Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2006-3271 EXPLOITDB text VERIFIED
Softbiz Dating 1.0 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the (1) country and (2) sort_by parameters in (a) search_results.php; (3) browse parameter in (b) featured_photos.php; (4) cid parameter in (c) products.php, (d) index.php, and (e) news_desc.php.
by 41.w4r10r
EIP-2026-111331 EXPLOITDB text VERIFIED
Pligg CMS 1.0.4 - 'story.php' SQL Injection
by Don Tukulesto
CVE-2010-1701 EXPLOITDB text VERIFIED
PHP Video Battle Script - SQL Injection via browse.html cat Parameter
SQL injection vulnerability in browse.html in PHP Video Battle Script allows remote attackers to execute arbitrary SQL commands via the cat parameter.
by v3n0m
CVE-2010-1705 EXPLOITDB text VERIFIED
Modelbook - SQL Injection via casting_view.php adnum Parameter
SQL injection vulnerability in casting_view.php in Modelbook allows remote attackers to execute arbitrary SQL commands via the adnum parameter.
by v3n0m
EIP-2026-108898 EXPLOITDB text VERIFIED
Joomla! Component Wap4Joomla! - 'wapmain.php' SQL Injection
by Manas58
EIP-2026-108394 EXPLOITDB text VERIFIED
Joomla! Component com_jesectionfinder - Arbitrary File Upload
by Sid3^effects
EIP-2026-107378 EXPLOITDB text VERIFIED
GeneShop 5.1.1 - SQL Injection
by 41.w4r10r
EIP-2026-103844 EXPLOITDB text VERIFIED
Apache ActiveMQ 5.3 - 'admin/queueBrowse' Cross-Site Scripting
by arun kethipelly
CVE-2010-1661 EXPLOITDB text
PHP-Quick-Arcade 3.0.21 - SQL Injection via phpqa_user_c or id Parameter
Multiple SQL injection vulnerabilities in PHP-Quick-Arcade (PHPQA) 3.0.21 allow remote attackers to execute arbitrary SQL commands via the (1) phpqa_user_c parameter to Arcade.php and the (2) id parameter to acpmoderate.php.
by ITSecTeam
EIP-2026-118984 EXPLOITDB text VERIFIED
OneHTTPD 0.6 - Directory Traversal
by John Leitch
EIP-2026-112239 EXPLOITDB text VERIFIED
SmartBlog 1.3 - SQL Injection / Cross-Site Scripting
by indoushka
EIP-2026-111671 EXPLOITDB text VERIFIED
Ramaas Software CMS - SQL Injection
by 41.w4r10r
EIP-2026-111513 EXPLOITDB text VERIFIED
ProArcadeScript - 'search.php' Cross-Site Scripting
by Sid3^effects
CVE-2010-1662 EXPLOITDB text
PHP-Quick-Arcade 3.0.21 - Cross-Site Scripting via serv Parameter
Cross-site scripting (XSS) vulnerability in acpmoderate.php in PHP-Quick-Arcade (PHPQA) 3.0.21 allows remote attackers to inject arbitrary web script or HTML via the serv parameter.
by ITSecTeam
CVE-2010-1659 EXPLOITDB text VERIFIED
com_ultimateportfolio 1.0 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the Ultimate Portfolio (com_ultimateportfolio) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
by AntiSecurity
CVE-2010-1657 EXPLOITDB text VERIFIED
com_smartsite 1.0.0 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the SmartSite (com_smartsite) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
by AntiSecurity
CVE-2010-1658 EXPLOITDB text VERIFIED
Code-Garage NoticeBoard 1.3 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the Code-Garage NoticeBoard (com_noticeboard) component 1.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
by AntiSecurity
CVE-2010-1653 EXPLOITDB text
Graphics (com_graphics) 1.0.6 and 1.5.0 - Path Traversal via Controller Parameter
Directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
by wishnusakti + inc0mp13te
CVE-2010-1654 EXPLOITDB text VERIFIED
Infocus Real Estate Enterprise Edition - SQL Injection via Username or Password Parameter
Multiple SQL injection vulnerabilities in system_member_login.php in Infocus Real Estate Enterprise Edition allow remote attackers to execute arbitrary SQL commands via the (1) username (aka login) and (2) password parameters. NOTE: some of these details are obtained from third party information.
by Sid3^effects
EIP-2026-107699 EXPLOITDB text VERIFIED
i-Net Online Community - Cross-Site Scripting / Authentication Bypass
by Sid3^effects
CVE-2010-1652 EXPLOITDB text VERIFIED
HelpCenterLive 2.0.6 and 2.1.7 - Path Traversal via File Parameter
Directory traversal vulnerability in the HelpCenter module in Help Center Live (HCL) 2.0.6 and 2.1.7 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the file parameter to module.php. NOTE: some of these details are obtained from third party information.
by 41.w4r10r
CVE-2010-1708 EXPLOITDB text VERIFIED
Free Realty - SQL Injection via Agent Login or Password Parameter
Multiple SQL injection vulnerabilities in agentadmin.php in Free Realty allow remote attackers to execute arbitrary SQL commands via the (1) login field (aka agentname parameter) or (2) password field (aka agentpassword parameter).
by Sid3^effects
CVE-2010-1660 EXPLOITDB text VERIFIED
CLScript Classifieds Script - SQL Injection via help-details.php hpId Parameter
SQL injection vulnerability in help-details.php in CLScript Classifieds Script allows remote attackers to execute arbitrary SQL commands via the hpId parameter.
by 41.w4r10
EIP-2026-105611 EXPLOITDB text VERIFIED
Boutique SudBox 1.2 - Cross-Site Request Forgery (Changer Login et Mot de Passe)
by indoushka
CVE-2010-1706 EXPLOITDB text VERIFIED
2daybiz Auction Script - SQL Injection via Login Username Parameter
Multiple SQL injection vulnerabilities in login.php in 2daybiz Auction Script allow remote attackers to execute arbitrary SQL commands via (1) the login field (aka the username parameter), and possibly (2) the password field, to index.php. NOTE: some of these details are obtained from third party information.
by Sid3^effects