Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-105166 EXPLOITDB text VERIFIED
Ampache 3.4.3 - 'login.php' Multiple SQL Injections
by R3d-D3V!L
EIP-2026-100292 EXPLOITDB text VERIFIED
E-Smart Cart - SQL Injection
by R3d-D3V!L
CVE-2009-4367 EXPLOITDB text VERIFIED
Sitecore Staging Module <5.4.0 - Auth Bypass
The Staging Webservice ("sitecore modules/staging/service/api.asmx") in Sitecore Staging Module 5.4.0 rev.080625 and earlier allows remote attackers to bypass authentication and (1) upload files, (2) download files, (3) list directories, and (4) clear the server cache via crafted SOAP requests with arbitrary Username and Password values, possibly related to a direct request.
by L. Weichselbaum
CVE-2007-5026 EXPLOITDB text VERIFIED
dBlog CMS - Unauthenticated Sensitive Information Exposure via Direct Database Request
dBlog CMS, probably 2.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing an admin password hash via a direct request for dblog.mdb.
by AnTi SeCuRe
CVE-2009-4430 EXPLOITDB text VERIFIED
VirtueMart 1.0 - SQL Injection via product_id Parameter
SQL injection vulnerability in index.php in VirtueMart 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter in a shop.product_details shop.flypage action.
by Neo-GabrieL
CVE-2008-6809 EXPLOITDB text VERIFIED
Venalsur Booking Centre Booking System for Hotels Group 2.01 - SQL Injection via HotelID Parameter
SQL injection vulnerability in hotel_habitaciones.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allows remote attackers to execute arbitrary SQL commands via the HotelID parameter.
by R3d-D3V!L
EIP-2026-112913 EXPLOITDB text VERIFIED
Uploader by CeleronDude 5.3.0 - Arbitrary File Upload (1)
by Stink
CVE-2009-4403 EXPLOITDB text VERIFIED
Rumba XML 1.8 - Cross-Site Scripting via PATH_INFO
Cross-site scripting (XSS) vulnerability in index.php in Rumba XML 1.8 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. NOTE: some of these details are obtained from third party information.
by Hadi Kiamarsi
EIP-2026-111765 EXPLOITDB text VERIFIED
ReVou Software - SQL Injection
by R3d-D3V!L
EIP-2026-111651 EXPLOITDB text VERIFIED
QuiXplorer 2.x - 'lang' Local File Inclusion
by Juan Galiana Lara
EIP-2026-111475 EXPLOITDB text VERIFIED
Pre Job Board 1.0 - Authentication Bypass
by bi0
EIP-2026-111368 EXPLOITDB text VERIFIED
Pluxml-Blog 4.2 - '/core/admin/auth.php' Cross-Site Scripting
by Metropolis
CVE-2011-4275 EXPLOITDB text
iTop 1.1.181 and 1.2.0-RC-282 - Cross-Site Scripting via Multiple Input Vectors
Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted company name, (2) a crafted database server name, (3) a crafted CSV file, (4) a crafted copy-and-paste action, (5) the auth_user parameter in a suggest_pwd action to UI.php, (6) the c[menu] parameter to UniversalSearch.php, (7) the description parameter in a SearchFormToAdd_document_list action to UI.php, (8) the category parameter in an errors action to audit.php, or (9) the suggest_pwd parameter to UI.php.
by Braeden Thomas
EIP-2026-110695 EXPLOITDB text VERIFIED
PHP F1 Upload - Arbitrary File Upload
by wlhaan hacker
EIP-2026-109343 EXPLOITDB text VERIFIED
Matrimony Script - Cross-Site Request Forgery
by bi0
CVE-2009-4428 EXPLOITDB text VERIFIED
Joomla! com_joomportfolio 1.0.0 - SQL Injection
SQL injection vulnerability in the JoomPortfolio (com_joomportfolio) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the secid parameter in a showcat action to index.php.
by Fl0riX & Snakespc
EIP-2026-108118 EXPLOITDB text
Jobscript4Web 3.5 - Multiple Cross-Site Request Forgery Vulnerabilities
by bi0
EIP-2026-108072 EXPLOITDB text VERIFIED
jCore CMS - Cross-Site Scripting
by loneferret
CVE-2009-3701 EXPLOITDB text VERIFIED
Horde Application Framework < 3.3.6 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable.
by Juan Galiana Lara
CVE-2009-4823 EXPLOITDB text VERIFIED
cPanel 11.0-11.24.7 - Cross-Site Scripting via Fileop Parameter
Cross-site scripting (XSS) vulnerability in frontend/x3/files/fileop.html in cPanel 11.0 through 11.24.7 allows remote attackers to inject arbitrary web script or HTML via the fileop parameter.
by RENO
EIP-2026-105403 EXPLOITDB text VERIFIED
Basic PHP Events Lister 2 - Arbitrary Add Admin
by RENO
EIP-2026-102383 EXPLOITDB text VERIFIED
jCore - 'search' Cross-Site Scripting
by loneferret
EIP-2026-101197 EXPLOITDB text VERIFIED
Cisco ASA 8.x - VPN SSL Module Clientless URL-list control Bypass
by David Eduardo Acosta Rodriguez
EIP-2026-100496 EXPLOITDB text VERIFIED
Pre Jobo.NET - Multiple SQL Injections
by bi0
EIP-2026-100495 EXPLOITDB text VERIFIED
Pre Jobo .NET - Authentication Bypass
by bi0