Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-1056 EXPLOITDB text VERIFIED
RokDownloads < 1.0.1 - Unauthenticated Path Traversal via Controller Parameter
Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
by AtT4CKxT3rR0r1ST
EIP-2026-108464 EXPLOITDB text VERIFIED
Joomla! Component com_org - 'letter' SQL Injection
by kazuya
EIP-2026-108431 EXPLOITDB text VERIFIED
Joomla! Component com_linkr - Local File Inclusion
by AtT4CKxT3rR0r1ST
CVE-2010-1219 EXPLOITDB text VERIFIED
JA News (com_janews) 1.0 - Path Traversal
Directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
by AtT4CKxT3rR0r1ST
CVE-2010-0972 EXPLOITDB text VERIFIED
Joomla! com_gcalendar 2.1.5 - Path Traversal
Directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
by jdc
EIP-2026-108358 EXPLOITDB text VERIFIED
Joomla! Component com_ganalytics - Local File Inclusion
by AtT4CKxT3rR0r1ST
EIP-2026-108279 EXPLOITDB text VERIFIED
Joomla! Component com_bidding - SQL Injection
by N2n-Hacker
EIP-2026-107892 EXPLOITDB text
Interspire SHOPPING CART 5.5.4 - Ultimate Edition backup dump
by indoushka
EIP-2026-107226 EXPLOITDB text
FreeHost 1.00 - Arbitrary File Upload
by indoushka
EIP-2026-106601 EXPLOITDB text
Duhok Forum 1.0 script - Cross-Site Scripting
by indoushka
EIP-2026-106534 EXPLOITDB text VERIFIED
Domain Verkaus & Auktions Portal - 'index.php' SQL Injection
by Easy Laster
EIP-2026-105801 EXPLOITDB text VERIFIED
CH-CMS.ch 2 - Multiple Arbitrary File Upload Vulnerabilities
by EL-KAHINA
EIP-2026-105800 EXPLOITDB text
CH-CMS.ch 2 - Arbitrary File Upload
by EL-KAHINA
EIP-2026-105173 EXPLOITDB text VERIFIED
Andromeda 1.9.2 - 's' Cross-Site Scripting / Session Fixation
by indoushka
CVE-2010-1058 EXPLOITDB text VERIFIED
Phpkobo Address Book Script <1.09 - Path Traversal
Directory traversal vulnerability in codelib/cfg/common.inc.php in Phpkobo Address Book Script 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter.
by Pouya Daneshmand
CVE-2010-2273 EXPLOITDB text VERIFIED
Dojo 1.0.x-1.0.2, 1.1.x-1.1.1, 1.2.x-1.2.3, 1.3.x-1.3.2, 1.4.x-1.4.1 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, and util/buildscripts/jslib/buildUtil.js, as demonstrated by the (1) dojoUrl and (2) testUrl parameters to util/doh/runner.html.
by Adam Bixby
CVE-2010-2275 EXPLOITDB text VERIFIED
Dojo Toolkit SDK < 1.4.2 - Cross-Site Scripting via Theme Parameter
Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/test_Button.html.
by Adam Bixby
EIP-2026-104145 EXPLOITDB text VERIFIED
(Multiple Products) - 'banner.swf' Cross-Site Scripting
by MustLive
EIP-2026-100638 EXPLOITDB text VERIFIED
Zigurrat Farsi CMS - '/manager/textbox.asp' SQL Injection
by Isfahan
CVE-2010-1054 EXPLOITDB text VERIFIED
ParsCMS - SQL Injection via RP Parameter
Multiple SQL injection vulnerabilities in ParsCMS allow remote attackers to execute arbitrary SQL commands via the RP parameter to (1) fa_default.asp and (2) en_default.asp.
by Isfahan
CVE-2010-0973 EXPLOITDB text VERIFIED
phppool media Domain Verkaus and Auktions Portal - SQL Injection
SQL injection vulnerability in index.php in phppool media Domain Verkaus and Auktions Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Easy Laster
CVE-2010-0970 EXPLOITDB text VERIFIED
PhpMyLogon 2 - SQL Injection via Username Parameter
SQL injection vulnerability in phpmylogon.php in PhpMyLogon 2 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
by blake
EIP-2026-110829 EXPLOITDB text
PHP-Nuke - Local File Inclusion
by ITSecTeam
EIP-2026-110807 EXPLOITDB text
PHP-Fusion 6.01.15.4 - 'downloads.php' SQL Injection
by Inj3ct0r
EIP-2026-108465 EXPLOITDB text VERIFIED
Joomla! Component com_org - SQL Injection
by N2n-Hacker