Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-100444 EXPLOITDB text VERIFIED
Multi-Lingual Application - Blind SQL Injection
by R3d-D3V!L
CVE-2009-4436 EXPLOITDB text VERIFIED
eWebquiz 8 - SQL Injection via QuizID Parameter
Multiple SQL injection vulnerabilities in Active Web Softwares eWebquiz 8 allow remote attackers to execute arbitrary SQL commands via the QuizID parameter to (1) questions.asp, (2) importquestions.asp, and (3) quiztakers.asp, different vectors than CVE-2007-1706.
by R3d-D3V!L
EIP-2026-100196 EXPLOITDB text VERIFIED
Charon Cart 3.0 - 'ContentID' Blind SQL Injection
by R3d-D3V!L
CVE-2005-2062 EXPLOITDB text VERIFIED
ActiveBuyAndSell 6.2 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in ActiveBuyAndSell 6.2 allow remote attackers to execute arbitrary SQL commands via the catid parameter to (1) default.asp or (2) buyersend.asp, (3) Administrator ID field in admin.asp, E-mail field in (4) advertiserstart.asp or (5) buyer.asp, or Keyword field in search.asp.
by R3d-D3V!L
CVE-2009-4437 EXPLOITDB text VERIFIED
Active Auction House 3.6 - SQL Injection
Multiple SQL injection vulnerabilities in Active Auction House 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to wishlist.asp and the (2) linkid parameter to links.asp. NOTE: vector 1 might overlap CVE-2005-1029.1.
by R3d-D3V!L
CVE-2009-4433 EXPLOITDB text VERIFIED
iSupport < 1.8 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (a) 5 or (b) 9 field in a post action to ticket_function.php, reachable through ticket_submit.php and index.php; (c) the which parameter to function.php, or (d) the which parameter to index.php, related to knowledgebase_list.php. NOTE: some of these details are obtained from third party information.
by Stink & Essandre
EIP-2026-117816 EXPLOITDB text VERIFIED
QuickHeal AntiVirus 2010 - Local Privilege Escalation
by Francis Provencher
CVE-2009-4452 EXPLOITDB text VERIFIED
Kaspersky Anti-Virus <9.0.0.463 - Privilege Escalation
Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); and Internet Security 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); use weak permissions (Everyone:Full Control) for the BASES directory, which allows local users to gain SYSTEM privileges by replacing an executable or DLL with a Trojan horse.
by Maxim A. Kulakov
EIP-2026-115356 EXPLOITDB text VERIFIED
Google Picasa 3.5 - Local Buffer Overflow (Denial of Service) (PoC)
by Connection
CVE-2009-3703 EXPLOITDB text VERIFIED
WP-Forum < 2.4 - SQL Injection via Search Max Parameter
Multiple SQL injection vulnerabilities in the WP-Forum plugin before 2.4 for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the search_max parameter in a search action to the default URI, related to wpf.class.php; (2) the forum parameter to an unspecified component, related to wpf.class.php; (3) the topic parameter in a viewforum action to the default URI, related to the remove_topic function in wpf.class.php; or the id parameter in a (4) editpost or (5) viewtopic action to the default URI, related to wpf-post.php.
by Juan Galiana Lara
EIP-2026-113417 EXPLOITDB text VERIFIED
WHMCompleteSolution CMS - SQL Injection
by Dr.0rYX & Cr3W-DZ
EIP-2026-111720 EXPLOITDB text VERIFIED
Recipe Script 5.0 - Arbitrary File Upload / Cross-Site Request Forgery / Cross-Site Scripting
by Milos Zivanovic
EIP-2026-111474 EXPLOITDB text VERIFIED
Pre Hospital Management System - Authentication Bypass
by R3d-D3V!L
EIP-2026-111473 EXPLOITDB text VERIFIED
Pre Hospital Management System - 'department.php?id' SQL Injection
by R3d-D3V!L
CVE-2008-3679 EXPLOITDB text VERIFIED
IDevSpot PhpLinkExchange 1.01 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in index.php in IDevSpot PhpLinkExchange 1.01 allow remote attackers to inject arbitrary web script or HTML via the catid parameter in a (1) user_add, (2) recip, (3) tellafriend, or (4) contact action, or (5) in a request without an action; or (6) the id parameter in a tellafriend action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Stink'
CVE-2009-4375 EXPLOITDB text VERIFIED
AlienVault OSSIM <2.1.5.4 - SQL Injection
SQL injection vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary SQL commands via the id_document parameter.
by Nahuel Grisolia
CVE-2009-4372 EXPLOITDB text VERIFIED
AlienVault OSSIM < 2.1.5-4 - Remote Command Execution via UniqueID Parameter
AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary commands via shell metacharacters in the uniqueid parameter to (1) wcl.php, (2) storage_graphs.php, (3) storage_graphs2.php, (4) storage_graphs3.php, and (5) storage_graphs4.php in sem/.
by Nahuel Grisolia
EIP-2026-110397 EXPLOITDB text VERIFIED
OSSIM 2.1.5 - Arbitrary File Upload
by Nahuel Grisolia
EIP-2026-110029 EXPLOITDB text VERIFIED
Omnistar Affiliate - Authentication Bypass
by R3d-D3V!L
CVE-2009-4434 EXPLOITDB text VERIFIED
IDevSpot iSupport <1.8 - Path Traversal
Directory traversal vulnerability in index.php in IDevSpot iSupport 1.8 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter.
by Stink & Essandre
CVE-2009-4433 EXPLOITDB text VERIFIED
iSupport < 1.8 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (a) 5 or (b) 9 field in a post action to ticket_function.php, reachable through ticket_submit.php and index.php; (c) the which parameter to function.php, or (d) the which parameter to index.php, related to knowledgebase_list.php. NOTE: some of these details are obtained from third party information.
by Stink & Essandre
CVE-2009-4433 EXPLOITDB text VERIFIED
iSupport < 1.8 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (a) 5 or (b) 9 field in a post action to ticket_function.php, reachable through ticket_submit.php and index.php; (c) the which parameter to function.php, or (d) the which parameter to index.php, related to knowledgebase_list.php. NOTE: some of these details are obtained from third party information.
by Stink & Essandre
EIP-2026-107085 EXPLOITDB text
File Share 1.0 - SQL Injection
by TOP SAT 13
EIP-2026-107039 EXPLOITDB text VERIFIED
family connections 2.1.3 - Multiple Vulnerabilities
by Salvatore Fresta
EIP-2026-106924 EXPLOITDB text VERIFIED
eUploader PRO 3.1.1 - Cross-Site Request Forgery / Cross-Site Scripting
by Milos Zivanovic