Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-109923 EXPLOITDB text VERIFIED
NewsLetter Tailor 0.2.0 - Remote File Inclusion
by snakespc
EIP-2026-109922 EXPLOITDB text VERIFIED
NewsLetter Tailor - Database Backup Dump
by ViRuSMaN
EIP-2026-109921 EXPLOITDB text VERIFIED
NewsLetter Tailor - Authentication Bypass
by ViRuSMaN
EIP-2026-109147 EXPLOITDB text VERIFIED
Limny 1.01 - Arbitrary File Upload
by JIKO
EIP-2026-107177 EXPLOITDB text VERIFIED
Fonts Site Script - Remote File Disclosure
by JIKO
EIP-2026-106202 EXPLOITDB text VERIFIED
CPA Site Solutions - Arbitrary File Upload
by R3VAN_BASTARD
EIP-2026-103779 EXPLOITDB text
LDAP - Injection
by mc2_s3lector
EIP-2026-100439 EXPLOITDB text
MOJO's IWms 7 - SQL Injection / Cross-Site Scripting
by cp77fk4r
CVE-2010-0765 EXPLOITDB text VERIFIED
fipsForum 2.6 - Unauthenticated Sensitive Information Disclosure via Direct Database Request
fipsForum 2.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for _database/forumFips.mdb.
by ViRuSMaN
EIP-2026-118602 EXPLOITDB text VERIFIED
GeFest Web Home Server 1.0 - Directory Traversal
by Markot
EIP-2026-114599 EXPLOITDB text VERIFIED
Zen Time Tracking 2.2 - Multiple SQL Injections
by cr4wl3r
EIP-2026-113086 EXPLOITDB text VERIFIED
VideoDB 3.0.3 - 'login.php' Cross-Site Scripting
by vr
CVE-2010-1043 EXPLOITDB text VERIFIED
jaxCMS 1.0 - Path Traversal and Arbitrary File Execution via 'p' Parameter
Directory traversal vulnerability in index.php in jaxCMS 1.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter.
by Hamza 'MizoZ' N.
EIP-2026-105555 EXPLOITDB text
Blue Dove - SQL Injection
by HackXBack
EIP-2026-105018 EXPLOITDB text VERIFIED
Aflam Online 1.0 - 'index.php' SQL Injection
by alnjm33
EIP-2026-103988 EXPLOITDB text VERIFIED
Mongoose 2.8 - Space String Remote File Disclosure
by Pouya Daneshmand
EIP-2026-103950 EXPLOITDB text VERIFIED
JDownloader - 'JDExternInterface.java' Remote Code Execution
by apoc
CVE-2010-1048 EXPLOITDB text VERIFIED
Uiga Business Portal - Stored Cross-Site Scripting via Comment Box Textcomment Parameter
Cross-site scripting (XSS) vulnerability in blog/index.php in Uiga Business Portal allows remote attackers to inject arbitrary web script or HTML via the textcomment parameter (aka the Comment Box) in a noentryid action. NOTE: some of these details are obtained from third party information.
by Sioma Labs
CVE-2010-1053 EXPLOITDB text VERIFIED
Zen Time Tracking <2.2 - SQL Injection
Multiple SQL injection vulnerabilities in Zen Time Tracking 2.2 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to (a) userlogin.php and (b) managerlogin.php. NOTE: some of these details are obtained from third party information.
by cr4wl3r
EIP-2026-114391 EXPLOITDB text VERIFIED
WSN Guest - Database Disclosure
by HackXBack
CVE-2010-1049 EXPLOITDB text VERIFIED
Uiga Business Portal - SQL Injection
Multiple SQL injection vulnerabilities in Uiga Business Portal allow remote attackers to execute arbitrary SQL commands via the (1) noentryid parameter to blog/index.php and the (2) p parameter to index2.php.
by Sioma Labs
EIP-2026-112710 EXPLOITDB text
TinyMCE WYSIWYG Editor - Multiple Vulnerabilities
by mc2_s3lector
CVE-2010-1046 EXPLOITDB text VERIFIED
rostermain < 1.1 - SQL Injection via Userid or Password Parameter
Multiple SQL injection vulnerabilities in index.php in Rostermain 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) userid (username) and (2) password parameters.
by cr4wl3r
EIP-2026-109002 EXPLOITDB text
Killmonster 2.1 - Authentication Bypass
by cr4wl3r
CVE-2010-1045 EXPLOITDB text VERIFIED
Joomla! com_productbook 1.0.4 - SQL Injection
SQL injection vulnerability in the Productbook (com_productbook) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: some of these details are obtained from third party information.
by snakespc