Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-1885 EXPLOITDB text VERIFIED
Windows XP and Windows Server 2003 - Remote Code Execution via Malformed hcp:// URL
The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."
by Tavis Ormandy
CVE-2010-2265 EXPLOITDB text VERIFIED
Windows XP and Server 2003 - Cross-Site Scripting via Help and Support Center svr Parameter
Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction.
by Tavis Ormandy
CVE-2010-5011 EXPLOITDB text VERIFIED
SchoolMation 2.3 - SQL Injection via Studentmain Session Parameter
SQL injection vulnerability in schoolmv2/html/studentmain.php in SchoolMation 2.3 allows remote attackers to execute arbitrary SQL commands via the session parameter.
by Sid3^effects
EIP-2026-109491 EXPLOITDB text VERIFIED
Miniweb 2.0 Business Portal and Social Networking Platform - SQL Injection
by L0rd CrusAd3r
CVE-2010-2340 EXPLOITDB text VERIFIED
Arab Portal 2.2 - SQL Injection via Members.php by Parameter
SQL injection vulnerability in members.php in Arab Portal 2.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the by parameter in the msearch action.
by SwEET-DeViL
EIP-2026-100472 EXPLOITDB text VERIFIED
Pars Design CMS - Arbitrary File Upload
by Securitylab.ir
CVE-2010-5026 EXPLOITDB text VERIFIED
Science Fair In A Box <2.0.6, 2.2.0 - SQL Injection
SQL injection vulnerability in winners.php in Science Fair In A Box (SFIAB) 2.0.6 and 2.2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter. NOTE: some of these details are obtained from third party information.
by L0rd CrusAd3r
CVE-2010-2354 EXPLOITDB text VERIFIED
Pilot Group eLMS Pro - SQL Injection via subscribe.php course_id Parameter
SQL injection vulnerability in subscribe.php in Pilot Group (PG) eLMS Pro allows remote attackers to execute arbitrary SQL commands via the course_id parameter.
by Sid3^effects
EIP-2026-116720 EXPLOITDB text
ActivePerl 5.8.8.817 - Local Buffer Overflow
by PoisonCode
CVE-2010-5027 EXPLOITDB text VERIFIED
Science Fair In A Box <2.0.6, 2.2.0 - XSS
Cross-site scripting (XSS) vulnerability in winners.php in Science Fair In A Box (SFIAB) 2.0.6 and 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the type parameter. NOTE: some of these details are obtained from third party information.
by L0rd CrusAd3r
EIP-2026-110912 EXPLOITDB text
PHPAccess - SQL Injection
by L0rd CrusAd3r
CVE-2010-2357 EXPLOITDB text VERIFIED
Eicra Realestate Script 1.0 and 1.6.0 - SQL Injection via p_id Parameter
SQL injection vulnerability in index.php in Eicra Realestate Script 1.0 and 1.6.0 allows remote attackers to execute arbitrary SQL commands via the p_id parameter. NOTE: some of these details are obtained from third party information.
by L0rd CrusAd3r
EIP-2026-110745 EXPLOITDB text VERIFIED
PHP Property Rental Script - SQL Injection / Cross-Site Scripting
by L0rd CrusAd3r
EIP-2026-110573 EXPLOITDB text VERIFIED
PGAUTOPro - SQL Injection / Cross-Site Scripting (2)
by Sid3^effects
EIP-2026-110572 EXPLOITDB text VERIFIED
PGAUTOPro - SQL Injection / Cross-Site Scripting (1)
by Sid3^effects
EIP-2026-108420 EXPLOITDB text
Joomla! Component com_jtickets - SQL Injection
by Sid3^effects
EIP-2026-108419 EXPLOITDB text
Joomla! Component com_jsubscription - SQL Injection
by Sid3^effects
EIP-2026-108418 EXPLOITDB text
Joomla! Component com_jstore - SQL Injection
by Sid3^effects
EIP-2026-108403 EXPLOITDB text
Joomla! Component com_jnewsletter - SQL Injection
by Sid3^effects
EIP-2026-108400 EXPLOITDB text
Joomla! Component com_jmarket - SQL Injection
by Sid3^effects
EIP-2026-108388 EXPLOITDB text
Joomla! Component com_jcommunity - SQL Injection
by Sid3^effects
EIP-2026-108239 EXPLOITDB text
Joomla! Component cinema - SQL Injection
by Sudden_death
CVE-2010-2312 EXPLOITDB text VERIFIED
HauntmAx Haunted House Directory Listing CMS - SQL Injection via State Parameter
SQL injection vulnerability in index.php in HauntmAx Haunted House Directory Listing CMS allows remote attackers to execute arbitrary SQL commands via the state parameter in a listings action.
by Sid3^effects
EIP-2026-107497 EXPLOITDB text VERIFIED
GREEZLE - Global Real Estate Agent Site Auth SQL Injection
by L0rd CrusAd3r
CVE-2010-2356 EXPLOITDB text VERIFIED
Pilot Group eLMS Pro - Stored Cross-Site Scripting via subscribe.php course_id Parameter
Cross-site scripting (XSS) vulnerability in subscribe.php in Pilot Group (PG) eLMS Pro allows remote attackers to inject arbitrary web script or HTML via the course_id parameter.
by Sid3^effects