Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-1737 EXPLOITDB text VERIFIED
Carlos Eduardo Sotelo Pinto 0.1.0 - Code Injection
PHP remote file inclusion vulnerability in core/includes/gfw_smarty.php in Gallo 0.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the config[gfwroot] parameter.
by cr4wl3r
EIP-2026-100702 EXPLOITDB text VERIFIED
Mango Blog 1.4.1 - '/archives.cfm/search' Cross-Site Scripting
by MustLive
CVE-2010-1920 EXPLOITDB text VERIFIED
OpenMairie openAnnuaire 2.00 - Remote File Inclusion via dsn[phptype] Parameter
Directory traversal vulnerability in scr/soustab.php in OpenMairie openAnnuaire 2.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.
by cr4wl3r
EIP-2026-118227 EXPLOITDB text VERIFIED
Acritum Femitter Server 1.03 - Multiple Vulnerabilities
by Zer0 Thunder
EIP-2026-113416 EXPLOITDB text
WHMCompleteSolution (WHMCS) Control 2 - 'announcements.php' SQL Injection
by Islam DefenDers
CVE-2010-1921 EXPLOITDB text VERIFIED
OpenMairie openAnnuaire 2.00 - Remote File Inclusion via path_om Parameter
Multiple PHP remote file inclusion vulnerabilities in OpenMairie openAnnuaire 2.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) annuaire.class.php, (2) droit.class.php, (3) collectivite.class.php, (4) profil.class.php, (5) direction.class.php, (6) service.class.php, (7) directiongenerale.class.php, and (8) utilisateur.class.php in obj/.
by cr4wl3r
EIP-2026-108332 EXPLOITDB text
Joomla! Component com_djClassifieds 0.9.1 - Arbitrary File Upload
by Sid3^effects
CVE-2010-1740 EXPLOITDB text
GuppY 4.5.18 - SQL Injection via Newsletter lng Parameter
SQL injection vulnerability in newsletter.php in GuppY 4.5.18 allows remote attackers to execute arbitrary SQL commands via the lng parameter.
by indoushka
EIP-2026-105650 EXPLOITDB text
Burning Board Lite 1.0.2 - Arbitrary File Upload
by indoushka
CVE-2010-1741 EXPLOITDB text VERIFIED
Billwerx RC 5.2.2 PL2 - SQL Injection via Primary Number Parameter
SQL injection vulnerability in request_account.php in Billwerx RC 5.2.2 PL2 allows remote attackers to execute arbitrary SQL commands via the primary_number parameter.
by indoushka
EIP-2026-100421 EXPLOITDB text
Mesut Manþet Haber 1.0 - Authentication Bypass
by LionTurk
EIP-2026-115353 EXPLOITDB text VERIFIED
Google Chrome 4.1.249.1064 - Remote Memory Corrupt
by eidelweiss
CVE-2010-1944 EXPLOITDB text VERIFIED
openMairie openCimetiere 2.01 - Remote Code Execution via path_om Parameter
Multiple PHP remote file inclusion vulnerabilities in openMairie openCimetiere 2.01, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) autorisation.class.php, (2) courrierautorisation.class.php, (3) droit.class.php, (4) profil.class.php, (5) temp_defunt_sansemplacement.class.php, (6) utils.class.php, (7) cimetiere.class.php, (8) defunt.class.php, (9) emplacement.class.php, (10) tab_emplacement.class.php, (11) temp_emplacement.class.php, (12) voie.class.php, (13) collectivite.class.php, (14) defunttransfert.class.php, (15) entreprise.class.php, (16) temp_autorisation.class.php, (17) travaux.class.php, (18) zone.class.php, (19) courrier.class.php, (20) dossier.class.php, (21) plans.class.php, (22) temp_defunt.class.php, and (23) utilisateur.class.php in obj/.
by cr4wl3r
CVE-2010-1999 EXPLOITDB text VERIFIED
OpenMairie Opencatalogue 1.024 - Path Traversal via dsn[phptype] Parameter
Directory traversal vulnerability in scr/soustab.php in OpenMairie Opencatalogue 1.024, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.
by cr4wl3r
EIP-2026-109953 EXPLOITDB text VERIFIED
NolaPro Enterprise 4.0.5538 - Cross-Site Scripting / SQL Injection
by ekse
CVE-2010-1746 EXPLOITDB text VERIFIED
com_grid - Cross-Site Scripting via data_search and rpp Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the Table JX (com_grid) component for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) data_search and (2) rpp parameters to index.php.
by Valentin
EIP-2026-108229 EXPLOITDB text VERIFIED
Joomla! Component Card View JX - Cross-Site Scripting
by Valentin
EIP-2026-105795 EXPLOITDB text VERIFIED
CF Image Hosting Script 1.1 - 'upload.php' Arbitrary File Upload
by The.Morpheus
EIP-2026-105792 EXPLOITDB text
CF Image Host 1.1 - Remote File Inclusion
by The.Morpheus
EIP-2026-100217 EXPLOITDB text VERIFIED
Comersus 8 Shopping Cart - SQL Injection / Cross-Site Request Forgery
by Sid3^effects
EIP-2026-113380 EXPLOITDB text VERIFIED
Webthaiapp - 'detail.php?cat' Blind SQL Injection
by Xelenonz
EIP-2026-111591 EXPLOITDB text VERIFIED
Puntal 2.1.0 - Remote File Inclusion
by eidelweiss
EIP-2026-109903 EXPLOITDB text
New-CMS - Multiple Vulnerabilities
by Dr. Alberto Fontanella
CVE-2010-1739 EXPLOITDB text VERIFIED
Joomla! Newsfeeds Component - SQL Injection via feedid Parameter
SQL injection vulnerability in the Newsfeeds (com_newsfeeds) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the feedid parameter in a categories action to index.php.
by Archimonde
CVE-2010-1727 EXPLOITDB text VERIFIED
JobPost 1.0 - SQL Injection via iType Parameter
SQL injection vulnerability in type.asp in JobPost 1.0 allows remote attackers to execute arbitrary SQL commands via the iType parameter. NOTE: some of these details are obtained from third party information.
by Sid3^effects