Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-117496 EXPLOITDB text VERIFIED
Microsoft Internet Explorer - 'wshom.ocx' (Run) ActiveX Code Execution (Add Admin)
by Stack
EIP-2026-110331 EXPLOITDB text VERIFIED
OpenX 2.6.1 - SQL Injection
by AndySoon
EIP-2026-109043 EXPLOITDB text
KosmosBlog 0.9.3 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery
by Milos Zivanovic
EIP-2026-108362 EXPLOITDB text VERIFIED
Joomla! Component com_gurujibook - SQL Injection
by snakespc
CVE-2010-0456 EXPLOITDB text VERIFIED
indianpulse Game Server (com_gameserver) 1.2 - SQL Injection via grp Parameter
SQL injection vulnerability in the indianpulse Game Server (com_gameserver) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the grp parameter in a gameserver action to index.php.
by B-HUNT3|2
EIP-2026-108281 EXPLOITDB text VERIFIED
Joomla! Component com_biographies - SQL Injection
by snakespc
EIP-2026-108272 EXPLOITDB text
Joomla! Component com_avosbillets - SQL Injection
by snakespc
EIP-2026-103669 EXPLOITDB text VERIFIED
Sun Java System Web Server 7.0 Update 6 - 'admin' Server Denial of Service
by Intevydis
CVE-2010-0388 EXPLOITDB text VERIFIED
Sun Java System Web Server 7.0 Update 6 - Denial of Service via WebDAV PROPFIND Request Format String
Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in the encoding attribute of the XML declaration in a PROPFIND request.
by Intevydis
EIP-2026-119424 EXPLOITDB text VERIFIED
SHOUTcast Server 1.9.8/Win32 - Cross-Site Request Forgery
by cp77fk4r
CVE-2010-0027 EXPLOITDB text VERIFIED
Microsoft Internet Explorer 5.01-8 - Remote Code Execution via URL Validation Flaw
The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
by Lostmon Lords
EIP-2026-115441 EXPLOITDB text VERIFIED
IntelliTamper 2.07/2.08 - Defer Remote Buffer Overflow (PoC)
by SkuLL-HackeR
EIP-2026-108285 EXPLOITDB text VERIFIED
Joomla! Component com_book - SQL Injection
by Evil-Cod3r
EIP-2026-106220 EXPLOITDB text VERIFIED
cPanel and WHM 11.25 - 'failurl' HTTP Response Splitting
by Trancer
CVE-2010-0458 EXPLOITDB text VERIFIED
NetArt Media Blog System 1.5 - SQL Injection via cat or note Parameter
Multiple SQL injection vulnerabilities in NetArt Media Blog System 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to index.php and the (2) note parameter to blog.php.
by h4ck3r
EIP-2026-104297 EXPLOITDB text VERIFIED
jQuery Uploadify 2.1.0 - Arbitrary File Upload
by k4cp3r/Ablus
EIP-2026-104211 EXPLOITDB text VERIFIED
cPanel - HTTP Response Splitting
by Trancer
CVE-2010-0387 EXPLOITDB text VERIFIED
Sun Java System Web Server 7.0 Update 7 - Heap-Based Buffer Overflow via Long Digest Authorization Header
Multiple heap-based buffer overflows in (1) webservd and (2) the admin server in Sun Java System Web Server 7.0 Update 7 allow remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long string in an "Authorization: Digest" HTTP header.
by Intevydis
EIP-2026-100317 EXPLOITDB text VERIFIED
eWebeditor - Directory Traversal
by anonymous
EIP-2026-115714 EXPLOITDB text VERIFIED
Microsoft Internet Explorer 6.0/7.0 - Null Pointer crashes
by Skylined
EIP-2026-111171 EXPLOITDB text VERIFIED
PHPMySpace Gold 8.0 - 'gid' SQL Injection
by Ctacok
CVE-2010-1112 EXPLOITDB text VERIFIED
KloNews 2.0 - Cross-Site Scripting via cat Parameter
Cross-site scripting (XSS) vulnerability in cat.php in KloNews 2.0 allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
by cr4wl3r
EIP-2026-105837 EXPLOITDB text VERIFIED
Chipmunk NewsLetter 2.0 - Multiple Cross-Site Scripting Vulnerabilities
by b0telh0
CVE-2010-10015 EXPLOITDB HIGH text VERIFIED
AOL <= 9.5 (Revision 4337.155) - Stack-based Buffer Overflow via Phobos.Playlist Import Method
AOL versions up to and including 9.5 includes an ActiveX control (Phobos.dll) that exposes a method called Import() via the Phobos.Playlist COM object. This method is vulnerable to a stack-based buffer overflow when provided with an excessively long string argument. Exploitation allows remote attackers to execute arbitrary code in the context of the user, but only when the malicious HTML file is opened locally, due to the control not being marked safe for scripting or initialization. AOL remains an active and supported brand offering services like AOL Mail and AOL Desktop Gold, but the legacy AOL 9.5 desktop software—specifically the version containing the vulnerable Phobos.dll ActiveX control—is long discontinued and no longer maintained.
by Hellcode Research
CVE-2010-0232 EXPLOITDB HIGH text VERIFIED
Windows SYSTEM Escalation via KiTrap0D
The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability."
by Tavis Ormandy
CVSS 7.8