Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-3503 EXPLOITDB text VERIFIED
Oracle Solaris 10/OpenSolaris - Info Disclosure
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect confidentiality and integrity via unknown vectors related to su.
by prdelka
EIP-2026-111791 EXPLOITDB text VERIFIED
Ronny CMS 1.1 r935 - Multiple HTML Injection Vulnerabilities
by High-Tech Bridge SA
EIP-2026-111367 EXPLOITDB text VERIFIED
PluXml 5.0.1 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
by High-Tech Bridge SA
CVE-2010-5286 EXPLOITDB text VERIFIED
Joomla! Jstore Component - Path Traversal via Controller Parameter
Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
by jos_ali_joe
EIP-2026-106965 EXPLOITDB text VERIFIED
Exponent CMS 0.97 - Multiple Vulnerabilities
by LiquidWorm
CVE-2010-5284 EXPLOITDB text VERIFIED
Collabtive 0.6.5 - Cross-Site Scripting via User Profile Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Collabtive 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) User parameter in the edit user profile feature to manageuser.php, (2) y parameter in a newcal action to manageajax.php, and the (3) pic parameter to thumb.php.
by Anatolia Security
CVE-2010-5285 EXPLOITDB text VERIFIED
Collabtive 0.6.5 - Cross-Site Request Forgery in Admin User Addition
Cross-site request forgery (CSRF) vulnerability in admin.php in Collabtive 0.6.5 allows remote attackers to hijack the authentication of administrators for requests that add administrative users via the edituser action.
by Anatolia Security
CVE-2010-3581 EXPLOITDB text VERIFIED
Oracle Fusion Middleware <11.1.1.2.0 - Info Disclosure
Unspecified vulnerability in the BPEL Console component in Oracle Fusion Middleware 11.1.1.1.0 and 11.1.1.2.0 allows remote authenticated users to affect integrity via unknown vectors.
by Alexander Polyakov
CVE-2010-4798 EXPLOITDB text VERIFIED
OrangeHRM 2.6.0.1 - Path Traversal via URI Parameter
Directory traversal vulnerability in index.php in OrangeHRM 2.6.0.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the uri parameter.
by ZonTa
EIP-2026-108158 EXPLOITDB text VERIFIED
Joomla! / Mambo Component com_trade - 'PID' Cross-Site Scripting
by FL0RiX
CVE-2010-4800 EXPLOITDB text VERIFIED
baconmap 1.0 - SQL Injection via doadd.php type Parameter
SQL injection vulnerability in doadd.php in BaconMap 1.0 allows remote attackers to execute arbitrary SQL commands via the type parameter.
by John Leitch
CVE-2010-4801 EXPLOITDB text VERIFIED
baconmap 1.0 - Path Traversal via filepath Parameter
Directory traversal vulnerability in admin/updatelist.php in BaconMap 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the filepath parameter.
by John Leitch
CVE-2010-4791 EXPLOITDB text VERIFIED
MG User-Fotoalbum 1.0.1 - SQL Injection
SQL injection vulnerability in infusions/mg_user_fotoalbum_panel/mg_user_fotoalbum.php in the MG User-Fotoalbum (mg_user_fotoalbum_panel) module 1.0.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the album_id parameter.
by Easy Laster
CVE-2010-4793 EXPLOITDB text VERIFIED
Site2Nite Auto e-Manager - SQL Injection
SQL injection vulnerability in detail.asp in Site2Nite Auto e-Manager allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by KnocKout
CVE-2010-4794 EXPLOITDB text VERIFIED
JoomlaSeller JS Calendar 1.5.1-1.5.4 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the JoomlaSeller JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameters in a jscalendar action to index.php. NOTE: some of these details are obtained from third party information.
by Salvatore Fresta
EIP-2026-113087 EXPLOITDB text VERIFIED
VideoDB 3.0.3 - Multiple Vulnerabilities
by Valentin
CVE-2010-4795 EXPLOITDB text VERIFIED
JS Calendar (com_jscalendar) 1.5.1-1.5.4 - SQL Injection
SQL injection vulnerability in the JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ev_id parameter in a details action to index.php. NOTE: some of these details are obtained from third party information.
by Salvatore Fresta
CVE-2010-5280 EXPLOITDB text VERIFIED
Joomla! com_cbe <1.4.10 - Path Traversal
Directory traversal vulnerability in the Community Builder Enhanced (CBE) (com_cbe) component 1.4.8, 1.4.9, and 1.4.10 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabname parameter in a userProfile action to index.php. NOTE: this can be leveraged to execute arbitrary code by using the file upload feature.
by Delf Tonder
CVE-2010-4799 EXPLOITDB text VERIFIED
Chipmunk Pwngame 1.0 - SQL Injection
Multiple SQL injection vulnerabilities in Chipmunk Pwngame 1.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to authenticate.php and the (3) ID parameter to pwn.php. NOTE: some of these details are obtained from third party information.
by KnocKout
EIP-2026-109066 EXPLOITDB text VERIFIED
Lantern CMS - '11-login.asp' Cross-Site Scripting
by High-Tech Bridge SA
CVE-2010-4797 EXPLOITDB text VERIFIED
Truworth Flex Timesheet - SQL Injection
Multiple SQL injection vulnerabilities in the log-in form in Truworth Flex Timesheet allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields.
by KnocKout
EIP-2026-107069 EXPLOITDB text
Feindura File Manager 1.0(rc) - Arbitrary File Upload
by KnocKout
CVE-2010-2632 EXPLOITDB text
Oracle Solaris 8-11 Express - DoS
Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable researcher that this is an issue in the glob implementation in libc that allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames.
by Maksymilian Arciemowicz
CVE-2010-4855 EXPLOITDB text VERIFIED
xWeblog 2.2 - SQL Injection via makale_id Parameter
SQL injection vulnerability in oku.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the makale_id parameter.
by KnocKout
EIP-2026-105372 EXPLOITDB text VERIFIED
Backbone Technology Expression 18.9.2010 - Cross-Site Scripting
by High-Tech Bridge SA
By Source
All 31,386 Writeup 62,573 Exploitdb 50,076 Nomisec 22,496 Github 3,735 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 480 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,630 ruby 6,006 c 3,635 perl 2,849 html 2,076 php 1,334 bash 462 java 371 c++ 261 javascript 231 shell 137 go 73 postscript 25 typescript 25