Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-0760 EXPLOITDB text VERIFIED
Core Design Scriptegrator <1.4.1 - Path Traversal
Multiple directory traversal vulnerabilities in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) file parameter to libraries/jquery/js/ui/jsloader.php and the (2) files[] parameter to libraries/jquery/js/jsloader.php, a different vector than CVE-2010-0759. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by S2 Crew
EIP-2026-108468 EXPLOITDB text VERIFIED
Joomla! Component com_otzivi - Local File Inclusion
by AtT4CKxT3rR0r1ST
EIP-2026-106268 EXPLOITDB text VERIFIED
CubeCart - 'index.php' SQL Injection
by AtT4CKxT3rR0r1ST
CVE-2010-0703 EXPLOITDB text VERIFIED
PortWise SSL VPN 4.6 - Cross-Site Scripting via wa/auth reloadFrame Parameter
Cross-site scripting (XSS) vulnerability in wa/auth in PortWise SSL VPN 4.6 allows remote attackers to inject arbitrary web script or HTML via the reloadFrame parameter.
by George Christopoulos
CVE-2008-5517 EXPLOITDB text
git < 1.5.6 - Remote Code Execution via gitweb Shell Metacharacters
The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote attackers to execute arbitrary commands via shell metacharacters related to (1) git_snapshot and (2) git_object.
by S2 Crew
EIP-2026-112858 EXPLOITDB text VERIFIED
uGround 1.0b - SQL Injection
by Easy Laster
EIP-2026-111590 EXPLOITDB text VERIFIED
PunBBAnnuaire 0.4 - Blind SQL Injection
by Metropolis
EIP-2026-111075 EXPLOITDB text
PHPIDS 0.4 - Remote File Inclusion
by eidelweiss
EIP-2026-109818 EXPLOITDB text VERIFIED
Nabernet - 'articles.php' SQL Injection
by AtT4CKxT3rR0r1ST
EIP-2026-109637 EXPLOITDB text
Multiple File Attachments Mail Form Pro 2.0 - Arbitrary File Upload
by EgoPL
EIP-2026-108252 EXPLOITDB text VERIFIED
Joomla! Component com_acteammember - SQL Injection
by ALTBTA
EIP-2026-108251 EXPLOITDB text VERIFIED
Joomla! Component com_acstartseite - SQL Injection
by AtT4CKxT3rR0r1ST
EIP-2026-108250 EXPLOITDB text VERIFIED
Joomla! Component com_acprojects - SQL Injection
by AtT4CKxT3rR0r1ST
EIP-2026-107898 EXPLOITDB text VERIFIED
intuitive - 'form.php' SQL Injection
by AtT4CKxT3rR0r1ST
CVE-2010-0720 EXPLOITDB text VERIFIED
Erotik Auktionshaus - SQL Injection
SQL injection vulnerability in news.php in Erotik Auktionshaus allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Easy Laster
CVE-2010-0721 EXPLOITDB text VERIFIED
Auktionshaus Gelb 3.0 - SQL Injection
SQL injection vulnerability in news.php in Auktionshaus Gelb 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Easy Laster
EIP-2026-105299 EXPLOITDB text VERIFIED
Auktionshaus 4 - 'news.php' SQL Injection
by Easy Laster
EIP-2026-113399 EXPLOITDB text VERIFIED
wh-em.com upload 7.0 - Insecure Cookie Authentication Bypass
by indoushka
EIP-2026-112344 EXPLOITDB text VERIFIED
SongForever.com Clone - Arbitrary File Upload
by indoushka
CVE-2010-0671 EXPLOITDB text VERIFIED
KR MEDIA Pogodny CMS - SQL Injection via id Parameter in niusy Action
SQL injection vulnerability in index.php in KR MEDIA Pogodny CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a niusy action.
by Ariko-Security
EIP-2026-109277 EXPLOITDB text VERIFIED
Mambo Component 'com_acnews' - 'id' SQL Injection
by Zero Bits & Xzit3
CVE-2010-0709 EXPLOITDB text
Limny 2.0 - Cross-Site Request Forgery in User and Admin Actions
Multiple cross-site request forgery (CSRF) vulnerabilities in Limny 2.0 allow remote attackers to (1) hijack the authentication of users or administrators for requests that change the email address or password via the user action to index.php, and (2) hijack the authentication of the administrator for requests that create a new user via the admin/modules/user/new action to limny/index.php.
by Luis Santana
CVE-2010-0709 EXPLOITDB text
Limny 2.0 - Cross-Site Request Forgery in User and Admin Actions
Multiple cross-site request forgery (CSRF) vulnerabilities in Limny 2.0 allow remote attackers to (1) hijack the authentication of users or administrators for requests that change the email address or password via the user action to index.php, and (2) hijack the authentication of the administrator for requests that create a new user via the admin/modules/user/new action to limny/index.php.
by Luis Santana
EIP-2026-107013 EXPLOITDB text VERIFIED
EziScript Google Page Rank 1.1 - Cross-Site Scripting
by sarabande
EIP-2026-106979 EXPLOITDB text VERIFIED
Extreme Mobster - 'login' Cross-Site Scripting
by indoushka