Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-114388 EXPLOITDB text VERIFIED
wsCMS - 'news.php' Cross-Site Scripting
by cyberlog
CVE-2010-2146 EXPLOITDB text VERIFIED
Visitor Logger - Remote Code Execution via VL_include_path Parameter
PHP remote file inclusion vulnerability in banned.php in Visitor Logger allows remote attackers to execute arbitrary PHP code via a URL in the VL_include_path parameter.
by bd0rk
EIP-2026-111648 EXPLOITDB text
QuickTalk 1.2 - Source Code Disclosure
by indoushka
EIP-2026-110551 EXPLOITDB text VERIFIED
Persian E107 - Cross-Site Scripting
by indoushka
EIP-2026-109650 EXPLOITDB text VERIFIED
MusicBox - SQL Injection
by titanichacker
CVE-2009-4599 EXPLOITDB text
JS Jobs (com_jsjobs) 1.0.5.6 - SQL Injection via md or oi Parameter
Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) component 1.0.5.6 for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the md parameter in an employer view_company action to index.php or (2) the oi parameter in an employer view_job action to index.php.
by d0lc3
EIP-2026-108355 EXPLOITDB text VERIFIED
Joomla! Component com_g2bridge - Local File Inclusion
by akatsuchi
EIP-2026-106653 EXPLOITDB text VERIFIED
e107 0.7.21 full - Remote File Inclusion / Cross-Site Scripting
by indoushka
CVE-2010-2159 EXPLOITDB text VERIFIED
Dameng DM Database Server - Remote Code Execution via SP_DEL_BAK_EXPIRED Procedure
Dameng DM Database Server allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors related to the SP_DEL_BAK_EXPIRED procedure in wdm_dll.dll, which triggers memory corruption.
by Shennan Wang HuaweiSymantec SRT
EIP-2026-100474 EXPLOITDB text VERIFIED
Patient folder (THEME ASP) - SQL Injection
by SA H4x0r
EIP-2026-118609 EXPLOITDB text
GoAheaad WebServer - Source Code Disclosure
by Sil3nt_Dre4m
CVE-2010-2144 EXPLOITDB text VERIFIED
Zeeways eBay Clone Auction Script - Stored Cross-Site Scripting via signinform.php msg Parameter
Cross-site scripting (XSS) vulnerability in signinform.php in Zeeways eBay Clone Auction Script allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: some of these details are obtained from third party information.
by XroGuE
CVE-2010-2143 EXPLOITDB text VERIFIED
Symphony CMS 2.0.7 - Path Traversal via Mode Parameter
Directory traversal vulnerability in index.php in Symphony CMS 2.0.7 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the mode parameter.
by AntiSecurity
EIP-2026-111570 EXPLOITDB text VERIFIED
PTC Site's - Remote Code Execution / Cross-Site Scripting
by CrazyMember
EIP-2026-110385 EXPLOITDB text VERIFIED
osCommerce Online Merchant 2.2 - File Disclosure / Authentication Bypass
by Flyff666
EIP-2026-110384 EXPLOITDB text
osCommerce Online Merchant 2.2 - Arbitrary File Upload
by MasterGipy
EIP-2026-108504 EXPLOITDB text
Joomla! Component com_quran - SQL Injection
by r3m1ck
EIP-2026-107469 EXPLOITDB text VERIFIED
GR Board 1.8.6 - 'page.php' Remote File Inclusion
by eidelweiss
EIP-2026-106236 EXPLOITDB text VERIFIED
Creato Script - SQL Injection
by Mr.P3rfekT
CVE-2010-2154 EXPLOITDB text VERIFIED
CMScout 2.09 - Cross-Site Scripting via Search Parameter
Cross-site scripting (XSS) vulnerability in the Search Site in CMScout 2.09, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: some of these details are obtained from third party information.
by XroGuE
EIP-2026-104006 EXPLOITDB text
Nginx 0.6.36 - Directory Traversal
by cp77fk4r
CVE-2010-5040 EXPLOITDB text VERIFIED
NP_Gallery plugin 0.94 - Remote Code Execution via DIR_NUCLEUS Parameter
PHP remote file inclusion vulnerability in nucleus/plugins/NP_gallery.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary PHP code via a URL in the DIR_NUCLEUS parameter. NOTE: some of these details are obtained from third party information.
by AntiSecurity
CVE-2010-5033 EXPLOITDB text VERIFIED
Fusebox 5.5.1 - SQL Injection via CatDisplay Parameter
SQL injection vulnerability in ProductList.cfm in Fusebox 5.5.1 allows remote attackers to execute arbitrary SQL commands via the CatDisplay parameter.
by Shamus
EIP-2026-113323 EXPLOITDB text VERIFIED
Webiz 2004 - Local File Upload
by kannibal615
EIP-2026-113322 EXPLOITDB text
Webiz - SQL Injection
by kannibal615