Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-109180 EXPLOITDB text VERIFIED
Live CMS - SQL Injection
by ahwak2000
EIP-2026-107560 EXPLOITDB text
Havij 1.10 - Persistent Cross-Site Scripting
by hexon
EIP-2026-107107 EXPLOITDB text VERIFIED
Firebook - Multiple Cross-Site Scripting / Directory Traversal Vulnerabilities
by MustLive
EIP-2026-106701 EXPLOITDB text VERIFIED
Easy Travel Portal - SQL Injection
by L0rd CrusAd3r
CVE-2010-2351 EXPLOITDB text VERIFIED
Novell Netware < 6.5 - Remote Code Execution via SMB Sessions Setup AndX Packet
Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0 for Novell Netware 6.5 SP8 and earlier allows remote attackers to execute arbitrary code via a Sessions Setup AndX packet with a long AccountName.
by laurent gaffie
EIP-2026-100105 EXPLOITDB text
Ananda Image Gallery - SQL Injection
by L0rd CrusAd3r
CVE-2010-5018 EXPLOITDB text VERIFIED
2daybiz Online Classified Script - XSS
Cross-site scripting (XSS) vulnerability in products/classified/headersearch.php in 2daybiz Online Classified Script allows remote attackers to inject arbitrary web script or HTML via the sid parameter.
by Sid3^effects
EIP-2026-114869 EXPLOITDB text VERIFIED
Adobe SVG Viewer 3.0 - Circle Transform Remote Code Execution
by h07
EIP-2026-111701 EXPLOITDB text VERIFIED
Real Estate - SQL Injection
by L0rd CrusAd3r
EIP-2026-110927 EXPLOITDB text
PHPAuctionSystem - Arbitrary File Upload
by Sid3^effects
CVE-2010-2358 EXPLOITDB text
Nakid CMS 0.5.2 - Remote Code Execution via core[system_path] Parameter
PHP remote file inclusion vulnerability in modules/catalog/upload_photo.php in Nakid CMS 0.5.2, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the core[system_path] parameter. NOTE: some of these details are obtained from third party information.
by sh00t0ut
EIP-2026-109831 EXPLOITDB text
Nakid CMS 0.5.2 - 'FCKeditor' Arbitrary File Upload
by eidelweiss
CVE-2010-2341 EXPLOITDB text
ezpx_photoblog 1.2 beta - Remote Code Execution via tpl_base_dir Parameter
PHP remote file inclusion vulnerability in system/application/views/public/commentform.php in EZPX Photoblog 1.2 beta allows remote attackers to execute arbitrary PHP code via a URL in the tpl_base_dir parameter.
by sh00t0ut
CVE-2010-5015 EXPLOITDB text VERIFIED
2daybiz Network Community Script - SQL Injection
SQL injection vulnerability in view_photo.php in 2daybiz Network Community Script allows remote attackers to execute arbitrary SQL commands via the alb parameter.
by Sid3^effects
CVE-2010-5019 EXPLOITDB text VERIFIED
2daybiz Online Classified Script - SQL Injection
SQL injection vulnerability in view_photo.php in 2daybiz Online Classified Script allows remote attackers to execute arbitrary SQL commands via the alb parameter.
by Sid3^effects
EIP-2026-111974 EXPLOITDB text VERIFIED
Sell@Site PHP Online Jobs Login - Multiple SQL Injections
by L0rd CrusAd3r
EIP-2026-111476 EXPLOITDB text VERIFIED
Pre Job Board Pro - Authentication Bypass
by L0rd CrusAd3r
CVE-2010-1748 EXPLOITDB text VERIFIED
CUPS < 1.4.4 - Information Disclosure via Malformed Percent-Encoded URI Parameter
The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstrated by the (1) /admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs.
by Luca Carettoni
CVE-2010-5045 EXPLOITDB text VERIFIED
Smart ASP Survey - Cross-Site Scripting via catid Parameter
Cross-site scripting (XSS) vulnerability in poll/default.asp in Smart ASP Survey allows remote attackers to inject arbitrary web script or HTML via the catid parameter.
by L0rd CrusAd3r
EIP-2026-100538 EXPLOITDB text VERIFIED
SAS Hotel Management System - 'notfound' SQL Injection
by L0rd CrusAd3r
EIP-2026-100526 EXPLOITDB text VERIFIED
Restaurant Listing with Online Ordering - SQL Injection
by L0rd CrusAd3r
EIP-2026-100372 EXPLOITDB text VERIFIED
IISWorks FileMan - fileman.mdb Remote User Database Disclosure
by j0fer
EIP-2026-100180 EXPLOITDB text VERIFIED
Business Classified Listing - SQL Injection
by L0rd CrusAd3r
EIP-2026-100100 EXPLOITDB text VERIFIED
Acuity CMS 2.7.1 - SQL Injection
by L0rd CrusAd3r
CVE-2010-1932 EXPLOITDB text VERIFIED
XnView 1.97.4 - Heap-Based Buffer Overflow via MultiBitMap Paint Data Section
Heap-based buffer overflow in XnView 1.97.4 and possibly earlier allows remote attackers to execute arbitrary code via a MultiBitMap (MBM) file with a Paint Data Section that contains a malformed Encoding field.
by Mauro Olea