Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-1939 EXPLOITDB text VERIFIED
Apple Safari 4.0.5 - Use-After-Free via Popup Window Close Method
Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a deleted window object.
by Alexey Sintsov
CVE-2010-2050 EXPLOITDB text VERIFIED
com_mscomment 0.8.0b - Path Traversal via Controller Parameter
Directory traversal vulnerability in the Moron Solutions MS Comment (com_mscomment) component 0.8.0b for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
by Xr0b0t
EIP-2026-108296 EXPLOITDB text VERIFIED
Joomla! Component com_camp - SQL Injection
by Kernel Security Group
EIP-2026-106090 EXPLOITDB text VERIFIED
CompactCMS 1.4.0 - 'tiny_mce' Arbitrary File Upload
by ITSecTeam
EIP-2026-105085 EXPLOITDB text VERIFIED
Alibaba Clone Platinum - 'about_us.php' SQL Injection
by CoBRa_21
EIP-2026-115864 EXPLOITDB text VERIFIED
Mozilla Firefox 3.6.3 / Safari 4.0.5 - Access Violation Exception and Unknown Exception
by Fredrik Nordberg Almroth
CVE-2010-5047 EXPLOITDB text
V-EVA Press Release Script - SQL Injection
SQL injection vulnerability in page.php in V-EVA Press Release Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
by R3d-D3V!L
EIP-2026-111321 EXPLOITDB text VERIFIED
Planet Script 1.x - 'idomains.php' Cross-Site Scripting
by Mr.ThieF
EIP-2026-109154 EXPLOITDB text
Link Bid Script - 'links.php' SQL Injection
by R3d-D3V!L
CVE-2010-2128 EXPLOITDB text VERIFIED
JE Quotation Form (com_jequoteform) 1.0b1 - Path Traversal via View Parameter
Directory traversal vulnerability in the JE Quotation Form (com_jequoteform) component 1.0b1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php.
by ALTBTA
CVE-2010-5028 EXPLOITDB text VERIFIED
Joomla! com_jejob 1.0 - SQL Injection
SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.
by Valentin
CVE-2010-2129 EXPLOITDB text VERIFIED
Harmistechnology Com Jeajaxeventcalendar - Path Traversal
Directory traversal vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.1 and 1.0.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. NOTE: some of these details are obtained from third party information.
by Valentin
EIP-2026-107570 EXPLOITDB text VERIFIED
Heaven Soft CMS 4.7 - SQL Injection
by PrinceofHacking
EIP-2026-107569 EXPLOITDB text
Heaven Soft CMS 4.7 - 'photogallery_open.php' SQL Injection
by CoBRa_21
EIP-2026-105084 EXPLOITDB text VERIFIED
Alibaba Clone Platinum - '/buyer/index.php' SQL Injection
by GuN
CVE-2010-2094 EXPLOITDB text VERIFIED
PHP 5.3 - Format String Vulnerability in phar Extension
Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the (1) phar_stream_flush, (2) phar_wrapper_unlink, (3) phar_parse_url, or (4) phar_wrapper_open_url functions in ext/phar/stream.c; and the (5) phar_wrapper_open_dir function in ext/phar/dirstream.c, which triggers errors in the php_stream_wrapper_log_error function.
by Stefan Esser
CVE-2010-1143 EXPLOITDB text VERIFIED
VMware View Manager 3.1.x - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in VMware View (formerly Virtual Desktop Manager or VDM) 3.1.x before 3.1.3 build 252693 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by Alexey Sintsov
EIP-2026-100542 EXPLOITDB text VERIFIED
SelfComposer CMS - SQL Injection
by Locu
EIP-2026-118600 EXPLOITDB text VERIFIED
GameCore 2.5 - 'GameID' Integer Overflow
by Luigi Auriemma
EIP-2026-109973 EXPLOITDB text VERIFIED
NPDS REvolution 10.02 - 'topic' Cross-Site Scripting
by High-Tech Bridge SA
EIP-2026-109972 EXPLOITDB text VERIFIED
NPDS REvolution 10.02 - 'download.php' SQL Injection
by High-Tech Bridge SA
CVE-2010-2044 EXPLOITDB text VERIFIED
com_konsultasi 1.0.0 - SQL Injection via sid Parameter
SQL injection vulnerability in the Konsultasi (com_konsultasi) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the sid parameter in a detail action to index.php.
by c4uR
CVE-2010-2045 EXPLOITDB text VERIFIED
Dionesoft Com Dioneformwizard - Path Traversal
Directory traversal vulnerability in the Dione Form Wizard (aka FDione or com_dioneformwizard) component 1.0.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
by Chip d3 bi0s
EIP-2026-108529 EXPLOITDB text VERIFIED
Joomla! Component com_sebercart - 'getPic.php' Local File Disclosure
by AntiSecurity
EIP-2026-108191 EXPLOITDB text
Joomla! Component aardvertiser 2.0 - Local File Inclusion
by eidelweiss