Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-1152 EXPLOITDB text VERIFIED
memcached < 1.4.3 - Denial of Service via Long Line Input
memcached.c in memcached before 1.4.3 allows remote attackers to cause a denial of service (daemon hang or crash) via a long line that triggers excessive memory allocation. NOTE: some of these details are obtained from third party information.
by fallenpegasus
CVE-2010-1437 EXPLOITDB HIGH text VERIFIED
Linux Kernel < 2.6.34 - Race Condition in Keyring Deletion
Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via keyctl session commands that trigger access to a dead keyring that is undergoing deletion by the key_cleanup function.
by Toshiyuki Okajima
CVSS 7.0
EIP-2026-100090 EXPLOITDB text VERIFIED
Acart 2.0 Shopping Cart - Software Backup Dump
by indoushka
CVE-2010-1703 EXPLOITDB text VERIFIED
2daybiz Polls Script - Cross-Site Scripting via Category Parameter or Search Field
Multiple cross-site scripting (XSS) vulnerabilities in index_search.php in 2daybiz Polls (aka Advanced Poll) Script allow remote attackers to inject arbitrary web script or HTML via the (1) category parameter or (2) search field.
by Sid3^effects
CVE-2010-1926 EXPLOITDB text
openMairie openCourrier 2.02 and 2.03 beta - Remote File Inclusion via dsn[phptype] Parameter
Directory traversal vulnerability in scr/soustab.php in openMairie openCourrier 2.02 and 2.03 beta, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069. NOTE: some of these details are obtained from third party information.
by cr4wl3r
CVE-2010-1364 EXPLOITDB text
Uiga Personal Portal - SQL Injection
SQL injection vulnerability in index.php in Uiga Personal Portal, as downloaded on 20100301, allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action. NOTE: some of these details are obtained from third party information.
by 41.w4r10r
CVE-2010-1713 EXPLOITDB text VERIFIED
PostNuke 0.764 - SQL Injection via News Article modload sid Parameter
SQL injection vulnerability in modules.php in PostNuke 0.764 allows remote attackers to execute arbitrary SQL commands via the sid parameter in a News article modload action.
by BILGE_KAGAN
CVE-2010-1927 EXPLOITDB text
openMairie openCourrier 2.02-2.03 beta - Remote Code Execution via path_om Parameter
Multiple PHP remote file inclusion vulnerabilities in openMairie openCourrier 2.02 and 2.03 beta, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) bible.class.php, (2) dossier.class.php, (3) service.class.php, (4) collectivite.class.php, (5) droit.class.php, (6) tache.class.php, (7) emetteur.class.php, (8) utilisateur.class.php, (9) courrier.recherche.tab.class.php, and (10) profil.class.php in obj/. NOTE: some of these details are obtained from third party information.
by cr4wl3r
CVE-2010-1936 EXPLOITDB text VERIFIED
openMairie openComInterne 1.01 - Path Traversal via dsn[phptype] Parameter
Directory traversal vulnerability in scr/soustab.php in openMairie openComInterne 1.01, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.
by cr4wl3r
CVE-2009-4822 EXPLOITDB text
Kasseler CMS 1.3.4 - Cross-Site Scripting via do id or uname Parameters
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kasseler CMS 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) do, (2) id, and (3) uname parameters.
by indoushka
EIP-2026-108972 EXPLOITDB text VERIFIED
Kasseler CMS 2.0.5 - 'index.php' Cross-Site Scripting
by indoushka
CVE-2008-2633 EXPLOITDB text VERIFIED
Joomla com_joomradio 1.0 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in the EXP JoomRadio (com_joomradio) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) show_radio or (2) show_video action to index.php.
by Mr.tro0oqy
EIP-2026-106811 EXPLOITDB text VERIFIED
Ektron CMS400.NET 7.5.2 - Multiple Vulnerabilities
by Richard Moore
CVE-2010-5059 EXPLOITDB text VERIFIED
CMScout 2.0.8 - SQL Injection via Album Parameter
SQL injection vulnerability in index.php in CMScout 2.0.8 allows remote attackers to execute arbitrary SQL commands via the album parameter in a photos action.
by Dr.0rYX & Cr3W-DZ
CVE-2010-1704 EXPLOITDB text VERIFIED
2daybiz Polls Script - SQL Injection via Login Parameters
Multiple SQL injection vulnerabilities in 2daybiz Polls (aka Advanced Poll) Script allow remote attackers to execute arbitrary SQL commands via (1) the password field to login.php, (2) the login field (aka email parameter) to login.php, (3) the password field (aka pass parameter) to the default URI under admin/, and possibly (4) the login field to the default URI under admin/. NOTE: some of these details are obtained from third party information.
by Sid3^effects
EIP-2026-111450 EXPLOITDB text
Powered by iNetScripts - Arbitrary File Upload
by Sec-q8
EIP-2026-110667 EXPLOITDB text VERIFIED
PHP Classifieds 6.09 - E-mail Dump
by indoushka
EIP-2026-105967 EXPLOITDB text VERIFIED
CMS Firebrand Tec - Local File Inclusion
by R3VAN_BASTARD
EIP-2026-105927 EXPLOITDB text VERIFIED
clipak - Arbitrary File Upload
by indoushka
CVE-2010-1586 EXPLOITDB text VERIFIED
HP System Management Homepage 2.x.x.x - Open Redirect via RedirectUrl Parameter
Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter.
by Aung Khant
CVE-2006-0888 EXPLOITDB text
Invision Power Board 2.0.1 - Denial of Service via User Registration
index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation disabled, allows remote attackers to cause an unspecified denial of service by registering a large number of users.
by SeeMe
CVE-2010-1945 EXPLOITDB text VERIFIED
openMairie Openfoncier 2.00 - Remote File Inclusion via path_om Parameter
Multiple PHP remote file inclusion vulnerabilities in openMairie Openfoncier 2.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) action.class.php, (2) architecte.class.php, (3) avis.class.php, (4) bible.class.php, and (5) blocnote.class.php in obj/.
by cr4wl3r
CVE-2010-1928 EXPLOITDB text VERIFIED
openMairie openPlanning 1.00 - Remote File Inclusion via soustab.php dsn[phptype] Parameter
Directory traversal vulnerability in scr/soustab.php in openMairie openPlanning 1.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.
by cr4wl3r
CVE-2010-1604 EXPLOITDB text VERIFIED
NCT Jobs Portal Script - SQL Injection via admin_login.php User and Passwd Parameters
Multiple SQL injection vulnerabilities in admin_login.php in NCT Jobs Portal Script allow remote attackers to execute arbitrary SQL commands via the (1) user parameter (aka login field) and (2) passwd parameter (aka password field). NOTE: some of these details are obtained from third party information.
by Sid3^effects
CVE-2010-1702 EXPLOITDB text
WHMCS 4.2 - SQL Injection via submitticket.php deptid Parameter
SQL injection vulnerability in submitticket.php in WHMCompleteSolution (WHMCS) 4.2 allows remote attackers to execute arbitrary SQL commands via the deptid parameter.
by Islam DefenDers