Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-108260 EXPLOITDB text VERIFIED
Joomla! Component com_alert - 'q_item' SQL Injection
by N2n-Hacker
CVE-2010-1003 EXPLOITDB text VERIFIED
eFront 3.5.x-3.5.5 - Path Traversal via Language Parameter
Directory traversal vulnerability in www/editor/tiny_mce/langs/language.php in eFront 3.5.x through 3.5.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langname parameter.
by 7Safe
CVE-2010-3313 EXPLOITDB text VERIFIED
EGroupware <1.6.003-9.2.20100309 - Command Injection
phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) aspell_path or (2) spellchecker_lang parameters.
by Nahuel Grisolia
CVE-2010-1060 EXPLOITDB text VERIFIED
Phpkobo Short URL 1.01 - Path Traversal
Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Short URL 1.01, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter.
by Pouya Daneshmand
CVE-2010-1270 EXPLOITDB text VERIFIED
Multi Auktions Komplett System 2 - SQL Injection
SQL injection vulnerability in auktion.php in Multi Auktions Komplett System 2 allows remote attackers to execute arbitrary SQL commands via the id_auk parameter.
by Easy Laster
EIP-2026-110398 EXPLOITDB text VERIFIED
OSSIM 2.2 - Multiple Vulnerabilities
by Nahuel Grisolia
EIP-2026-110352 EXPLOITDB text
osCMax 2.0 - 'FCKeditor' Arbitrary File Upload
by ITSecTeam
EIP-2026-110075 EXPLOITDB text VERIFIED
Online Community CMS by I-net - SQL Injection
by Th3 RDX
EIP-2026-108522 EXPLOITDB text VERIFIED
Joomla! Component com_rwcards - Local File Inclusion
by ALTBTA
EIP-2026-108270 EXPLOITDB text VERIFIED
Joomla! Component com_as - 'catid' SQL Injection
by N2n-Hacker
CVE-2010-1062 EXPLOITDB text
Phpkobo Free Real Estate Contact Form 1.09 - Path Traversal
Directory traversal vulnerability in codelib/sys/common.inc.php in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter. NOTE: some of these details are obtained from third party information.
by Pouya Daneshmand
CVE-2010-3314 EXPLOITDB text VERIFIED
EGroupware 1.4.001+.002 1.6.001+.002 - Cross-Site Scripting via lang Parameter
Cross-site scripting (XSS) vulnerability in login.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
by Nahuel Grisolia
EIP-2026-102760 EXPLOITDB text VERIFIED
WFTPD 3.3 - Remote REST Denial of Service
by dmnt
EIP-2026-118282 EXPLOITDB text VERIFIED
ArGoSoft FTP Server .NET 1.0.2.1 - Directory Traversal
by dmnt
EIP-2026-112750 EXPLOITDB text
Torrent Hoster - Remount Upload
by EL-KAHINA
EIP-2026-112461 EXPLOITDB text
Subdreamer 3.0.1 - CMS upload
by indoushka
EIP-2026-111486 EXPLOITDB text VERIFIED
Preisschlacht 4.0 Flash System - 'index.php?aid' SQL Injection
by Easy Laster
EIP-2026-110669 EXPLOITDB text
PHP Classifieds 7.5 - Blind SQL Injection
by ITSecTeam
EIP-2026-110582 EXPLOITDB text
Phenix 3.5b - SQL Injection
by ITSecTeam
CVE-2010-1055 EXPLOITDB text VERIFIED
osDate 2.1.9 and 2.5.4 - Remote Code Execution via config[forum_installed] Parameter
Multiple PHP remote file inclusion vulnerabilities in osDate 2.1.9 and 2.5.4, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the config[forum_installed] parameter to (1) forum/adminLogin.php and (2) forum/userLogin.php. NOTE: some of these details are obtained from third party information.
by NoGe
EIP-2026-109939 EXPLOITDB text VERIFIED
Ninja RSS Syndicator 1.0.8 - Local File Inclusion
by jdc
EIP-2026-109906 EXPLOITDB text VERIFIED
Newbie CMS - File Disclosure
by JIKO
EIP-2026-108530 EXPLOITDB text VERIFIED
Joomla! Component com_sectionex - Local File Inclusion
by AtT4CKxT3rR0r1ST
EIP-2026-108517 EXPLOITDB text VERIFIED
Joomla! Component com_rpx Ulti RPX 2.1.0 - Local File Inclusion
by jdc
EIP-2026-108516 EXPLOITDB text VERIFIED
Joomla! Component com_route - SQL Injection
by N2n-Hacker