Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-109351 EXPLOITDB text VERIFIED
Max's File Uploader - Arbitrary File Upload
by S2K9
CVE-2010-2006 EXPLOITDB text VERIFIED
LetoDMS < 1.7.2 - Authenticated Path Traversal via Lang Parameter
Directory traversal vulnerability in op/op.Login.php in LetoDMS (formerly MyDMS) 1.7.2 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
by D. Fabian
EIP-2026-103586 EXPLOITDB text VERIFIED
Multiple Media Players ((iTunes / QuickTime) - HTTP DataHandler Overflow
by Dr_IDE
CVE-2009-4273 EXPLOITDB text VERIFIED
stap-server <1.1 - Command Injection
stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request.
by Frank Ch. Eigler
CVE-2010-0288 EXPLOITDB text VERIFIED
DokuWiki < 2009-12-25b - Unauthenticated Privilege Escalation via ACL Manager Plugin
A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010.
by IHTeam
EIP-2026-114427 EXPLOITDB text VERIFIED
Xforum 1.4 - 'nbpageliste' Cross-Site Scripting
by ViRuSMaN
EIP-2026-112583 EXPLOITDB text VERIFIED
Technology for Solutions 1.0 - 'id' Cross-Site Scripting
by PaL-D3v1L
CVE-2010-0374 EXPLOITDB text VERIFIED
codingfish com_marketplace 1.2 - Cross-Site Scripting via catid Parameter
Cross-site scripting (XSS) vulnerability in the Marketplace (com_marketplace) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the catid parameter in a show_category action to index.php.
by ViRuSMaN
CVE-2010-0372 EXPLOITDB text VERIFIED
com_articlemanager - SQL Injection via artid Parameter
SQL injection vulnerability in the Articlemanager (com_articlemanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the artid parameter in a display action to index.php.
by FL0RiX
CVE-2010-0287 EXPLOITDB text VERIFIED
DokuWiki < 2009-12-25b - Directory Traversal via ACL Manager ns Parameter
Directory traversal vulnerability in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. (dot dot) in the ns parameter.
by IHTeam
EIP-2026-104797 EXPLOITDB text VERIFIED
Zend Framework 1.9.6 - Multiple Input Validation Vulnerabilities / Security Bypass
by draic Brady
CVE-2010-0712 EXPLOITDB text VERIFIED
Zenoss < 2.5 - Authenticated SQL Injection via Events API Parameters
Multiple SQL injection vulnerabilities in zport/dmd/Events/getJSONEventsInfo in Zenoss 2.3.3, and other versions before 2.5, allow remote authenticated users to execute arbitrary SQL commands via the (1) severity, (2) state, (3) filter, (4) offset, and (5) count parameters.
by nGenuity Information Services
EIP-2026-102709 EXPLOITDB text VERIFIED
OpenOffice 3.1 - '.csv' Remote Denial of Service
by Hellcode Research
EIP-2026-112792 EXPLOITDB text VERIFIED
Tribisur - 'cat' Cross-Site Scripting
by ViRuSMaN
EIP-2026-112431 EXPLOITDB text VERIFIED
StivaSoft Stiva SHOPPING CART 1.0 - 'demo.php' Cross-Site Scripting
by PaL-D3v1L
EIP-2026-111576 EXPLOITDB text
Public Media Manager - SQL Injection
by learn3r hacker
EIP-2026-111562 EXPLOITDB text
PSI CMS 0.3.1 - SQL Injection
by learn3r hacker
EIP-2026-111409 EXPLOITDB text VERIFIED
Populum 2.3 - SQL Injection
by SiLeNtp0is0n
EIP-2026-108566 EXPLOITDB text VERIFIED
Joomla! Component com_tienda - 'categoria' Cross-Site Scripting
by FL0RiX
EIP-2026-107587 EXPLOITDB text VERIFIED
Hesk Help Desk 2.1 - Cross-Site Request Forgery
by The.Morpheus
EIP-2026-105863 EXPLOITDB text VERIFIED
CiviCRM 3.1 < Beta 5 - Multiple Cross-Site Scripting Vulnerabilities
by h00die
CVE-2010-0002 EXPLOITDB text VERIFIED
Bash - Terminal Escape Sequence Injection via LS_OPTIONS
The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LS_OPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename.
by Eric Piel
EIP-2026-100123 EXPLOITDB text VERIFIED
Asp VevoCart Control System 3.0.4 - Database Disclosure
by indoushka
EIP-2026-112129 EXPLOITDB text VERIFIED
Simple PHP Blog 0.5.x - 'search.php' Cross-Site Scripting
by Sora
CVE-2010-1361 EXPLOITDB text VERIFIED
PHPepperShop 2.5 - Cross-Site Scripting via darstellen Parameter
Cross-site scripting (XSS) vulnerability in shop/USER_ARTIKEL_HANDLING_AUFRUF.php in PHPepperShop 2.5 allows remote attackers to inject arbitrary web script or HTML via the darstellen parameter.
by Crux