Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-1718 EXPLOITDB text VERIFIED
com_archeryscores 1.0.6 - Path Traversal via Controller Parameter
Directory traversal vulnerability in archeryscores.php in the Archery Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
by wishnusakti + inc0mp13te
EIP-2026-106753 EXPLOITDB text VERIFIED
eclime 1.1 - Bypass / Create and Download Backup
by indoushka
CVE-2010-1498 EXPLOITDB text VERIFIED
dl_stats < 2.0 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in dl_stats before 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) download.php and (2) view_file.php.
by Valentin Hoebel
EIP-2026-105071 EXPLOITDB text VERIFIED
Alegro 1.2.1 - SQL Injection
by indoushka
CVE-2006-5918 EXPLOITDB text VERIFIED
PHP Rapid Kill 5.7 Pro - Unauthenticated Arbitrary File Upload via Link to Download Field
Unrestricted file upload vulnerability in RapidKill (aka PHP Rapid Kill) 5.7 Pro, and certain other versions, allows remote attackers to upload and execute arbitrary PHP scripts via the "Link to Download" field. NOTE: it is possible that the field value is restricted to files on specific public web sites.
by DigitALL
CVE-2010-1710 EXPLOITDB text VERIFIED
Siestta 2.0 - Path Traversal via Idioma Parameter
Directory traversal vulnerability in login.php in Siestta 2.0, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the idioma parameter.
by JosS
EIP-2026-113238 EXPLOITDB text VERIFIED
WebAdmin - Arbitrary File Upload
by DigitALL
EIP-2026-112912 EXPLOITDB text VERIFIED
Uploader 0.7 - Arbitrary File Upload
by DigitALL
CVE-2010-1711 EXPLOITDB text VERIFIED
Siestta 2.0 - Cross-Site Scripting via Usuario Parameter
Cross-site scripting (XSS) vulnerability in carga_foto_al.php in Siestta 2.0, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the usuario parameter.
by JosS
CVE-2010-1496 EXPLOITDB text VERIFIED
Joomla! com_joltcard 1.2.1 - SQL Injection
SQL injection vulnerability in the JoltCard (com_joltcard) component 1.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cardID parameter in a view action to index.php.
by Valentin
EIP-2026-108471 EXPLOITDB text VERIFIED
Joomla! Component com_pandafminigames - SQL Injection
by Valentin
EIP-2026-108437 EXPLOITDB text
Joomla! Component com_manager 1.5.3 - 'id' SQL Injection
by Islam DefenDers Mr.HaMaDa
EIP-2026-107782 EXPLOITDB text VERIFIED
ilchClan 1.0.5B - SQL Injection
by Easy Laster
EIP-2026-107062 EXPLOITDB text
FCKEditor Core - 'FileManager test.html' Arbitrary File Upload (1)
by Mr.MLL
EIP-2026-104857 EXPLOITDB text VERIFIED
60 cycleCMS 2.5.2 - Cross-Site Request Forgery (Change Username and Password)
by EL-KAHINA
CVE-2010-0432 EXPLOITDB text VERIFIED
Apache OFBiz < 09.04 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
by Lucas Apa
CVE-2010-0432 EXPLOITDB text VERIFIED
Apache OFBiz < 09.04 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
by Lucas Apa
EIP-2026-101322 EXPLOITDB text VERIFIED
Iomega Home Media Network Hard Drive 2.038 < 2.061 - File-system Access
by fizix610
EIP-2026-112316 EXPLOITDB text VERIFIED
Softbiz B2B trading Marketplace Script - buyers_subcategories SQL Injection
by AnGrY BoY
CVE-2010-1721 EXPLOITDB text
com_iproperty 1.5.3 - SQL Injection via id Parameter
SQL injection vulnerability in the Intellectual Property (aka IProperty or com_iproperty) component 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an agentproperties action to index.php.
by v3n0m
CVE-2010-1951 EXPLOITDB text VERIFIED
60cyclecms - Path Traversal via DOCUMENT_ROOT Parameter
Multiple directory traversal vulnerabilities in 60cycleCMS allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the DOCUMENT_ROOT parameter to (1) news.php, (2) submitComment.php, and (3) sqlConnect.php.
by eidelweiss
EIP-2026-104032 EXPLOITDB text VERIFIED
Oracle E-Business Suite Financials 12 - 'jtfwcpnt.jsp' SQL Injection
by Joxean Koret
CVE-2010-1460 EXPLOITDB text VERIFIED
IBM Advanced Management Module < bpet50g - Denial of Service via Malformed TCP Application Data
The IBM BladeCenter with Advanced Management Module (AMM) firmware before bpet50g does not properly perform interrupt sharing for USB and iSCSI, which allows remote attackers to cause a denial of service (management module reboot) via TCP packets with malformed application data.
by Alexey Sintsov
EIP-2026-100637 EXPLOITDB text VERIFIED
Ziggurat Farsi CMS - 'id' Cross-Site Scripting
by Pouya Daneshmand
EIP-2026-100636 EXPLOITDB text VERIFIED
Ziggurat Farsi CMS - 'bck' Directory Traversal
by Pouya Daneshmand