Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-112005 EXPLOITDB text VERIFIED
Sethi Family Guestbook 3.1.8 - Cross-Site Scripting
by Valentin
EIP-2026-111449 EXPLOITDB text VERIFIED
PowerEasy 2006 - 'ComeUrl' Cross-Site Scripting
by Liscker
CVE-2010-1935 EXPLOITDB text VERIFIED
openMairie Openpresse 1.01 - Path Traversal via dsn[phptype] Parameter
Directory traversal vulnerability in scr/soustab.php in openMairie Openpresse 1.01, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.
by cr4wl3r
CVE-2010-1934 EXPLOITDB text VERIFIED
openMairie openPlanning 1.00 - Remote Code Execution via path_om Parameter
Multiple PHP remote file inclusion vulnerabilities in openMairie openPlanning 1.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) categorie.class.php, (2) profil.class.php, (3) collectivite.class.php, (4) ressource.class.php, (5) droit.class.php, (6) utilisateur.class.php, and (7) planning.class.php in obj/.
by cr4wl3r
CVE-2010-1948 EXPLOITDB text VERIFIED
openMairie Openfoncier 2.00 - Remote File Inclusion via soustab.php dsn[phptype] Parameter
Directory traversal vulnerability in scr/soustab.php in openMairie Openfoncier 2.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.
by cr4wl3r
CVE-2010-1606 EXPLOITDB text VERIFIED
NCT Jobs Portal Script - Cross-Site Scripting via Search Keywords Tags or Desired City Field
Multiple cross-site scripting (XSS) vulnerabilities in NCT Jobs Portal Script allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) Keywords, (3) Tags, or (4) Desired City field.
by Sid3^effects
CVE-2007-2826 EXPLOITDB text
Madirish Webmail 2.0 - Remote Code Execution via GLOBALS[basedir] Parameter
PHP remote file inclusion vulnerability in lib/addressbook.php in Madirish Webmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter.
by eidelweiss
EIP-2026-107323 EXPLOITDB text
G5 Scripts Guestbook PHP 1.2.8 - Cross-Site Scripting
by Valentin
CVE-2007-4085 EXPLOITDB text VERIFIED
AlstraSoft AskMe Pro - SQL Injection
Multiple SQL injection vulnerabilities in AlstraSoft AskMe Pro allow remote attackers to execute arbitrary SQL commands via the (1) que_id parameter to forum_answer.php or (2) the cat_id parameter to search.php.
by v3n0m
EIP-2026-109414 EXPLOITDB text VERIFIED
Memorial Web Site Script - Reset Password / Insecure Cookie Handling
by Chip d3 bi0s
EIP-2026-109413 EXPLOITDB text VERIFIED
Memorial Web Site Script - Multiple Arbitrary Delete Vulnerabilities
by Chip d3 bi0s
EIP-2026-109412 EXPLOITDB text VERIFIED
memorial Web site script - 'id' SQL Injection
by v3n0m
EIP-2026-109063 EXPLOITDB text VERIFIED
lanewsfactory - Multiple Vulnerabilities
by Salvatore Fresta
EIP-2026-107820 EXPLOITDB text VERIFIED
In-portal 5.0.3 - Arbitrary File Upload
by eidelweiss
EIP-2026-106897 EXPLOITDB text VERIFIED
EPay Enterprise 4.13 - 'cid' SQL Injection
by v3n0m
EIP-2026-115210 EXPLOITDB text VERIFIED
EDraw Flowchart ActiveX Control 2.3 - 'EDImage.ocx' Remote Denial of Service (IE)
by LiquidWorm
CVE-2008-6848 EXPLOITDB text VERIFIED
phpGreetCards 3.7 - Cross-Site Scripting via Category Parameter
Cross-site scripting (XSS) vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to inject arbitrary web script or HTML via the category parameter in a select action.
by Valentin
CVE-2010-1872 EXPLOITDB text VERIFIED
FlashCard 2.6.5 and 3.0.1 - Cross-Site Scripting via id Parameter
Cross-site scripting (XSS) vulnerability in cPlayer.php in FlashCard 2.6.5 and 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: some of these details are obtained from third party information.
by Valentin
CVE-2009-2439 EXPLOITDB text
Web Development House Alibaba Clone - SQL Injection
Multiple SQL injection vulnerabilities in Web Development House Alibaba Clone allow remote attackers to execute arbitrary SQL commands via the (1) IndustryID parameter to category.php and the (2) SellerID parameter to supplier/view_contact_details.php. NOTE: this is a product that was developed by a third party; it is not associated with alibaba.com or the Alibaba Group.
by spykit
CVE-2010-1431 EXPLOITDB text VERIFIED
Cacti < 0.8.7e - SQL Injection via Export Item ID Parameter
SQL injection vulnerability in templates_export.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the export_item_id parameter.
by Nahuel Grisolia
EIP-2026-105682 EXPLOITDB text VERIFIED
Cacti 0.8.7e - OS Command Injection
by Nahuel Grisolia
CVE-2010-1876 EXPLOITDB text VERIFIED
AJ Shopping Cart 1.0 - SQL Injection via maincatid Parameter
SQL injection vulnerability in index.php in AJ Shopping Cart 1.0 allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action.
by v3n0m
CVE-2009-2779 EXPLOITDB text VERIFIED
ajsquare aj_matrix_dna - SQL Injection via id Parameter in productdetail Action
SQL injection vulnerability in index.php in AJ Matrix DNA allows remote attackers to execute arbitrary SQL commands via the id parameter in a productdetail action.
by v3n0m
CVE-2010-1157 EXPLOITDB text VERIFIED
Apache Tomcat <6.0.26 - Info Disclosure
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
by Deniz Cevik
CVE-2010-1587 EXPLOITDB text VERIFIED
Apache ActiveMQ <5.3.2 and <5.4.0 - Info Disclosure
The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
by Veerendra G.G