Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-4429 EXPLOITDB text VERIFIED
Sections module 5.x < 5.x-1.3 and 6.x < 6.x-1.3 - Authenticated Cross-Site Scripting via Section Name Field
Cross-site scripting (XSS) vulnerability in the Sections module 5.x before 5.x-1.3 and 6.x before 6.x-1.3 for Drupal allows remote authenticated users with "administer sections" privileges to inject arbitrary web script or HTML via a section name (aka the Name field).
by Justin C. Klein Keane
CVE-2009-4429 EXPLOITDB text VERIFIED
Sections module 5.x < 5.x-1.3 and 6.x < 6.x-1.3 - Authenticated Cross-Site Scripting via Section Name Field
Cross-site scripting (XSS) vulnerability in the Sections module 5.x before 5.x-1.3 and 6.x before 6.x-1.3 for Drupal allows remote authenticated users with "administer sections" privileges to inject arbitrary web script or HTML via a section name (aka the Name field).
by Justin C. Klein Keane
EIP-2026-106330 EXPLOITDB text VERIFIED
D-Tendencia Bt 2008 - SQL Injection
by Dr.0rYX & Cr3W-DZ
EIP-2026-105237 EXPLOITDB text VERIFIED
Article Directory - SQL Injection
by R3d-D3V!L
EIP-2026-105236 EXPLOITDB text VERIFIED
Article Directory - 'login.php' SQL Injection
by R3d D3v!L
CVE-2009-4454 EXPLOITDB text
VideoCache 1.9.2 - Local Privilege Escalation
vccleaner in VideoCache 1.9.2 allows local users with Squid proxy user privileges to overwrite arbitrary files via a symlink attack on /var/log/videocache/vccleaner.log.
by Dominick LaTrappe
CVE-2009-2619 EXPLOITDB text
DataCheck Solutions V-SpacePal - SQL Injection
SQL injection vulnerability in login.asp in DataCheck Solutions V-SpacePal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by R3d-D3V!L
EIP-2026-100587 EXPLOITDB text VERIFIED
Texas Rankem - 'player_id' SQL Injection
by R3d-D3V!L
EIP-2026-100558 EXPLOITDB text VERIFIED
Smart ASPad - 'campaignEdit.asp?CCam' Blind SQL Injection
by R3d-D3V!L
EIP-2026-100523 EXPLOITDB text
RecipePal 1.0 - SQL Injection
by R3d-D3V!L
EIP-2026-100494 EXPLOITDB text VERIFIED
Pre Hotels&Resorts Management System - Authentication Bypass
by R3d-D3V!L
EIP-2026-100380 EXPLOITDB text VERIFIED
JM CMS 1.0 - Authentication Bypass
by Red-D3v1L
EIP-2026-100344 EXPLOITDB text VERIFIED
GuestBookPro Script - Remote Database Disclosure
by ViRuSMaN
CVE-2006-4524 EXPLOITDB text VERIFIED
Digiappz Freekot 1.01 - SQL Injection via Login or Password Parameters
Multiple SQL injection vulnerabilities in login_verif.asp in Digiappz Freekot 1.01 allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) password parameters. NOTE: some of these details are obtained from third party information.
by R3d-D3V!L
EIP-2026-100215 EXPLOITDB text VERIFIED
Codefixer Membership - Remote Database Disclosure
by ViRuSMaN
EIP-2026-100131 EXPLOITDB text VERIFIED
ASPGuest - 'edit.asp?ID' Blind SQL Injection
by R3d-D3V!L
EIP-2026-112195 EXPLOITDB text VERIFIED
SitioOnline - SQL Injection
by 4lG3r14n0-t3r0
EIP-2026-111957 EXPLOITDB text VERIFIED
Scriptsez Ez FAQ Maker 1.0 - Cross-Site Scripting / Cross-Site Request Forgery
by Milos Zivanovic
EIP-2026-109161 EXPLOITDB text VERIFIED
Linkster - PHP/MySQL SQL Injection
by Angela Zhang
EIP-2026-107767 EXPLOITDB text VERIFIED
iGaming CMS 1.5 - Cross-Site Request Forgery
by Nex
CVE-2009-3701 EXPLOITDB text VERIFIED
Horde Application Framework < 3.3.6 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable.
by Juan Galiana Lara
CVE-2009-3701 EXPLOITDB text VERIFIED
Horde Application Framework < 3.3.6 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable.
by Juan Galiana Lara
CVE-2009-3701 EXPLOITDB text VERIFIED
Horde Application Framework < 3.3.6 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable.
by Juan Galiana Lara
EIP-2026-106998 EXPLOITDB text VERIFIED
Ez News Manager / Pro - Cross-Site Request Forgery (Change Admin Password)
by Milos Zivanovic
EIP-2026-106996 EXPLOITDB text VERIFIED
Ez Faq Maker - Multiple Vulnerabilities
by Milos Zivanovic