Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-109536 EXPLOITDB text VERIFIED
Model Agency Manager - 'search_process.php' Cross-Site Scripting
by bi0
EIP-2026-108582 EXPLOITDB text
Joomla! Component com_virtuemart 1.0 - 'Product_ID' SQL Injection
by SOA Crew
CVE-2009-4431 EXPLOITDB text
com_jcalpro 1.5.3.6 - Remote Code Execution via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in cal_popup.php in the Anything Digital Development JCal Pro (aka com_jcalpro or JCP) component 1.5.3.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
by kaMtiEz
EIP-2026-107891 EXPLOITDB text VERIFIED
Interspire Shopping Cart - Full Path Disclosure
by Mr.aFiR
EIP-2026-107258 EXPLOITDB text VERIFIED
Frog CMS 0.9.5 - Cross-Site Request Forgery
by Milos Zivanovic
EIP-2026-106819 EXPLOITDB text VERIFIED
Ele Medios CMS - SQL Injection
by Dr.0rYX & Cr3W-DZ
EIP-2026-105831 EXPLOITDB text VERIFIED
Chipmunk Board Script 1.x - Multiple Cross-Site Request Forgery Vulnerabilities
by Milos Zivanovic
CVE-2009-4905 EXPLOITDB text
Acc Statistics 1.1 - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Acc Statistics 1.1 allow remote attackers to hijack the authentication of administrators for requests that change (1) passwords, (2) usernames, and (3) e-mail addresses.
by Milos Zivanovic
CVE-2009-4906 EXPLOITDB text
Acc PHP eMail 1.1 - Cross-Site Request Forgery in Password Change
Cross-site request forgery (CSRF) vulnerability in index.php in Acc PHP eMail 1.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords.
by bi0
EIP-2026-104903 EXPLOITDB text VERIFIED
Acc Auto Dealer Script 5.0 - Persistent Cross-Site Scripting / SQL Backup
by bi0
EIP-2026-114584 EXPLOITDB text VERIFIED
ZeeCareers 2.x - PHP HR Manager Website (Cross-Site Scripting / Authentication Bypass)
by bi0
EIP-2026-109490 EXPLOITDB text VERIFIED
Miniweb 2.0 - Full Path Disclosure
by Salvatore Fresta
CVE-2009-5018 EXPLOITDB text VERIFIED
gif2png <= 2.5.3 - Stack-based Buffer Overflow via Long Command-line Argument
Stack-based buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to execute arbitrary code via a long command-line argument, as demonstrated by a CGI program that launches gif2png.
by Razuel Akaharnath
EIP-2026-119352 EXPLOITDB text VERIFIED
Billwerx RC 3.1 - Multiple Vulnerabilities
by mr_me
CVE-2008-6498 EXPLOITDB text VERIFIED
XAMPP 1.6.8 - Cross-Site Request Forgery via xampppasswd Parameter
Cross-site request forgery (CSRF) vulnerability in security/xamppsecurity.php in XAMPP 1.6.8 allows remote attackers to hijack the authentication of users for requests that change a certain .htaccess password via the xampppasswd parameter.
by bi0
EIP-2026-111023 EXPLOITDB text VERIFIED
phpCollegeExchange 0.1.5c - Multiple SQL Injections
by Salvatore Fresta
CVE-2009-4908 EXPLOITDB text VERIFIED
oBlog - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in oBlog allow remote attackers to inject arbitrary web script or HTML via the (1) commentName, (2) commentEmail, (3) commentWeb, or (4) commentText parameter to article.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via the (5) article_id or (6) title parameter to admin/write.php, the (7) category_id or (8) category_name parameter to admin/groups.php, the (9) blogroll_id or (10) title parameter to admin/blogroll.php, or the (11) blog_name or (12) tag_line parameter to admin/settings.php.
by Milos Zivanovic
EIP-2026-107786 EXPLOITDB text
Illogator Shop - SQL Injection Bypass
by bi0
CVE-2008-6242 EXPLOITDB text VERIFIED
Scripts For Sites EZ e-store - SQL Injection via SearchResults.php where Parameter
SQL injection vulnerability in SearchResults.php in Scripts For Sites (SFS) EZ e-store allows remote attackers to execute arbitrary SQL commands via the where parameter.
by Salvatore Fresta
EIP-2026-106450 EXPLOITDB text VERIFIED
Digital Scribe 1.4.1 - Multiple SQL Injections
by Salvatore Fresta
EIP-2026-105835 EXPLOITDB text VERIFIED
Chipmunk NewsLetter - Cross-Site Request Forgery
by Milos Zivanovic
CVE-2009-4386 EXPLOITDB text VERIFIED
Venalsur Booking Centre Booking System for Hotels Group - SQL Injection
SQL injection vulnerability in hotel_tiempolibre_ext.php in Venalsur Booking Centre Booking System for Hotels Group, when magic_quotes_gpc is enabled, allows remote attackers to execute arbitrary SQL commands via the NoticiaID parameter and other unspecified vectors.
by Salvatore Fresta
CVE-2009-4596 EXPLOITDB text VERIFIED
PHP Inventory 1.2 - Cross-Site Scripting via sup_id Parameter
Cross-site scripting (XSS) vulnerability in index.php in PHP Inventory 1.2 allows remote attackers to inject arbitrary web script or HTML via the sup_id parameter in a suppliers details action.
by mr_me
CVE-2009-4601 EXPLOITDB text VERIFIED
ZeeJobsite 3x - Cross-Site Scripting via Basic Search Result Title Parameter
Cross-site scripting (XSS) vulnerability in basic_search_result.php in Zeeways ZeeJobsite 3x allows remote attackers to inject arbitrary web script or HTML via the title parameter.
by bi0
CVE-2009-4427 EXPLOITDB text VERIFIED
phpLDAPadmin <1.1.0.5 - Path Traversal
Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter.
by ipsecs