Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-101091 EXPLOITDB text
TANDBERG F8.2 / F8.0 / F7.2 / F6.3 - Remote Denial of Service
by otokoyama
EIP-2026-113824 EXPLOITDB text VERIFIED
WordPress Plugin Image Manager - Arbitrary File Upload
by DigitALL
CVE-2009-4571 EXPLOITDB text VERIFIED
PhpShop 0.8.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in index.php in PhpShop 0.8.1 allow remote attackers to execute arbitrary SQL commands via the (1) module_id parameter in an admin/function_list action, the (2) vendor_id parameter in a vendor/vendor_form action, the (3) module_id parameter in an admin/module_form action, the (4) user_id parameter in an admin/user_form action, the (5) vendor_category_id parameter in a vendor/vendor_category_form action, the (6) user_id parameter in a store/user_form action, the (7) payment_method_id parameter in a store/payment_method_form action, the (8) tax_rate_id parameter in a tax/tax_form action, or the (9) category parameter in a shop/browse action. NOTE: the product_id vector is already covered by CVE-2008-0681.
by Andrea Fabrizi
EIP-2026-114286 EXPLOITDB text VERIFIED
WordPress Plugin Yoast Google Analytics 3.2.4 - 404 Error Page Cross-Site Scripting
by intern0t
CVE-2009-4266 EXPLOITDB text
YABSoft Advanced Image Hosting Script 2.2 - Cross-Site Scripting via search.php text parameter
Cross-site scripting (XSS) vulnerability in search.php in YABSoft Advanced Image Hosting (AIH) Script 2.2, and possibly 2.3, allows remote attackers to inject arbitrary web script or HTML via the text parameter.
by R3VAN_BASTARD
EIP-2026-108903 EXPLOITDB text VERIFIED
Joomla! Component yt_color YOOOtheme - Cross-Site Scripting / Cookie Stealing
by andresg888
EIP-2026-108902 EXPLOITDB text VERIFIED
Joomla! Component You!Hostit! 1.0.1 Template - Cross-Site Scripting
by andresg888
EIP-2026-108901 EXPLOITDB text VERIFIED
Joomla! Component YOOtheme Warp5 - 'yt_color' Cross-Site Scripting
by andresg888
EIP-2026-107933 EXPLOITDB text
Invision Power Board 2.3.6/3.0.4 - Local File Inclusion / SQL Injection
by Dawid Golunski
CVE-2009-4263 EXPLOITDB text VERIFIED
PTCPay GeN3 forum 1.3 - SQL Injection
SQL injection vulnerability in main_forum.php in PTCPay GeN3 forum 1.3 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
by Dr.0rYX & Cr3W-DZ
EIP-2026-105949 EXPLOITDB text VERIFIED
Clixint Technologies DPI - Cross-Site Scripting
by anonymous
EIP-2026-105565 EXPLOITDB text VERIFIED
BM Classifieds Ads - SQL Injection
by Dr.0rYX & Cr3W-DZ
EIP-2026-104910 EXPLOITDB text
Achievo 1.4.2 - Persistent Cross-Site Scripting
by Nahuel Grisolia
EIP-2026-104909 EXPLOITDB text VERIFIED
Achievo 1.4.2 - Arbitrary File Upload
by Nahuel Grisolia
EIP-2026-104837 EXPLOITDB text
427BB 2.3.2 - SQL Injection
by cr4wl3r
CVE-2009-4196 EXPLOITDB text VERIFIED
Huawei MT882 V100R002B020 ARG-T 3.7.9.98 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in multiple scripts in Forms/ in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 allow remote attackers to inject arbitrary web script or HTML via the (1) BackButton parameter to error_1; (2) wzConnFlag parameter to fresh_pppoe_1; (3) diag_pppindex_argen and (4) DiagStartFlag parameters to rpDiag_argen_1; (5) wzdmz_active and (6) wzdmzHostIP parameters to rpNATdmz_argen_1; (7) wzVIRTUALSVR_endPort, (8) wzVIRTUALSVR_endPortLocal, (9) wzVIRTUALSVR_IndexFlag, (10) wzVIRTUALSVR_localIP, (11) wzVIRTUALSVR_startPort, and (12) wzVIRTUALSVR_startPortLocal parameters to rpNATvirsvr_argen_1; (13) Connect_DialFlag, (14) Connect_DialHidden, and (15) Connect_Flag parameters to rpStatus_argen_1; (16) Telephone_select, and (17) wzFirstFlag parameters to rpwizard_1; and (18) wzConnectFlag parameter to rpwizPppoe_1.
by DecodeX01
CVE-2009-4148 EXPLOITDB text VERIFIED
DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 - Remote Code Execution via JavaScript in .ds, .dsa, .dse, or .dsb Files
DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote attackers to execute arbitrary JavaScript code via a (1) .ds, (2) .dsa, (3) .dse, or (4) .dsb file, as demonstrated by code that loads the WScript.Shell ActiveX control, related to a "script injection vulnerability."
by Core Security
CVE-2009-4783 EXPLOITDB text VERIFIED
Theeta CMS - SQL Injection via Forum Start Parameter
Multiple SQL injection vulnerabilities in Theeta CMS, possibly 0.01, allow remote attackers to execute arbitrary SQL commands via the start parameter to (1) forum.php and (2) thread.php in community/, and (3) blog/index.php.
by c0dy
EIP-2026-112629 EXPLOITDB text VERIFIED
Thatware 0.5.3 - Multiple Remote File Inclusions
by cr4wl3r
EIP-2026-111894 EXPLOITDB text VERIFIED
SAPID SHOP 1.3 - Remote File Inclusion
by cr4wl3r
CVE-2009-2626 EXPLOITDB text VERIFIED
PHP < 5.2.10 - Memory Disclosure and Denial of Service via ini_set and ini_restore
The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable.
by Maksymilian Arciemowicz
CVE-2009-4197 EXPLOITDB text VERIFIED
Huawei MT882 V100R002B020 ARG-T - Info Disclosure
rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 contains a form that does not disable the autocomplete setting for the password parameter, which makes it easier for local users or physically proximate attackers to obtain the password from web browsers that support autocomplete.
by DecodeX01
CVE-2013-0192 EXPLOITDB MEDIUM text VERIFIED
Simple Machines Forum <= 2.0.3 - Authenticated File Disclosure via Admin Interface
File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin can read files such as the database config.
by SimpleAudit Team
CVSS 4.9
EIP-2026-108998 EXPLOITDB text VERIFIED
Kide Shoutbox 0.4.6 - Cross-Site Scripting / AXFR
by andresg888
EIP-2026-111786 EXPLOITDB text VERIFIED
Robert Zimmerman PHP / MySQL Scripts - Authentication Bypass
by DUNDEE