Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-0763 EXPLOITDB text VERIFIED
CommodityRentals Vacation Rental Software - SQL Injection
SQL injection vulnerability in index.php in CommodityRentals Vacation Rental Software allows remote attackers to execute arbitrary SQL commands via the rental_id parameter in a CalendarView action.
by JaMbA
CVE-2010-0693 EXPLOITDB text VERIFIED
CommodityRentals Trade Manager Script - SQL Injection
SQL injection vulnerability in products.php in CommodityRentals Trade Manager Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by JaMbA
EIP-2026-109778 EXPLOITDB text VERIFIED
myPHP Guestbook 2.0.4 - Database Backup Dump
by ViRuSMaN
EIP-2026-107340 EXPLOITDB text VERIFIED
GameRoom Script - Authentication Bypass / Arbitrary File Upload
by JIKO
EIP-2026-106083 EXPLOITDB text VERIFIED
CommodityRentals CD Rental Software - 'index.php' SQL Injection
by Don Tukulesto
CVE-2010-0762 EXPLOITDB text VERIFIED
CommodityRentals CD Rental Software - SQL Injection
SQL injection vulnerability in index.php in CommodityRentals CD Rental Software allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a catalog action.
by Don Tukulesto
CVE-2010-0761 EXPLOITDB text VERIFIED
CommodityRentals Books/eBooks Rentals Script - SQL Injection
SQL injection vulnerability in index.php in CommodityRentals Books/eBooks Rentals Script allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a gamecatalog action.
by Don Tukulesto
EIP-2026-105195 EXPLOITDB text VERIFIED
apemCMS - SQL Injection
by Ariko-Security
EIP-2026-104671 EXPLOITDB text VERIFIED
PHP Captcha Security Images - Denial of Service
by cp77fk4r
EIP-2026-104507 EXPLOITDB text VERIFIED
X-Cart Pro 4.0.13 - SQL Injection
by s4squatch
CVE-2010-0690 EXPLOITDB text VERIFIED
CommodityRentals Video Games Rentals - SQL Injection
SQL injection vulnerability in index.php in CommodityRentals Video Games Rentals allows remote attackers to execute arbitrary SQL commands via the pfid parameter in a catalog action.
by JaMbA
CVE-2008-1470 EXPLOITDB text VERIFIED
RSA WebID - Cross-Site Scripting via IISWebAgentIF.dll postdata Parameter
Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID RSA Authentication Agent 5.3, and possibly earlier, allows remote attackers to conduct cross-site scripting (XSS) attacks via the postdata parameter, due to an incomplete fix for CVE-2005-1118.
by s4squatch
CVE-2010-0642 EXPLOITDB text VERIFIED
Cisco Collaboration Server 5 - Unauthenticated Sensitive Information Exposure via URL-Encoded Filename Extension Bypass
Cisco Collaboration Server (CCS) 5 allows remote attackers to read the source code of JHTML files via URL encoded characters in the filename extension, as demonstrated by (1) changing .jhtml to %2Ejhtml, (2) changing .jhtml to .jhtm%6C, (3) appending %00 after .jhtml, and (4) appending %c0%80 after .jhtml, related to the (a) doc/docindex.jhtml, (b) browserId/wizardForm.jhtml, (c) webline/html/forms/callback.jhtml, (d) webline/html/forms/callbackICM.jhtml, (e) webline/html/agent/AgentFrame.jhtml, (f) webline/html/agent/default/badlogin.jhtml, (g) callme/callForm.jhtml, (h) webline/html/multichatui/nowDefunctWindow.jhtml, (i) browserId/wizard.jhtml, (j) admin/CiscoAdmin.jhtml, (k) msccallme/mscCallForm.jhtml, and (l) webline/html/admin/wcs/LoginPage.jhtml components.
by s4squatch
CVE-2010-0701 EXPLOITDB text
Newgen Software OmniDocs - SQL Injection
SQL injection vulnerability in ForceChangePassword.jsp in Newgen Software OmniDocs allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
by thebluegenius
EIP-2026-112871 EXPLOITDB text VERIFIED
ULoki Community Forum 2.1 - 'usercp.php' Cross-Site Scripting
by Sioma Labs
EIP-2026-107557 EXPLOITDB text VERIFIED
HASHE! Solutions - Multiple SQL Injections
by AtT4CKxT3rR0r1ST
CVE-2010-0764 EXPLOITDB text VERIFIED
KuwaitPHP eSmile - SQL Injection via cid Parameter
SQL injection vulnerability in index.php in KuwaitPHP eSmile allows remote attackers to execute arbitrary SQL commands via the cid parameter in a show action.
by AtT4CKxT3rR0r1ST
CVE-2009-4645 EXPLOITDB text VERIFIED
Accellion Secure File Transfer Appliance <8.0.105 - Path Traversal
Directory traversal vulnerability in web_client_user_guide.html in Accellion Secure File Transfer Appliance before 8_0_105 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.
by Tim Brown
CVE-2009-4648 EXPLOITDB text VERIFIED
Accellion Secure File Transfer Appliance - Privilege Escalation via Sudo Command Argument Injection
Accellion Secure File Transfer Appliance before 8_0_105 does not properly restrict access to sensitive commands and arguments that run with extra sudo privileges, which allows local administrators to gain privileges via (1) arbitrary arguments in the --file_move action in /usr/local/bin/admin.pl, or a hard link attack in (2) chmod or (3) a certain cp command.
by Tim Brown
CVE-2010-0239 EXPLOITDB text VERIFIED
Windows Vista and Server 2008 - Remote Code Execution via ICMPv6 Router Advertisement
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability."
by Sumit Gwalani
EIP-2026-114632 EXPLOITDB text
Zomorrod CMS - SQL Injection
by Pouya Daneshmand
EIP-2026-114525 EXPLOITDB text VERIFIED
Yes Solutions - Webapp SQL Injection
by HackXBack
EIP-2026-113014 EXPLOITDB text VERIFIED
vBulletin Adsense Component - 'viewpage.php' SQL Injection
by JIKO
EIP-2026-112659 EXPLOITDB text VERIFIED
ThinkPHP 2.0 - 'index.php' Cross-Site Scripting
by zx
CVE-2010-0605 EXPLOITDB text VERIFIED
osTicket < 1.6 - Authenticated SQL Injection via scp/ajax.php Input Parameter
SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with "Staff" permissions, to execute arbitrary SQL commands via the input parameter.
by Nahuel Grisolia