Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-1340 EXPLOITDB text VERIFIED
J!Research (com_jresearch) - Path Traversal via Controller Parameter
Directory traversal vulnerability in jresearch.php in the J!Research (com_jresearch) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
by Chip d3 bi0s
EIP-2026-106706 EXPLOITDB text VERIFIED
Easy-Clanpage 2.0 - Blind SQL Injection
by Easy Laster
EIP-2026-106636 EXPLOITDB text VERIFIED
E-PHP CMS - SQL Injection
by Th3 RDX
EIP-2026-105963 EXPLOITDB text VERIFIED
CMS By SoftnSolv - 'index.php' SQL Injection
by Th3 RDX
CVE-2010-0167 EXPLOITDB text VERIFIED
Firefox 3.0.x-3.0.17, 3.5.x-3.5.7, 3.6.x-3.6.1 - Remote Code Execution via Memory Corruption
The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors related to (1) layout/generic/nsBlockFrame.cpp and (2) the _evaluate function in modules/plugin/base/src/nsNPAPIPlugin.cpp.
by Bob Clary
EIP-2026-119385 EXPLOITDB text VERIFIED
Joomla! Component com_gds - SQL Injection
by DevilZ TM
EIP-2026-114617 EXPLOITDB text VERIFIED
Zephyrus CMS - 'index.php' SQL Injection
by Phenom
EIP-2026-114408 EXPLOITDB text VERIFIED
Xataface - Admin Authentication Bypass
by Xinapse
EIP-2026-112861 EXPLOITDB text VERIFIED
Uiga Business Portal - 'index.php' SQL Injection
by Easy Laster
CVE-2009-2907 EXPLOITDB text VERIFIED
SpringSource tc Server < 6.0.20.B, AMS < 2.0.0.SR4, Hyperic HQ < 4.2.x - Cross-Site Scripting via Description Field
Multiple cross-site scripting (XSS) vulnerabilities in SpringSource tc Server 6.0.20.B and earlier, Application Management Suite (AMS) before 2.0.0.SR4, Hyperic HQ Open Source before 4.2.x, Hyperic HQ 4.0 Enterprise before 4.0.3.2, and Hyperic HQ 4.1 Enterprise before 4.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the description field and unspecified "input fields."
by Aaron Kulick
CVE-2010-1856 EXPLOITDB text VERIFIED
RepairShop2 1.9.023 Trial - Cross-Site Scripting via prod Parameter
Cross-site scripting (XSS) vulnerability in index.php in RepairShop2 1.9.023 Trial, when magic_quotes_gpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the prod parameter in a products.details action.
by kaMtiEz
CVE-2010-1337 EXPLOITDB text VERIFIED
Lussumo Vanilla < 1.1.10 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in definitions.php in Lussumo Vanilla 1.1.10, and possibly 0.9.2 and other versions, allow remote attackers to execute arbitrary PHP code via a URL in the (1) include and (2) Configuration['LANGUAGE'] parameters.
by eidelweiss
EIP-2026-108973 EXPLOITDB text VERIFIED
Kasseler CMS News Module - 'id' SQL Injection
by Palyo34
CVE-2010-1858 EXPLOITDB text VERIFIED
SMEStorage (com_smestorage) < 1.1 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the SMEStorage (com_smestorage) component before 1.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
by Chip d3 bi0s
CVE-2010-1875 EXPLOITDB text VERIFIED
Real Estate Property (com_properties) 3.1.22-03 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
by Chip d3 bi0s
EIP-2026-108422 EXPLOITDB text
Joomla! Component com_jwmmxtd - Remote File Inclusion
by eidelweiss
EIP-2026-108302 EXPLOITDB text VERIFIED
Joomla! Component com_cb - 'cat' SQL Injection
by DevilZ TM
EIP-2026-108265 EXPLOITDB text VERIFIED
Joomla! Component com_aml_2 - 'art' SQL Injection
by Metropolis
CVE-2010-1335 EXPLOITDB text VERIFIED
Insky CMS 006-0111 - Remote Code Execution via ROOT Parameter File Inclusion
Multiple PHP remote file inclusion vulnerabilities in Insky CMS 006-0111, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the ROOT parameter to (1) city.get/city.get.php, (2) city.get/index.php, (3) message2.send/message.send.php, (4) message.send/message.send.php, and (5) pages.add/pages.add.php in insky/modules/. NOTE: some of these details are obtained from third party information.
by mat
EIP-2026-104111 EXPLOITDB text VERIFIED
uhttp Server 0.1.0-alpha - Directory Traversal
by Salvatore Fresta
EIP-2026-103880 EXPLOITDB text VERIFIED
Cafu 9.06 - Multiple Remote Vulnerabilities
by Luigi Auriemma
EIP-2026-103066 EXPLOITDB text VERIFIED
Astaro Security Linux 5 - 'index.fpl' Cross-Site Scripting
by Vincent Hautot
EIP-2026-102453 EXPLOITDB text VERIFIED
agXchange ESM - 'ucquerydetails.jsp' Cross-Site Scripting
by Lament
CVE-2010-1365 EXPLOITDB text VERIFIED
Uiga Fan Club - SQL Injection via id Parameter in photos Action
SQL injection vulnerability in index.php in Uiga Fan Club, as downloaded on 20100310, allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action.
by Sioma Labs
EIP-2026-111455 EXPLOITDB text
PowieSys 0.7.7 alpha - 'index.php' shownews SQL Injection
by Easy Laster