Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-106997 EXPLOITDB text
Ez Guestbook 1.0 - Multiple Vulnerabilities
by Milos Zivanovic
EIP-2026-106995 EXPLOITDB text VERIFIED
Ez Cart - 'sid' Cross-Site Scripting
by anti-gov
EIP-2026-106994 EXPLOITDB text VERIFIED
Ez Cart - 'index.php' Cross-Site Scripting
by anti-gov
CVE-2009-4319 EXPLOITDB text VERIFIED
eocms < 0.9.03 - Remote Code Execution via BBCODE_path Parameter
PHP remote file inclusion vulnerability in js/bbcodepress/bbcode-form.php in eoCMS 0.9.03 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BBCODE_path parameter.
by 1nd0n3s14n l4m3r
EIP-2026-106689 EXPLOITDB text VERIFIED
Easy Banner Pro - Cross-Site Request Forgery (Add Admin)
by bi0
EIP-2026-105319 EXPLOITDB text
Automne.ws CMS 4.0.0rc2 - Multiple Remote File Inclusions
by 1nd0n3s14n l4m3r
CVE-2009-4828 EXPLOITDB text VERIFIED
Ad Manager Pro 3.0 - Cross-Site Request Forgery in Admin User Creation
Cross-site request forgery (CSRF) vulnerability in administration/admins.php in Ad Manager Pro (aka AdManagerPro) 3.0 allows remote attackers to hijack the authentication of administrators for requests that create new administrative users via an admin_created action. NOTE: some of these details are obtained from third party information.
by bi0
CVE-2009-4501 EXPLOITDB text VERIFIED
Zabbix < 1.6.8 - Denial of Service via Missing Separators in Request
The zbx_get_next_field function in libs/zbxcommon/str.c in Zabbix Server before 1.6.8 allows remote attackers to cause a denial of service (crash) via a request that lacks expected separators, which triggers a NULL pointer dereference, as demonstrated using the Command keyword.
by Nicob
CVE-2009-4502 EXPLOITDB text VERIFIED
Zabbix Agent <1.6.7 - Command Injection
The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses.
by Nicob
EIP-2026-104412 EXPLOITDB text
Redmine 0.8.6 - Cross-Site Request Forgery (Add Admin)
by p0deje
EIP-2026-104376 EXPLOITDB text VERIFIED
Oracle E-Business Suite - Multiple Vulnerabilities
by Hacktics
EIP-2026-104031 EXPLOITDB text VERIFIED
Oracle E-Business Suite 11i - Multiple Remote Vulnerabilities
by Hacktics
EIP-2026-103347 EXPLOITDB text VERIFIED
[WS] upload - Arbitrary File Upload
by ViRuSMaN
EIP-2026-103301 EXPLOITDB text VERIFIED
NAS Uploader 1.0/1.5 - Arbitrary File Upload
by ViRuSMaN
EIP-2026-103299 EXPLOITDB text VERIFIED
myPHPupload 0.5.1 - Arbitrary File Upload
by ViRuSMaN
CVE-2009-4827 EXPLOITDB text VERIFIED
Mail Manager Pro - Cross-Site Request Forgery via Admin Password Change
Cross-site request forgery (CSRF) vulnerability in admin.php in Mail Manager Pro allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a change action.
by Milos Zivanovic
CVE-2008-1985 EXPLOITDB text VERIFIED
DigitalHive 2.0 RC2 - Cross-Site Scripting via mt Parameter
Cross-site scripting (XSS) vulnerability in base.php in DigitalHive 2.0 RC2 allows remote attackers to inject arbitrary web script or HTML via the mt parameter, possibly related to membres.php.
by ViRuSMaN
CVE-2008-7248 EXPLOITDB text VERIFIED
Ruby on Rails <2.1.3 & <2.2.2 - CSRF
Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain.
by p0deje
CVE-2009-4462 EXPLOITDB text VERIFIED
NetBiterConfig <1.3.0 - Buffer Overflow
Stack-based buffer overflow in the NetBiterConfig utility (NetBiterConfig.exe) 1.3.0 for Intellicom NetBiter WebSCADA allows remote attackers to execute arbitrary code via a long hn (hostname) parameter in a crafted HICP-protocol UDP packet.
by Ruben Santamarta
EIP-2026-100508 EXPLOITDB text
Quartz Concept Content Manager 3.00 - Authentication Bypass
by Mr.aFiR
EIP-2026-114583 EXPLOITDB text VERIFIED
Zeecareers 2.0 - Cross-Site Scripting / Authentication Bypass
by bi0
EIP-2026-114386 EXPLOITDB text VERIFIED
WS Interactive Automne 4.0 - '228-recherche.php' Cross-Site Scripting
by loneferret
CVE-2006-6377 EXPLOITDB text VERIFIED
Uploadscript <1.2 - Info Disclosure
Uploadscript 1.2 and earlier stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain the admin password hash via a direct request for /password.txt.
by Mr.aFiR
EIP-2026-112391 EXPLOITDB text VERIFIED
SpireCMS 2.0 - SQL Injection
by Dr.0rYX & Cr3W-DZ
EIP-2026-111291 EXPLOITDB text VERIFIED
Piwigo 2.0.6 - Multiple Vulnerabilities
by mr_me