Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-0675 EXPLOITDB text VERIFIED
BGS CMS 2.2.1 - Cross-Site Scripting via Search Parameter
Cross-site scripting (XSS) vulnerability in index.php in BGSvetionik BGS CMS 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action. NOTE: some of these details are obtained from third party information.
EIP-2026-101308 EXPLOITDB text VERIFIED
Huawei HG510 - Multiple Cross-Site Request Forgery Vulnerabilities
by Ivan Markovic
EIP-2026-100489 EXPLOITDB text VERIFIED
Portrait Software Portrait Campaign Manager 4.6.1.22 - Multiple Cross-Site Scripting Vulnerabilities
by Roel Schouten
CVE-2010-0673 EXPLOITDB text VERIFIED
Copperleaf Photolog 0.16 - SQL Injection via postid Parameter
SQL injection vulnerability in cplphoto.php in the Copperleaf Photolog plugin 0.16, and possibly earlier, for WordPress allows remote attackers to execute arbitrary SQL commands via the postid parameter.
by kaMtiEz
EIP-2026-112485 EXPLOITDB text VERIFIED
superengine CMS (Custom Pack) - SQL Injection
by 10n1z3d
EIP-2026-109448 EXPLOITDB text VERIFIED
microUpload - Arbitrary File Upload
by Phenom
EIP-2026-108414 EXPLOITDB text VERIFIED
Joomla! Component com_joomportfolio - Blind Injection
by snakespc
EIP-2026-108364 EXPLOITDB text VERIFIED
Joomla! Component com_hdvideoshare - SQL Injection
by snakespc
EIP-2026-107377 EXPLOITDB text
Généré par KDPics 1.18 - Remote Add Admin
by snakespc
EIP-2026-106497 EXPLOITDB text VERIFIED
Dodo Upload 1.3 - Arbitrary File Upload (Bypass)
by indoushka
EIP-2026-106054 EXPLOITDB text
CoffieNet CMS - Admin Bypass
by indoushka
EIP-2026-105517 EXPLOITDB text VERIFIED
blog ink - Bypass Setting
by indoushka
CVE-2010-0677 EXPLOITDB text VERIFIED
Katalog Stron Hurricane 1.3.5 - SQL Injection via Index.php Get Parameter
SQL injection vulnerability in index.php in Katalog Stron Hurricane 1.3.5, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the get parameter.
by kaMtiEz
EIP-2026-112035 EXPLOITDB text VERIFIED
ShortCMS 1.2.0 - SQL Injection
by Thibow
EIP-2026-110736 EXPLOITDB text
PHP PEAR 1.9.0 - Multiple Remote File Inclusions
by eidelweiss
EIP-2026-109282 EXPLOITDB text VERIFIED
Mambo Component AkoGallery - SQL Injection
by snakespc
CVE-2010-0678 EXPLOITDB text VERIFIED
Katalog Stron Hurricane 1.3.5 - Remote Code Execution via includes_directory Parameter
PHP remote file inclusion vulnerability in includes/moderation.php in Katalog Stron Hurricane 1.3.5, and possibly earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the includes_directory parameter.
by kaMtiEz
CVE-2010-0691 EXPLOITDB text VERIFIED
JTL-Shop 2 - SQL Injection via Druckansicht s Parameter
SQL injection vulnerability in druckansicht.php in JTL-Shop 2 allows remote attackers to execute arbitrary SQL commands via the s parameter.
by Lo$T
CVE-2010-0696 EXPLOITDB text
JoomlaWorks AllVideos <3.2 - Path Traversal
Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.
by Pouya Daneshmand
EIP-2026-108579 EXPLOITDB text VERIFIED
Joomla! Component com_videos - SQL Injection
by snakespc
EIP-2026-107090 EXPLOITDB text
File Upload Manager 1.3 - Web Shell File Upload
by ROOT_EGY
EIP-2026-105696 EXPLOITDB text VERIFIED
Calendarix 0.8.20071118 - SQL Injection
by Thibow
CVE-2010-0680 EXPLOITDB text VERIFIED
ZeusCMS 0.2 - Path Traversal via Page Parameter
Directory traversal vulnerability in index.php in ZeusCMS 0.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter.
by ViRuSMaN
CVE-2008-0843 EXPLOITDB text VERIFIED
StatCounteX 3.0 and 3.1 - Unauthenticated Sensitive Information Disclosure and Configuration Manipulation via admin.asp
StatCounteX 3.0 and 3.1 allows remote attackers to obtain sensitive information and edit configuration scripts via a direct request to admin.asp.
by Phenom
EIP-2026-115861 EXPLOITDB text VERIFIED
Mozilla Firefox 3.6 - Denial of Service (1)
by Asheesh kumar Mani Tripathi