Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-4597 EXPLOITDB text VERIFIED
PHP Inventory 1.2 - SQL Injection via User ID, Username, or Password Parameter
Multiple SQL injection vulnerabilities in index.php in PHP Inventory 1.2 allow (1) remote authenticated users to execute arbitrary SQL commands via the user_id parameter in a users details action, and allow remote attackers to execute arbitrary SQL commands via the (2) user (username) and (3) pass (password) parameters. NOTE: some of these details are obtained from third party information.
by mr_me
CVE-2009-4315 EXPLOITDB text VERIFIED
Nuggetz CMS 1.0 - Path Traversal and Arbitrary File Write via nugget Parameter
Directory traversal vulnerability in admin/ajaxsave.php in Nuggetz CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to create or modify arbitrary files via a .. (dot dot) in the nugget parameter and a modified pagevalue parameter, as demonstrated by creating and accessing a .php file to execute arbitrary PHP code.
by Amol Naik
CVE-2009-4604 EXPLOITDB text VERIFIED
Fernando Soares Mamboleto <2.0 RC3 - RCE
PHP remote file inclusion vulnerability in mamboleto.php in the Fernando Soares Mamboleto (com_mamboleto) component 2.0 RC3 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
by Don Tukulesto
CVE-2009-4599 EXPLOITDB text
JS Jobs (com_jsjobs) 1.0.5.6 - SQL Injection via md or oi Parameter
Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) component 1.0.5.6 for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the md parameter in an employer view_company action to index.php or (2) the oi parameter in an employer view_job action to index.php.
by kaMtiEz
CVE-2009-4598 EXPLOITDB text
com_jphoto 1.0 - SQL Injection via id Parameter
SQL injection vulnerability in the JPhoto (com_jphoto) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a category action to index.php.
by kaMtiEz
EIP-2026-100330 EXPLOITDB text VERIFIED
Free ASP Upload - Arbitrary File Upload
by Mr.aFiR
EIP-2026-100016 EXPLOITDB text
OPMANAGER - Blind SQL Injection / XPath Injection
by Asheesh kumar Mani Tripathi
CVE-2009-5159 EXPLOITDB MEDIUM text VERIFIED
Invision Power Board 2.x-3.0.4 - Cross-Site Scripting via .txt Attachment
Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment.
by Xacker
CVSS 6.1
CVE-2009-4600 EXPLOITDB text
NetArt Media Real Estate Portal 2.0 - SQL Injection
SQL injection vulnerability in realestate20/loginaction.php in NetArt Media Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the Email parameter (aka the username field). NOTE: some of these details are obtained from third party information.
by AnTi SeCuRe
CVE-2009-4238 EXPLOITDB text VERIFIED
TestLink - Authenticated SQL Injection via Test Case ID or logLevel Parameter
Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the Test Case ID field to lib/general/navBar.php or (2) the logLevel parameter to lib/events/eventviewer.php.
by Core Security
CVE-2009-4613 EXPLOITDB text
NetArt Media Real Estate Portal 2.0 - SQL Injection
SQL injection vulnerability in realestate20/loginaction.php in NetArt Media Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by AnTi SeCuRe
EIP-2026-101474 EXPLOITDB text
THOMSON TG585n 7.4.3.2 - 'user.ini' Arbitrary Disclosure
by AnTi SeCuRe
CVE-2009-4567 EXPLOITDB text VERIFIED
Viscacha 0.8 Gold - Authenticated Cross-Site Scripting via Profile Parameters
Multiple cross-site scripting (XSS) vulnerabilities in editprofile.php in Viscacha 0.8 Gold allow remote authenticated users to inject arbitrary web script or HTML via the (1) skype, (2) yahoo, (3) aol, (4) msn, or (5) jabber parameter in a profile2 action. NOTE: some of these details are obtained from third party information.
by mr_me
EIP-2026-108404 EXPLOITDB text
Joomla! Component com_job - 'showMoreUse' SQL Injection
by Palyo34
EIP-2026-107951 EXPLOITDB text VERIFIED
IRAN N.E.T E-Commerce Group - SQL Injection
by Dr.0rYX & Cr3W-DZ
CVE-2009-3061 EXPLOITDB text
Alqatari Q R Script 1.0 - SQL Injection via lesson.php id Parameter
SQL injection vulnerability in lesson.php in Alqatari Q R Script 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
by Red-D3v1L
CVE-2009-4256 EXPLOITDB text VERIFIED
AlefMentor 2.0 and 2.2 - SQL Injection via cont_id and courc_id Parameters
Multiple SQL injection vulnerabilities in cource.php in AlefMentor 2.0 and 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) cont_id and (2) courc_id parameters in a pregled action. NOTE: some of these details are obtained from third party information.
by Red-D3v1L
EIP-2026-112177 EXPLOITDB text VERIFIED
SiSplet CMS 2008-01-24 - Multiple Remote File Inclusions
by cr4wl3r
EIP-2026-109325 EXPLOITDB text VERIFIED
MarieCMS 0.9 - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting
by Amol Naik
EIP-2026-105836 EXPLOITDB text VERIFIED
Chipmunk NewsLetter - Persistent Cross-Site Scripting
by mr_me
EIP-2026-104986 EXPLOITDB text VERIFIED
Advanced Image Hosting Script 2.x - 'search.php' Cross-Site Scripting
by aBo MoHaMeD
EIP-2026-101549 EXPLOITDB text VERIFIED
Barracuda IMFirewall 620 - Multiple Vulnerabilities
by Global-Evolution
EIP-2026-119384 EXPLOITDB text VERIFIED
iWeb HTTP Server - Directory Traversal
by mr_me
CVE-2009-4569 EXPLOITDB text VERIFIED
Elkagroup Image Gallery - SQL Injection
SQL injection vulnerability in elkagroup Image Gallery allows remote attackers to execute arbitrary SQL commands via the id parameter to the default URI under news/.
by SadHaCkEr
CVE-2009-4264 EXPLOITDB text VERIFIED
AROUNDMe 1.1 - Remote Code Execution via Language Path Parameter
PHP remote file inclusion vulnerability in components/core/connect.php in AROUNDMe 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the language_path parameter.
by cr4wl3r