Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-111107 EXPLOITDB text VERIFIED
PHPKIT 1.6.x - 'b-day.php' Addon SQL Injection
by n3w7u
EIP-2026-109900 EXPLOITDB text VERIFIED
New Advisore Stack 1.1 - Directory Traversal
by R3VAN_BASTARD
CVE-2010-1346 EXPLOITDB text VERIFIED
Mini CMS RibaFS 1.0 - SQL Injection
SQL injection vulnerability in admin/login.php in Mini CMS RibaFS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the login parameter. NOTE: some of these details are obtained from third party information.
by cr4wl3r
EIP-2026-108349 EXPLOITDB text VERIFIED
Joomla! Component com_flash - SQL Injection
by DevilZ TM
EIP-2026-105996 EXPLOITDB text VERIFIED
CMS Openpage - 'index.php' SQL Injection
by Phenom
EIP-2026-102454 EXPLOITDB text VERIFIED
agXchange ESM - 'ucschcancelproc.jsp' Open Redirection
by Lament
CVE-2010-1266 EXPLOITDB text VERIFIED
WebMaid CMS < 0.2-6 - Remote File Inclusion via Multiple Template Parameters
Multiple PHP remote file inclusion vulnerabilities in WebMaid CMS 0.2-6 Beta and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) template, (2) menu, (3) events, and (4) SITEROOT parameters to template/babyweb/index.php; the (5) modules and (6) copyright parameters to template/calm/footer.php; the (7) menu parameter to template/calm/top.php; and the (8) modules, (9) copyright, and (10) menu parameters to template/wm025/footer.php.
by cr4wl3r
EIP-2026-113465 EXPLOITDB text VERIFIED
Woltlab Burning Board Lite Addon - 'lexikon.php' SQL Injection
by n3w7u
CVE-2010-1267 EXPLOITDB text VERIFIED
WebMaid CMS <0.2-6 - Path Traversal
Multiple directory traversal vulnerabilities in WebMaid CMS 0.2-6 Beta and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the com parameter to (1) cContactus.php, (2) cGuestbook.php, and (3) cArticle.php.
by cr4wl3r
CVE-2010-1216 EXPLOITDB text VERIFIED
notsopureedit < 1.4.1 - Remote Code Execution via Template Content Parameter
PHP remote file inclusion vulnerability in templates/template.php in notsoPureEdit 1.4.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the content parameter. NOTE: some of these details are obtained from third party information.
by cr4wl3r
EIP-2026-108087 EXPLOITDB text VERIFIED
Jewelry Cart Software - 'product.php' SQL Injection
by Asyraf
EIP-2026-107322 EXPLOITDB text VERIFIED
Fw-BofF (oolime-resurrection) 1.5.3beta - Multiple Remote File Inclusions
by cr4wl3r
EIP-2026-104855 EXPLOITDB text VERIFIED
4x CMS r26 - Authentication Bypass
by cr4wl3r
EIP-2026-104854 EXPLOITDB text VERIFIED
4x CMS - 'login.php' Multiple SQL Injections
by cr4wl3r
CVE-2010-1855 EXPLOITDB text VERIFIED
Pay Per Watch & Bid Auktions System - SQL Injection via id_auk Parameter
SQL injection vulnerability in auktion.php in Pay Per Watch & Bid Auktions System allows remote attackers to execute arbitrary SQL commands via the id_auk parameter.
by Easy Laster
EIP-2026-108659 EXPLOITDB text
Joomla! Component Gift Exchange com_giftexchange 1.0 Beta - 'pkg' SQL Injection
by Chip d3 bi0s
EIP-2026-104142 EXPLOITDB text VERIFIED
ZKSoftware 'ZK5000' - Remote Information Disclosure
by fb1h2s
EIP-2026-103958 EXPLOITDB text VERIFIED
KDE 4.4.1 - Ksysguard Remote Code Execution (via Cross Application Scripting)
by emgent
EIP-2026-101499 EXPLOITDB text
ZKSoftware Biometric Attendence Managnmnet Hardware[MIPS] 2 - Improper Authentication
by fb1h2s
EIP-2026-100916 EXPLOITDB text VERIFIED
Trouble Ticket Software - 'ttx.cgi' Arbitrary File Download
by n01d
EIP-2026-112999 EXPLOITDB text VERIFIED
vBulletin 4.0.2 - Search Cross-Site Scripting
by 5ubzer0
EIP-2026-111628 EXPLOITDB text VERIFIED
quality point 1.0 newsfeed - SQL Injection / Cross-Site Scripting
by Red-D3v1L
EIP-2026-111253 EXPLOITDB text VERIFIED
PHPWind 6.0 - Multiple Cross-Site Scripting Vulnerabilities
by Liscker
EIP-2026-111196 EXPLOITDB text VERIFIED
PHPscripte24 Preisschlacht Liveshop System - 'index.php?aid' SQL Injection
by Easy Laster
CVE-2010-1217 EXPLOITDB text VERIFIED
JE Form Creator - Unauthenticated Directory Traversal via View Parameter
Directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE: the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected.
by Chip d3 bi0s