion
by Kristian Erik Hermansen
CVE-2010-3906 EXPLOITDB text VERIFIED
Gitweb < 1.7.3.3 - Cross-Site Scripting via f and fp Parameters
Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters.
by emgent
EIP-2026-105528 EXPLOITDB text VERIFIED
BlogCFC 5.9.6.001 - Multiple Cross-Site Scripting Vulnerabilities
by Richard Brain
CVE-2010-4259 EXPLOITDB text
FontForge 20100501 - Stack-based Buffer Overflow via Long CHARSET_REGISTRY Header in BDF Font File
Stack-based buffer overflow in FontForge 20100501 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long CHARSET_REGISTRY header in a BDF font file.
by Ulrik Persson
EIP-2026-110776 EXPLOITDB text VERIFIED
PHP TopSites 2.1 - '/rate.php' Cross-Site Scripting / SQL Injection
by c0de Hunters
EIP-2026-108513 EXPLOITDB text VERIFIED
Joomla! Component com_redirect 1.5.19 - Local File Inclusion
by jos_ali_joe
EIP-2026-105245 EXPLOITDB text VERIFIED
Articlems 2.0 - 'c[]' Cross-Site Scripting
by Packetdeath
EIP-2026-100703 EXPLOITDB text VERIFIED
Mura CMS - Multiple Cross-Site Scripting Vulnerabilities
by Richard Brain
EIP-2026-109687 EXPLOITDB text VERIFIED
MyBB 1.4.10 - 'tags.php' Cross-Site Scripting
by TEAMELITE
By Source
All 31,386 Writeup 62,527 Exploitdb 50,076 Nomisec 22,481 Github 3,717 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 480 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,615 ruby 6,006 c 3,635 perl 2,849 html 2,076 php 1,334 bash 462 java 371 c++ 261 javascript 231 shell 137 go 73 postscript 25 typescript 25