Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-101307 EXPLOITDB text VERIFIED
Huawei EchoLife HG520 3.10.18.5-1.0.5.0 - Remote Information Disclosure
by hkm
CVE-2010-0356 EXPLOITDB text VERIFIED
Viscom Software Movie Player Pro SDK ActiveX 6.8 - Stack-Based Buffer Overflow via DrawText strFontName Parameter
Stack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 ActiveX control in MoviePlayer.ocx 6.8.0.0 in Viscom Software Movie Player Pro SDK ActiveX 6.8 allows remote attackers to execute arbitrary code via a long strFontName parameter to the DrawText method.
by shinnai
CVE-2010-1712 EXPLOITDB text VERIFIED
Webmobo WB News 2.3.3 - Cross-Site Scripting via Name and Message Parameters
Multiple cross-site scripting (XSS) vulnerabilities in base/Comments.php in Webmobo WB News 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and possibly (2) message parameters. NOTE: some of these details are obtained from third party information.
by ITSecTeam
EIP-2026-112941 EXPLOITDB text VERIFIED
v2marketplacescript Upload_images Script (-7777) - Arbitrary File Upload
by cyberlog
EIP-2026-109129 EXPLOITDB text VERIFIED
LightNEasy 3.1.x - Multiple Vulnerabilities
by ITSecTeam
CVE-2010-1607 EXPLOITDB text VERIFIED
com_wmi 1.5.0 - Path Traversal via Controller Parameter
Directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi) component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
by wishnusakti + inc0mp13te
CVE-2010-1878 EXPLOITDB text VERIFIED
com_orgchart 1.0.0 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the OrgChart (com_orgchart) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
by AntiSecurity
CVE-2010-1491 EXPLOITDB text VERIFIED
MMS Blog (com_mmsblog) 2.3.0 - Path Traversal
Directory traversal vulnerability in the MMS Blog (com_mmsblog) component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
by AntiSecurity
EIP-2026-108490 EXPLOITDB text
Joomla! Component com_portfolio - Local File Disclosure
by Mr.tro0oqy
EIP-2026-106666 EXPLOITDB text VERIFIED
e107 CMS 0.7.19 - Cross-Site Request Forgery
by High-Tech Bridge SA
EIP-2026-106658 EXPLOITDB text VERIFIED
e107 0.7.x - '/e107_admin/banner.php' SQL Injection
by High-Tech Bridge SA
EIP-2026-106376 EXPLOITDB text VERIFIED
DBSite wb CMS - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
by The_Exploited
CVE-2010-0432 EXPLOITDB text VERIFIED
Apache OFBiz < 09.04 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
by Lucas Apa
CVE-2010-1486 EXPLOITDB text VERIFIED
CactuShop < 6.155 - Stored Cross-Site Scripting via Billing or Shipping Address
Multiple cross-site scripting (XSS) vulnerabilities in _invoice.asp in CactuShop before 6.155 allow remote attackers to inject arbitrary web script or HTML via the (1) billing address or (2) shipping address.
by 7Safe
CVE-2010-1949 EXPLOITDB text VERIFIED
com_jnewspaper 1.0 - SQL Injection via cid Parameter
SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php. NOTE: some of these details are obtained from third party information.
by Don Tukulesto
CVE-2010-1946 EXPLOITDB text VERIFIED
openMairie Openregistrecil 1.02 - Remote Code Execution via path_om Parameter
Multiple PHP remote file inclusion vulnerabilities in openMairie Openregistrecil 1.02, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) autorisation_normale.class.php, (2) collectivite.class.php, (3) dossier.class.php, (4) norme_simplifiee.class.php, (5) registre.class.php, (6) autorisation_unique.class.php, (7) demande_avis.class.php, (8) droit.class.php, (9) organisme.class.php, (10) service.class.php, (11) categorie_donnee.class.php, (12) destinataire.class.php, (13) profil.class.php, (14) tabdyn_visu.class.php, (15) categorie_personne.class.php, (16) dispense.class.php, (17) modificatif.class.php, (18) reference.class.php, and (19) utilisateur.class.php in obj/.
by cr4wl3r
EIP-2026-118931 EXPLOITDB text VERIFIED
Multi-Threaded HTTP Server 1.1 - Source Disclosure
by Dr_IDE
EIP-2026-118930 EXPLOITDB text VERIFIED
Multi-Threaded HTTP Server 1.1 - Directory Traversal (2)
by Dr_IDE
CVE-2009-4535 EXPLOITDB text VERIFIED
Mongoose < 2.8.0 - Unauthenticated Source Code Exposure via URI Trailing Slash
Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending a / (slash) character to the URI.
by Dr_IDE
EIP-2026-118226 EXPLOITDB text VERIFIED
Acritum Femitter 1.03 - Directory Traversal
by Dr_IDE
EIP-2026-113023 EXPLOITDB text VERIFIED
vBulletin Two-Step External Link Module - 'externalredirect.php' Cross-Site Scripting
by Edgard Chammas
CVE-2010-1947 EXPLOITDB text VERIFIED
openMairie Openregistrecil 1.02 - Remote File Inclusion via Directory Traversal in soustab.php
Directory traversal vulnerability in scr/soustab.php in openMairie Openregistrecil 1.02, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter. NOTE: this may be related to CVE-2007-2069.
by cr4wl3r
CVE-2010-1950 EXPLOITDB text VERIFIED
com_jnewspaper 1.0 - SQL Injection via date_info Parameter
SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the date_info parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Don Tukulesto
CVE-2010-1877 EXPLOITDB text VERIFIED
JTM Reseller (com_jtm) 1.9 Beta - SQL Injection via Author Parameter
SQL injection vulnerability in the JTM Reseller (com_jtm) component 1.9 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the author parameter in a search action to index.php.
by kaMtiEz
EIP-2026-103995 EXPLOITDB text VERIFIED
Multi-Threaded HTTP Server 1.1 - Directory Traversal (1)
by chr1x