Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-104292 EXPLOITDB text
JForum 2.1.8 BookMarks - Cross-Site Request Forgery / Cross-Site Scripting
by Adam Baldwin
CVE-2010-5042 EXPLOITDB text VERIFIED
DJ-ArtGallery 0.9.1 - XSS
Cross-site scripting (XSS) vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the cid[] parameter in an editItem action to administrator/index.php. NOTE: some of these details are obtained from third party information.
by d0lc3
CVE-2010-5035 EXPLOITDB text VERIFIED
iScripts eSwap 2.0 - Cross-Site Scripting via txtHomeSearch Parameter
Cross-site scripting (XSS) vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers to inject arbitrary web script or HTML via the txtHomeSearch parameter (aka the search field). NOTE: some of these details are obtained from third party information.
by Sid3^effects
CVE-2010-2316 EXPLOITDB text VERIFIED
wmscms < 2.0 - Cross-Site Scripting via search, sbr, p, or sbl Parameters
Multiple cross-site scripting (XSS) vulnerabilities in default.asp in WmsCms 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) sbr, (3) p, and (4) sbl parameters, different vectors than CVE-2007-3137.
by Ariko-Security
CVE-2010-2317 EXPLOITDB text VERIFIED
WmsCms < 2.0 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in WmsCms 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search, (2) sbr, (3) pid, (4) sbl, and (5) FilePath parameters to default.asp; and the (6) sbr, (7) pr, and (8) psPrice parameters to printpage.asp.
by Ariko-Security
EIP-2026-113245 EXPLOITDB text VERIFIED
WebBiblio Subject Gateway System - Local File Inclusion
by AntiSecurity
CVE-2010-5044 EXPLOITDB text
Joomla! com_searchlog 3.1.0 - SQL Injection
SQL injection vulnerability in models/log.php in the Search Log (com_searchlog) component 3.1.0 for Joomla! allows remote authenticated users, with Public Back-end privileges, to execute arbitrary SQL commands via the search parameter in a log action to administrator/index.php. NOTE: some of these details are obtained from third party information.
by XroGuE
EIP-2026-111812 EXPLOITDB text
RTRandomImage - Remote File Inclusion
by Sn!pEr.S!Te Hacker
EIP-2026-111767 EXPLOITDB text VERIFIED
ReVou Twitter Clone 2.0 Beta - SQL Injection / Cross-Site Scripting
by Sid3^effects
EIP-2026-110685 EXPLOITDB text VERIFIED
PHP Director 0.2 - SQL Injection
by Mr.Rat
EIP-2026-110661 EXPLOITDB text VERIFIED
PHP Car Rental Complete System 1.2 - SQL Injection
by Sid3^effects
CVE-2010-5044 EXPLOITDB text
Joomla! com_searchlog 3.1.0 - SQL Injection
SQL injection vulnerability in models/log.php in the Search Log (com_searchlog) component 3.1.0 for Joomla! allows remote authenticated users, with Public Back-end privileges, to execute arbitrary SQL commands via the search parameter in a log action to administrator/index.php. NOTE: some of these details are obtained from third party information.
by d0lc3
CVE-2010-5043 EXPLOITDB text VERIFIED
DJ-ArtGallery 0.9.1 - SQL Injection
SQL injection vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the cid[] parameter in an editItem action to administrator/index.php.
by d0lc3
EIP-2026-108266 EXPLOITDB text
Joomla! Component com_annonces - Arbitrary File Upload
by Sid3^effects
EIP-2026-108089 EXPLOITDB text VERIFIED
JForum 2.1.8 - 'Username' Cross-Site Scripting
by Adam Baldwin
CVE-2010-5036 EXPLOITDB text VERIFIED
iScripts eSwap 2.0 - SQL Injection via addsale.php type Parameter
SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter.
by Sid3^effects
CVE-2010-5034 EXPLOITDB text
iScripts EasyBiller 1.1 - SQL Injection
SQL injection vulnerability in viewhistorydetail.php in iScripts EasyBiller 1.1 allows remote attackers to execute arbitrary SQL commands via the planid parameter.
by Sid3^effects
CVE-2010-2319 EXPLOITDB text
IDevSpot TextAds 2.08 - SQL Injection via Page Parameter
SQL injection vulnerability in index.php in IDevSpot TextAds 2.08 allows remote attackers to execute arbitrary SQL commands via the page parameter.
by Sid3^effects
EIP-2026-107495 EXPLOITDB text
greeting card - Arbitrary File Upload
by Mr.Benladen
EIP-2026-106395 EXPLOITDB text
DDLCMS 2.1 - 'skin' Remote File Inclusion
by eidelweiss
CVE-2010-5025 EXPLOITDB text VERIFIED
CuteSITE CMS 1.2.3 and 1.5.0 - Cross-Site Scripting via fld_path Parameter
Cross-site scripting (XSS) vulnerability in manage/main.php in CuteSITE CMS 1.2.3 and 1.5.0 allows remote attackers to inject arbitrary web script or HTML via the fld_path parameter. NOTE: some of these details are obtained from third party information.
by High-Tech Bridge SA
CVE-2010-5024 EXPLOITDB text VERIFIED
CuteSITE CMS <1.5.0 - SQL Injection
SQL injection vulnerability in manage/add_user.php in CuteSITE CMS 1.2.3 and 1.5.0 allows remote authenticated users, with Read privileges, to execute arbitrary SQL commands via the user_id parameter. NOTE: some of these details are obtained from third party information.
by High-Tech Bridge SA
EIP-2026-102487 EXPLOITDB text VERIFIED
JForum 2.1.8 - 'bookmarks' Module Multiple HTML Injection Vulnerabilities
by Adam Baldwin
EIP-2026-113788 EXPLOITDB text VERIFIED
WordPress Plugin Gigya Socialize 1.0/1.1.x - Cross-Site Scripting
by MustLive
EIP-2026-116124 EXPLOITDB text VERIFIED
QtWeb 3.3 - Remote Crash (Denial of Service)
by PoisonCode