Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-1092 EXPLOITDB text
ScriptsFeed Business Directory Software - SQL Injection
Multiple SQL injection vulnerabilities in login.php in ScriptsFeed Business Directory Software allow remote attackers to execute arbitrary SQL commands via the (1) us and (2) ps parameters.
by Crux
CVE-2010-2138 EXPLOITDB text VERIFIED
ProMan < 0.1.1 - Remote File Inclusion via _SESSION[userLang] Parameter
Multiple directory traversal vulnerabilities in ProMan 0.1.1 and earlier allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SESSION[userLang] parameter to (1) elisttasks.php, (2) managepmanagers.php, (3) manageusers.php, (4) helpfunc.php, (5) managegroups.php, (6) manageprocess.php, and (7) manageusersgroups.php.
by cr4wl3r
CVE-2010-2134 EXPLOITDB text VERIFIED
Project Man 1.0 - SQL Injection via Username or Password Parameter
Multiple SQL injection vulnerabilities in login.php in Project Man 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.
by cr4wl3r
CVE-2010-1538 EXPLOITDB text
phpRAINCHECK <1.0.1 - SQL Injection
SQL injection vulnerability in print_raincheck.php in phpRAINCHECK 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by cr4wl3r
CVE-2010-1091 EXPLOITDB text
phpmysite - Cross-Site Scripting via contact.php Parameters
Multiple cross-site scripting (XSS) vulnerabilities in contact.php in phpMySite allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) city, (3) email, (4) state, and (5) message parameters.
by Crux
CVE-2010-1537 EXPLOITDB text VERIFIED
phpCDB < 1.0 - Remote File Inclusion via Lang Global Parameter
Multiple directory traversal vulnerabilities in phpCDB 1.0 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_global parameter to (1) firstvisit.php, (2) newfolder.php, (3) showfolders.php, (4) newlang.php, (5) showinnerfolder.php, (6) writecode.php, and (7) showcode.php.
by cr4wl3r
CVE-2010-1094 EXPLOITDB text VERIFIED
DZ EROTIK Auktionshaus V4rgo - SQL Injection
SQL injection vulnerability in news.php in DZ EROTIK Auktionshaus V4rgo allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Easy Laster
CVE-2010-1369 EXPLOITDB text
Pre Classified Listings ASP - SQL Injection
SQL injection vulnerability in signup.asp in Pre Classified Listings ASP allows remote attackers to execute arbitrary SQL commands via the email parameter.
by Crux
CVE-2010-1128 EXPLOITDB text VERIFIED
PHP < 5.2.13 - Insufficient Entropy in Linear Congruential Generator
The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function.
by Rasmus
CVE-2010-2130 EXPLOITDB text VERIFIED
Aris Global ARISg 5.0 - Cross-Site Scripting via wflogin.jsp errmsg Parameter
Cross-site scripting (XSS) vulnerability in wflogin.jsp in Aris Global ARISg 5.0 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter.
by Yaniv Miron
EIP-2026-100015 EXPLOITDB text VERIFIED
FileExecutive 1 - Multiple Vulnerabilities
by ViRuSMaN
EIP-2026-113239 EXPLOITDB text VERIFIED
WebAdministrator Lite CMS - SQL Injection
by Ariko-Security
EIP-2026-112324 EXPLOITDB text VERIFIED
Softbiz Recipes Portal Script - 'showcats.php' SQL Injection
by Easy Laster
EIP-2026-109907 EXPLOITDB text VERIFIED
Newbie CMS 0.0.2 - Insecure Cookie Authentication Bypass
by JIKO
CVE-2010-1368 EXPLOITDB text VERIFIED
GameScript 3.0 - SQL Injection via index.php id Parameter
SQL injection vulnerability in index.php in GameScript (GS) 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a category action.
by FormatXformat
CVE-2010-0714 EXPLOITDB text VERIFIED
IBM WebSphere Portal 5.1.0.0-5.1.0.5, 6.0.0.0-6.0.1.7, 6.1.0.0-6.1.5.0 XSS via login.jsp
Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to inject arbitrary web script or HTML via the query string.
by Oren Hafif
CVE-2010-0757 EXPLOITDB text VERIFIED
WikyBlog 1.7.3rc2 - Authenticated Remote Code Execution via Unrestricted File Upload
Unrestricted file upload vulnerability in index.php/Attach in WikyBlog 1.7.3rc2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension using the uploadform action, then accessing it via a direct request to the file in userfiles/[username]/uploaded/.
by indoushka
CVE-2010-0756 EXPLOITDB text VERIFIED
WikyBlog 1.7.3 rc2 - Session Fixation
Session fixation vulnerability in WikyBlog 1.7.3 rc2 allows remote attackers to hijack web sessions by setting the jsessionid parameter to (1) index.php/Comment/Main, (2) index.php/Comment/Main/Home_Wiky, or (3) index.php/Edit/Main.
by indoushka
CVE-2010-0755 EXPLOITDB text VERIFIED
WikyBlog 1.7.3 rc2 - Remote Code Execution via LangFile Parameter
PHP remote file inclusion vulnerability in include/WBmap.php in WikyBlog 1.7.3 rc2 allows remote attackers to execute arbitrary PHP code via a URL in the langFile parameter.
by indoushka
CVE-2010-0754 EXPLOITDB text VERIFIED
WikyBlog 1.7.2 and 1.7.3 rc2 - Cross-Site Scripting via which Parameter
Cross-site scripting (XSS) vulnerability in index.php/Special/Main/Templates in WikyBlog 1.7.2 and 1.7.3 rc2 allows remote attackers to inject arbitrary web script or HTML via the which parameter in a copy action.
by indoushka
EIP-2026-119078 EXPLOITDB text VERIFIED
rbot 0.9.14 - '!react' Unauthorized Access
by nks
CVE-2010-1114 EXPLOITDB text VERIFIED
Web Server Creator - Web Portal 0.1 - RCE
Multiple PHP remote file inclusion vulnerabilities in Web Server Creator - Web Portal 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pg parameter to index.php and the (2) path parameter to news/form.php.
by indoushka
EIP-2026-112317 EXPLOITDB text VERIFIED
Softbiz Classifieds PLUS - Multiple SQL Injections
by Easy Laster
EIP-2026-112315 EXPLOITDB text VERIFIED
Softbiz Auktios Script - Multiple SQL Injections
by Easy Laster
EIP-2026-112034 EXPLOITDB text
ShortCMS 1.11F(B) (con) - SQL Injection
by Gamoscu