Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-108391 EXPLOITDB text VERIFIED
Joomla! Component com_jeemaarticlecollection - SQL Injection
by FL0RiX
EIP-2026-108299 EXPLOITDB text VERIFIED
Joomla! Component com_carman - Cross-Site Scripting
by FL0RiX
CVE-2009-4447 EXPLOITDB text VERIFIED
Jax Guestbook 3.5.0 - Unauthenticated Authentication Bypass via Direct Admin Endpoint Access
Jax Guestbook 3.5.0 allows remote attackers to bypass authentication and modify administrator settings via a direct request to admin/guestbook.admin.php.
by Sora
EIP-2026-104281 EXPLOITDB text VERIFIED
ImageVue 2.0 - Remote Admin Login
by Sora
EIP-2026-102714 EXPLOITDB text
Picpuz 2.1.1 - Buffer Overflow (Denial of Service) (PoC)
by $andman
CVE-2009-5019 EXPLOITDB text VERIFIED
Web Wiz NewsPad - Unauthenticated Sensitive Information Exposure via Direct Database Request
Web Wiz NewsPad stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/NewsPad.mdb.
by ViRuSMaN
EIP-2026-100623 EXPLOITDB text VERIFIED
Web Wiz Forums 9.64 - Database Disclosure
by ViRuSMaN
CVE-2008-0135 EXPLOITDB text VERIFIED
Snitz Forums 2000 <= 3.4.06 - Unauthenticated Sensitive Information Exposure via Direct Database Download
Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb.
by ViRuSMaN
EIP-2026-114482 EXPLOITDB text VERIFIED
XP Book 3.0 - login Admin
by wlhaan hacker
CVE-2007-1034 EXPLOITDB text
Emporium Module < 2.3.0 - SQL Injection via category_id Parameter
SQL injection vulnerability in the category file in modules.php in the Emporium 2.3.0 and earlier module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
by Hussin X
EIP-2026-104947 EXPLOITDB text
Add An Ad Script - Arbitrary File Upload
by MR.Z
EIP-2026-104833 EXPLOITDB text VERIFIED
35mm Slide Gallery - Directory Traversal
by Mr.tro0oqy
EIP-2026-104832 EXPLOITDB text VERIFIED
35mm Slide Gallery - Cross-Site Scripting
by indoushka
CVE-2009-4814 EXPLOITDB text VERIFIED
Wolfram webMathematica - Cross-Site Scripting via URI to MSP Script
Cross-site scripting (XSS) vulnerability in Wolfram Research webMathematica allows remote attackers to inject arbitrary web script or HTML via the URI to the MSP script.
by Floyd Fuh
EIP-2026-102718 EXPLOITDB text VERIFIED
Printoxx - Local Buffer Overflow (PoC)
by $andman
CVE-2009-4467 EXPLOITDB text VERIFIED
DeluxeBB 1.3 - Improper Input Validation in Email Verification
misc.php in DeluxeBB 1.3 allows remote attackers to register accounts without a valid email address via a valemail action with the valmem set to a pre-assigned user ID, which is visible from a memberlist action.
by cp77fk4r
CVE-2009-4466 EXPLOITDB text VERIFIED
DeluxeBB 1.3 - Exposure of Sensitive Information via Page Parameter
DeluxeBB 1.3 allows remote attackers to obtain sensitive information via a crafted page parameter to misc.php, which reveals the installation path in an error message. NOTE: this issue might be resultant from improperly controlled computation in tools.php that leads to a denial of service (CPU or memory consumption).
by cp77fk4r
CVE-2009-4465 EXPLOITDB text VERIFIED
DeluxeBB 1.3 - Unauthenticated Sensitive Information Exposure via Direct Request
DeluxeBB 1.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and configuration information, log data, and gain administrative access via a direct request to scripts in (1) templates/ including (2) templates/deluxe/admincp/, (3) templates/corporate/admincp/, and (4) templates/blue/admincp/; (5) images/; (6) logs/ including (7) logs/cp.php; (8) wysiwyg/; (9) docs/; (10) classes/; (11) lang/; and (12) settings/.
by cp77fk4r
EIP-2026-116539 EXPLOITDB text VERIFIED
Winamp 5.57 - Stack Overflow
by scriptjunkie
CVE-2009-4423 EXPLOITDB text VERIFIED
weenCompany 4.0.0 - SQL Injection via moduleid Parameter
SQL injection vulnerability in index.php in weenCompany 4.0.0 allows remote attackers to execute arbitrary SQL commands via the moduleid parameter. NOTE: some of these details are obtained from third party information.
by Gamoscu
CVE-2009-4816 EXPLOITDB text VERIFIED
The Uploader 2.0 - Path Traversal via Filename Parameter
Directory traversal vulnerability in api/download_checker.php in MegaLab The Uploader 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
by Stack
EIP-2026-112643 EXPLOITDB text VERIFIED
The Uploader 2.0 - Arbitrary File Upload
by Master Mind
EIP-2026-111462 EXPLOITDB text VERIFIED
pragmaMX 0.1.11 - 'modules.php' Multiple SQL Injections
by Hadi Kiamarsi
EIP-2026-109775 EXPLOITDB text VERIFIED
mypage 0.4 - Local File Inclusion
by BAYBORA
CVE-2008-6785 EXPLOITDB text VERIFIED
Mini File Host 1.5 - Unauthenticated Arbitrary File Upload and Remote Code Execution via Executable File Extension
Unrestricted file upload vulnerability in Mini File Host 1.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as demonstrated by creating a name.php file.
by MR.Z