Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-109081 EXPLOITDB text VERIFIED
Layout CMS 1.0 - SQL Injection / Cross-Site Scripting
by Red-D3v1L
CVE-2010-0319 EXPLOITDB text VERIFIED
Docmint 1.0 and 2.1 - Cross-Site Scripting via id Parameter
Cross-site scripting (XSS) vulnerability in index.php in Docmint 1.0 and 2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: some of these details are obtained from third party information.
by Red-D3v1L
CVE-2009-4495 EXPLOITDB text VERIFIED
Yaws 1.85 - Terminal Emulator Escape Sequence Injection via HTTP Request
Yaws 1.85 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
by evilaliv3
CVE-2009-4489 EXPLOITDB text VERIFIED
Cherokee < 0.99.31 - Remote Code Execution via Terminal Emulator Escape Sequence
header.c in Cherokee before 0.99.32 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
by evilaliv3
EIP-2026-112695 EXPLOITDB text VERIFIED
tincan ltd - 'section' SQL Injection
by ALTBTA
CVE-2010-0321 EXPLOITDB text VERIFIED
Jamit Job Board 3.0 - Cross-Site Scripting via post_id Parameter
Cross-site scripting (XSS) vulnerability in jobs/index.php in Jamit Job Board 3.0 allows remote attackers to inject arbitrary web script or HTML via the post_id parameter.
by Crux
EIP-2026-107791 EXPLOITDB text
Image Hosting Script - Arbitrary File Upload
by R3d-D3V!L
EIP-2026-107504 EXPLOITDB text VERIFIED
gridcc script 1.0 - SQL Injection / Cross-Site Scripting
by Red-D3v1L
CVE-2010-1360 EXPLOITDB text
FAQEngine 4.24.00 - Remote File Inclusion via path_faqe Parameter
Multiple PHP remote file inclusion vulnerabilities in FAQEngine 4.24.00 allow remote attackers to execute arbitrary PHP code via a URL in the path_faqe parameter to (1) attachs.php, (2) backup.php, (3) badwords.php, (4) categories.php, (5) changepw.php, (6) colorchooser.php, (7) colorwheel.php, (8) dbfiles.php, (9) diraccess.php, (10) faq.php, (11) index.php, (12) kb.php, and (13) stats.php.
by kaMtiEz
EIP-2026-106408 EXPLOITDB text VERIFIED
DELTAScripts PHP Links 1.0 - 'email' Cross-Site Scripting
by Crux
EIP-2026-106007 EXPLOITDB text
CMScontrol 7.x - Arbitrary File Upload
by Cyber_945
EIP-2026-105076 EXPLOITDB text VERIFIED
Alex Guestbook - Multiple Vulnerabilities
by LionTurk
EIP-2026-104920 EXPLOITDB text VERIFIED
Active Calendar 1.2 - '$_SERVER['PHP_SELF']' Multiple Cross-Site Scripting Vulnerabilities
by Martin Barbella
EIP-2026-104872 EXPLOITDB text VERIFIED
@lex Guestbook 5.0 - Multiple Cross-Site Scripting Vulnerabilities
by D3V!L FUCKER
CVE-2009-4488 EXPLOITDB CRITICAL text VERIFIED
Varnish 2.0.6 - Terminal Emulator Escape Sequence Injection via Log File
Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. NOTE: the vendor disputes the significance of this report, stating that "This is not a security problem in Varnish or any other piece of software which writes a logfile. The real problem is the mistaken belief that you can cat(1) a random logfile to your terminal safely.
by evilaliv3
CVSS 9.8
CVE-2009-4491 EXPLOITDB CRITICAL text VERIFIED
thttpd 2.25b0 - Remote Code Execution via Terminal Emulator Escape Sequence
thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
by evilaliv3
CVSS 9.8
CVE-2009-4492 EXPLOITDB text VERIFIED
WEBrick 1.3.1 - Terminal Emulator Escape Sequence Injection via HTTP Request
WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
by evilaliv3
CVE-2009-4493 EXPLOITDB text VERIFIED
Orion Application Server 2.0.7 - Code Injection
Orion Application Server 2.0.7 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
by evilaliv3
CVE-2009-4487 EXPLOITDB text VERIFIED
nginx 0.7.64 - Terminal Emulator Escape Sequence Injection via Log File
nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
by evilaliv3
CVE-2009-4490 EXPLOITDB text VERIFIED
mini_httpd 1.19 - Remote Command Execution via Terminal Emulator Escape Sequence
mini_httpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
by evilaliv3
CVE-2009-4496 EXPLOITDB text VERIFIED
Boa 0.94.14rc21 - Remote Command Execution via Terminal Emulator Escape Sequence
Boa 0.94.14rc21 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
by evilaliv3
CVE-2009-4494 EXPLOITDB text VERIFIED
AOLserver 4.5.1 - Terminal Emulator Escape Sequence Injection via HTTP Request
AOLserver 4.5.1 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
by evilaliv3
CVE-2010-0376 EXPLOITDB text
JCE-Tech PHP Calendars - Cross-Site Scripting via cat Parameter in product_list.php
Cross-site scripting (XSS) vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: this issue is reportedly resultant from a forced SQL error message that occurs from exploitation of CVE-2010-0375.
by LionTurk
CVE-2010-0375 EXPLOITDB text
JCE-Tech PHP Calendars - SQL Injection via cat Parameter
SQL injection vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by LionTurk
EIP-2026-116639 EXPLOITDB text VERIFIED
YPOPS! 0.9.7.3 - Buffer Overflow (SEH)
by blake