Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-4366 EXPLOITDB text VERIFIED
ScriptsEz Ez Blog 1.0 - Cross-Site Scripting via yr Parameter in bmonth Action
Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the yr parameter in a bmonth action.
by Milos Zivanovic
CVE-2009-4366 EXPLOITDB text VERIFIED
ScriptsEz Ez Blog 1.0 - Cross-Site Scripting via yr Parameter in bmonth Action
Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the yr parameter in a bmonth action.
by Milos Zivanovic
EIP-2026-106600 EXPLOITDB text VERIFIED
DubSite CMS 1.0 - Cross-Site Request Forgery
by Connection
CVE-2009-1798 EXPLOITDB text VERIFIED
APC Network Management Card - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the login_username vector for Forms/login1 is already covered by CVE-2009-4406.
by Jamal Pecou
EIP-2026-100552 EXPLOITDB text
SitePal 1.1 - Authentication Bypass
by R3d-D3V!L
CVE-2009-2614 EXPLOITDB text VERIFIED
DataCheck Solutions LinkPal <1 - SQL Injection
SQL injection vulnerability in z_admin_login.asp in DataCheck Solutions LinkPal 1.x allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by R3d-D3V!L
CVE-2009-2365 EXPLOITDB text
DataCheck Solutions GalleryPal FE 1.5 - SQL Injection
SQL injection vulnerability in login.asp in DataCheck Solutions GalleryPal FE 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by R3d-D3V!L
EIP-2026-100300 EXPLOITDB text VERIFIED
EEGshop 1.2 - SQL Injection
by Securitylab.ir
EIP-2026-100240 EXPLOITDB text VERIFIED
DesigNsbyjm CMS 1.0 - 'PageId' SQL Injection
by Red-D3v1L
EIP-2026-100208 EXPLOITDB text VERIFIED
ClickTrackerASP - 'sitedetails.asp?siteid' SQL Injection
by R3d-D3V!L
CVE-2009-4384 EXPLOITDB text VERIFIED
Scriptsez Ez Poll Hoster - Cross-Site Scripting via pid or uid Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net Ez Poll Hoster (EPH) allow remote attackers to inject arbitrary web script or HTML via the (1) pid parameter in a code action to index.php and the (2) uid parameter in a view action to profile.php.
by Milos Zivanovic
EIP-2026-119400 EXPLOITDB text VERIFIED
Maxs AJAX File Uploader - Arbitrary File Upload
by ViRuSMaN
CVE-2009-4351 EXPLOITDB text VERIFIED
WSCreator 1.1 - SQL Injection via Email Parameter
SQL injection vulnerability in ADMIN/loginaction.php in WSCreator 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the Email (aka username) parameter.
by Salvatore Fresta
EIP-2026-112770 EXPLOITDB text
Traidnt Discovery - Cross-Site Request Forgery (Create Staff Account)
by G0D-F4Th3r
EIP-2026-112634 EXPLOITDB text VERIFIED
The Next Generation of Genealogy Sitebuilding - 'searchform.php' Cross-Site Scripting
by bi0
EIP-2026-112610 EXPLOITDB text VERIFIED
Text Exchange Pro - Cross-Site Request Forgery (Add Admin)
by bi0
EIP-2026-112594 EXPLOITDB text VERIFIED
TenderSystem 0.9.5 - 'main.php' Multiple Local File Inclusions
by Packetdeath
EIP-2026-112593 EXPLOITDB text VERIFIED
Tender System 0.9.5b - Local File Inclusion
by Packetdeath
CVE-2007-0518 EXPLOITDB text VERIFIED
Scriptsez Smart PHP Subscriber - Info Disclosure
Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain encoded passwords via a direct request for pwd.txt.
by Milos Zivanovic
CVE-2009-4382 EXPLOITDB text VERIFIED
phpfaber Content Management System - Cross-Site Scripting via mod Parameter
Cross-site scripting (XSS) vulnerability in module.php in PHPFABER CMS, possibly 1.3.36, allows remote attackers to inject arbitrary web script or HTML via the mod parameter.
by bi0
CVE-2009-4826 EXPLOITDB text
ScriptsEz Mini Hosting Panel - Cross-Site Request Forgery via Admin Panel Action
Cross-site request forgery (CSRF) vulnerability in hosting/admin_ac.php in ScriptsEz Mini Hosting Panel allows remote attackers to hijack the authentication of administrators for requests that alter administrative settings via a cp action.
by Milos Zivanovic
CVE-2009-4381 EXPLOITDB text VERIFIED
texmedia Million Pixel Script 3 - Cross-Site Scripting via pa Parameter
Cross-site scripting (XSS) vulnerability in index.php in texmedia Million Pixel Script 3 allows remote attackers to inject arbitrary web script or HTML via the pa parameter. NOTE: some of these details are obtained from third party information.
by bi0
CVE-2009-4349 EXPLOITDB text VERIFIED
Link Up Gold 5.0 - Cross-Site Request Forgery in Administrative Account Creation
Cross-site request forgery (CSRF) vulnerability in administration/administrators.php in Link Up Gold 5.0 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.
by bi0
EIP-2026-106999 EXPLOITDB text VERIFIED
Ez Poll Hoster - Multiple Cross-Site Scripting Vulnerabilities
by Milos Zivanovic
CVE-2009-4385 EXPLOITDB text VERIFIED
Scriptsez.net Ez Poll Hoster - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Scriptsez.net Ez Poll Hoster (EPH) allow remote attackers to (1) hijack the authentication of arbitrary users for requests that delete polls via the delete_poll action to index.php; and hijack the authentication of administrators for requests that (2) delete users via the manage action to admin.php, or (3) send arbitrary email to arbitrary users in the email action to admin.php.
by Milos Zivanovic