Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-111183 EXPLOITDB text VERIFIED
phpplanner - Cross-Site Scripting / SQL Injection
by anT!-Tr0J4n
EIP-2026-107842 EXPLOITDB text
Infront - SQL Injection
by TheMaStEr
CVE-2010-2338 EXPLOITDB text VERIFIED
VU Web Visitor Analyst - SQL Injection via redir.asp Username or Password Parameter
Multiple SQL injection vulnerabilities in redir.asp in VU Web Visitor Analyst allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. NOTE: some of these details are obtained from third party information.
by L0rd CrusAd3r
EIP-2026-100609 EXPLOITDB text VERIFIED
VU Mass Mailer - Authentication Bypass
by L0rd CrusAd3r
EIP-2026-100608 EXPLOITDB text VERIFIED
VU Case Manager - Authentication Bypass
by L0rd CrusAd3r
CVE-2010-5008 EXPLOITDB text VERIFIED
BrightSuite Groupware 5.4 - SQL Injection
SQL injection vulnerability in pages/contact_list_mail_form.asp in BrightSuite Groupware 5.4 allows remote attackers to execute arbitrary SQL commands via the ContactID parameter.
by L0rd CrusAd3r
EIP-2026-100162 EXPLOITDB text VERIFIED
BDSMIS TraX with Payroll - SQL Injection
by L0rd CrusAd3r
CVE-2010-2263 EXPLOITDB text VERIFIED
nginx 0.7.52-0.7.65 and 0.8-0.8.39 on Windows - Unauthenticated Arbitrary File Read via ::$DATA URI Suffix
nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
by Dr_IDE
CVE-2010-2266 EXPLOITDB text VERIFIED
nginx 0.7.52-0.7.67 - Denial of Service via Encoded Directory Traversal Sequence
nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
by Dr_IDE
CVE-2010-2263 EXPLOITDB text VERIFIED
nginx 0.7.52-0.7.65 and 0.8-0.8.39 on Windows - Unauthenticated Arbitrary File Read via ::$DATA URI Suffix
nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
by Jose A. Vazquez
EIP-2026-112180 EXPLOITDB text VERIFIED
Site to Store Automobile - Motorcycle Boat SQL Injection
by L0rd CrusAd3r
EIP-2026-112179 EXPLOITDB text VERIFIED
Site for Real Estate - Brokers SQL Injection
by L0rd CrusAd3r
EIP-2026-110477 EXPLOITDB text VERIFIED
Parallels System Automation (PSA) - Local File Inclusion
by Pouya Daneshmand
EIP-2026-107306 EXPLOITDB text VERIFIED
Full Site for Restaurant - SQL Injection
by L0rd CrusAd3r
EIP-2026-106634 EXPLOITDB text VERIFIED
E-PHP B2B Marketplace - Multiple Vulnerabilities
by MizoZ
EIP-2026-106429 EXPLOITDB text VERIFIED
Development Site Professional Liberal - Company Institutional SQL Injection
by L0rd CrusAd3r
EIP-2026-106349 EXPLOITDB text
DaLogin 2.2 - 'FCKeditor' Arbitrary File Upload
by eidelweiss
CVE-2010-5012 EXPLOITDB text
DaLogin 2.2 and 2.2.5 - SQL Injection via new.php id Parameter
SQL injection vulnerability in new.php in DaLogin 2.2 and 2.2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
by hc0
CVE-2010-4998 EXPLOITDB text
ardeaCore PHP Framework 2.2 - Remote File Inclusion via pathForArdeaCore Parameter
PHP remote file inclusion vulnerability in ardeaCore/lib/core/ardeaInit.php in ardeaCore PHP Framework 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the pathForArdeaCore parameter. NOTE: some of these details are obtained from third party information.
by cr4wl3r
CVE-2010-2436 EXPLOITDB text VERIFIED
anecms_blog < 1.3 - SQL Injection via PATH_INFO
SQL injection vulnerability in modules/blog/index.php in AneCMS Blog 1.3 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO.
by High-Tech Bridge SA
CVE-2010-2437 EXPLOITDB text VERIFIED
anecms_blog < 1.3 - Stored Cross-Site Scripting via Comment Variable
Cross-site scripting (XSS) vulnerability in class/tools.class.php in AneCMS Blog 1.3 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the comment variable to modules/blog/index.php.
by High-Tech Bridge SA
EIP-2026-101076 EXPLOITDB text
Savy Soda Documents - Mobile Office Suite '.XLS' Denial of Service
by Matthew Bergin
EIP-2026-101060 EXPLOITDB text
Office^2 iPhone - '.XLS' Denial of Service
by Matthew Bergin
EIP-2026-101018 EXPLOITDB text VERIFIED
GoodiWare GoodReader iPhone - '.XLS' Denial of Service
by Matthew Bergin
CVE-2010-5010 EXPLOITDB text VERIFIED
SchoolMation 2.3 - Cross-Site Scripting via Session Parameter
Cross-site scripting (XSS) vulnerability in schoolmv2/html/studentmain.php in SchoolMation 2.3 allows remote attackers to inject arbitrary web script or HTML via the session parameter.
by Sid3^effects