Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-4468 EXPLOITDB text VERIFIED
DeluxeBB 1.3 - Cross-Site Scripting via misc.php page Parameter
Cross-site scripting (XSS) vulnerability in misc.php in DeluxeBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
by cp77fk4r
EIP-2026-105880 EXPLOITDB text VERIFIED
ClarkConnect Linux 5.0 - 'proxy.php' Cross-Site Scripting
by Edgard Chammas
EIP-2026-105302 EXPLOITDB text
Aurora CMS - SQL Injection
by Sora
CVE-2008-3748 EXPLOITDB text VERIFIED
Active PHP Bookmarks <1.2.06 - SQL Injection
SQL injection vulnerability in view_group.php in Active PHP Bookmarks (APB) 1.1.02 and 1.2.06 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Mr.Elgaarh
CVE-2009-4464 EXPLOITDB text VERIFIED
Active Business Directory 2 - Cross-Site Scripting via searchadvance.asp search parameter
Cross-site scripting (XSS) vulnerability in searchadvance.asp in Active Business Directory 2 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
by Andrea Bocchetti
EIP-2026-113262 EXPLOITDB text
webCocoon's simpleCMS - SQL Injection
by _ÝNFAZCI_
EIP-2026-113213 EXPLOITDB text VERIFIED
Web Cocoon simpleCMS - 'show.php' SQL Injection
by anonymous
CVE-2009-4432 EXPLOITDB text
CodeMight VideoCMS 3.1 - SQL Injection
SQL injection vulnerability in index.php in CodeMight VideoCMS 3.1 allows remote attackers to execute arbitrary SQL commands via the v parameter in a video action.
by kaMtiEz
CVE-2009-4817 EXPLOITDB text VERIFIED
Element-IT Ultimate Uploader 1.3 - Unauthenticated Arbitrary File Upload and Remote Code Execution
Unrestricted file upload vulnerability in Element-IT Ultimate Uploader 1.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/.
by Master Mind
EIP-2026-112305 EXPLOITDB text VERIFIED
social Web CMS Beta 2 - Multiple Vulnerabilities
by cp77fk4r
EIP-2026-111178 EXPLOITDB text VERIFIED
PHPOPENCHAT 3.0.2 - Cross-Site Scripting AND/OR FPD
by Dedalo
CVE-2008-2501 EXPLOITDB text VERIFIED
PHPhotoalbum 0.5 - SQL Injection via Album or PID Parameter
Multiple SQL injection vulnerabilities in PHPhotoalbum 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) album parameter to thumbnails.php and the (2) pid parameter to displayimage.php.
by Stack
CVE-2009-4819 EXPLOITDB text VERIFIED
PHPhotoalbum - Unauthenticated Arbitrary File Upload via Double Extension Bypass
Multiple unrestricted file upload vulnerabilities in upload.php in PHPhotoalbum allow remote attackers to execute arbitrary code by uploading a file with a (1) .php.pgif or (2) .php.pjpeg double extension, then accessing it via a direct request to the file in albums/userpics/.
by wlhaan hacker
CVE-2009-3702 EXPLOITDB text VERIFIED
php-calendar 1.1 - Path Traversal and Arbitrary File Execution via configfile Parameter
Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 allow remote attackers to include and execute arbitrary local files via a full pathname in the configfile parameter to (1) update08.php or (2) update10.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
by Juan Galiana Lara
CVE-2009-3702 EXPLOITDB text VERIFIED
php-calendar 1.1 - Path Traversal and Arbitrary File Execution via configfile Parameter
Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 allow remote attackers to include and execute arbitrary local files via a full pathname in the configfile parameter to (1) update08.php or (2) update10.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
by Juan Galiana Lara
EIP-2026-110530 EXPLOITDB text VERIFIED
PDQ Script 1.0 - 'listingid' SQL Injection
by SecurityRules
CVE-2009-4822 EXPLOITDB text VERIFIED
Kasseler CMS 1.3.4 - Cross-Site Scripting via do id or uname Parameters
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kasseler CMS 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) do, (2) id, and (3) uname parameters.
by Gamoscu
EIP-2026-108441 EXPLOITDB text
Joomla! Component com_mediaslide - Directory Traversal
by Mr.tro0oqy
EIP-2026-106579 EXPLOITDB text
Drumbeat CMS 1.0 - SQL Injection
by Sora
CVE-2009-4820 EXPLOITDB text VERIFIED
Angelo-Emlak 1.0 - Unauthenticated Database Download via Direct Request
Angelo-Emlak 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for veribaze/angelo.mdb.
by LionTurk
EIP-2026-100089 EXPLOITDB text VERIFIED
Absolute Shopping Cart - SQL Injection
by Gamoscu
CVE-2009-4818 EXPLOITDB text VERIFIED
PHPSimplicity Simplicity oF Upload 1.3.2 - Unrestricted File Upload via Double Extension Bypass
Unrestricted file upload vulnerability in upload.php in PHPSimplicity Simplicity oF Upload 1.3.2 allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, as demonstrated by .php.gif.
by Master Mind
CVE-2007-4527 EXPLOITDB text VERIFIED
phphq phUploader 1.2 - Unrestricted File Upload and Remote Code Execution
Unrestricted file upload vulnerability in phUploader.php in phphq.Net phUploader 1.2 allows remote attackers to upload and execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by wlhaan-hacker
EIP-2026-110464 EXPLOITDB text VERIFIED
Pandora FMS Monitoring Application 2.1.x /3.x - SQL Injection
by Global-Evolution
EIP-2026-110441 EXPLOITDB text VERIFIED
PacketFence Network Access Controller - Cross-Site Scripting
by K053