Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-115994 EXPLOITDB text VERIFIED
OpenOffice - '.slk' Parsing Null Pointer
by Hellcode Research
EIP-2026-113129 EXPLOITDB text VERIFIED
VisualShapers EZContents 2.0.3 - Authentication Bypass / Multiple SQL Injections
by AmnPardaz Security Research Team
CVE-2010-2005 EXPLOITDB text VERIFIED
DataLife Engine 8.3 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in DataLife Engine (DLE) 8.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the selected_language parameter to engine/inc/include/init.php, (2) the config[langs] parameter to engine/inc/help.php, (3) the config[lang] parameter to engine/ajax/pm.php, (4) and the _REQUEST[skin] parameter to engine/ajax/addcomments.php.
by indoushka
CVE-2010-2005 EXPLOITDB text VERIFIED
DataLife Engine 8.3 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in DataLife Engine (DLE) 8.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the selected_language parameter to engine/inc/include/init.php, (2) the config[langs] parameter to engine/inc/help.php, (3) the config[lang] parameter to engine/ajax/pm.php, (4) and the _REQUEST[skin] parameter to engine/ajax/addcomments.php.
by indoushka
CVE-2010-2005 EXPLOITDB text VERIFIED
DataLife Engine 8.3 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in DataLife Engine (DLE) 8.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the selected_language parameter to engine/inc/include/init.php, (2) the config[langs] parameter to engine/inc/help.php, (3) the config[lang] parameter to engine/ajax/pm.php, (4) and the _REQUEST[skin] parameter to engine/ajax/addcomments.php.
by indoushka
CVE-2010-2005 EXPLOITDB text VERIFIED
DataLife Engine 8.3 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in DataLife Engine (DLE) 8.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the selected_language parameter to engine/inc/include/init.php, (2) the config[langs] parameter to engine/inc/help.php, (3) the config[lang] parameter to engine/ajax/pm.php, (4) and the _REQUEST[skin] parameter to engine/ajax/addcomments.php.
by indoushka
EIP-2026-105064 EXPLOITDB text
al3jeb script - Remote Authentication Bypass
by cr4wl3r
CVE-2010-1106 EXPLOITDB text VERIFIED
AdvertisementManager 3.1.0 - Remote Code Execution via req Parameter
PHP remote file inclusion vulnerability in cgi/index.php in AdvertisementManager 3.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the req parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.
by indoushka
EIP-2026-104187 EXPLOITDB text VERIFIED
Blaze Apps 1.x - SQL Injection / HTML Injection
by AmnPardaz Security Research Team
EIP-2026-102710 EXPLOITDB text VERIFIED
OpenOffice 3.1 - '.slk' Null Pointer Dereference Remote Denial of Service
by Hellcode Research
EIP-2026-119178 EXPLOITDB text VERIFIED
SurgeFTP 2.x - 'surgeftpmgr.cgi' Multiple Cross-Site Scripting Vulnerabilities
by indoushka
CVE-2010-0187 EXPLOITDB text VERIFIED
Adobe AIR < 1.5.3.9130 and Flash Player < 10.0.45.2 - Denial of Service via Modified SWF File
Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF file.
by Mert SARICA
EIP-2026-112608 EXPLOITDB text
Testlink TestManagement and Execution System 1.8.5 - Multiple Directory Traversal Vulnerabilities
by Prashant Khandelwal
EIP-2026-112606 EXPLOITDB text VERIFIED
TestLink 1.8.5 - 'order_by_login_dir' Cross-Site Scripting
by Prashant Khandelwal
EIP-2026-112312 EXPLOITDB text VERIFIED
Soft Direct 1.05 - Multiple Vulnerabilities
by indoushka
EIP-2026-109525 EXPLOITDB text VERIFIED
Mobile Chat 2.0.2 - 'chatsmileys.php' Cross-Site Scripting
by indoushka
CVE-2010-0371 EXPLOITDB text VERIFIED
Hitmaaan Gallery 1.3 - Cross-Site Scripting via gall or levela Parameters
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Hitmaaan Gallery 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gall and (2) levela parameters.
by indoushka
EIP-2026-107058 EXPLOITDB text
Fatwiki (fwiki) 1.0 - Remote File Inclusion
by kaMtiEz
CVE-2010-1111 EXPLOITDB text VERIFIED
Jokes Complete Website - Cross-Site Scripting via id Parameter or searchingred Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Jokes Complete Website allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to joke.php and the (2) searchingred parameter to results.php.
by indoushka
CVE-2010-1111 EXPLOITDB text VERIFIED
Jokes Complete Website - Cross-Site Scripting via id Parameter or searchingred Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Jokes Complete Website allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to joke.php and the (2) searchingred parameter to results.php.
by indoushka
CVE-2010-0367 EXPLOITDB text VERIFIED
BitScripts Bits Video Script 2.05 Gold Beta - Remote Code Execution via rowptem[template] Parameter
Multiple PHP remote file inclusion vulnerabilities in BitScripts Bits Video Script 2.05 Gold Beta, and possibly 2.04, allow remote attackers to execute arbitrary PHP code via a URL in the rowptem[template] parameter to (1) showcasesearch.php and (2) showcase2search.php.
by indoushka
CVE-2010-0367 EXPLOITDB text VERIFIED
BitScripts Bits Video Script 2.05 Gold Beta - Remote Code Execution via rowptem[template] Parameter
Multiple PHP remote file inclusion vulnerabilities in BitScripts Bits Video Script 2.05 Gold Beta, and possibly 2.04, allow remote attackers to execute arbitrary PHP code via a URL in the rowptem[template] parameter to (1) showcasesearch.php and (2) showcase2search.php.
by indoushka
CVE-2010-0365 EXPLOITDB text VERIFIED
BitScripts Bits Video Script 2.04 and 2.05 Gold Beta - Cross-Site Scripting via search.php order Parameter
Cross-site scripting (XSS) vulnerability in search.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allows remote attackers to inject arbitrary web script or HTML via the order parameter.
by indoushka
CVE-2010-0366 EXPLOITDB text VERIFIED
BitScripts Bits Video Script 2.04-2.05 Gold Beta - Unauthenticated Arbitrary File Upload
Multiple unrestricted file upload vulnerabilities in (1) register.php and (2) addvideo.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
by indoushka
CVE-2010-0366 EXPLOITDB text VERIFIED
BitScripts Bits Video Script 2.04-2.05 Gold Beta - Unauthenticated Arbitrary File Upload
Multiple unrestricted file upload vulnerabilities in (1) register.php and (2) addvideo.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
by indoushka