Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-111575 EXPLOITDB text
Public Media Manager - Remote File Inclusion
by cr4wl3r
CVE-2009-4780 EXPLOITDB text VERIFIED
phpMyFAQ < 2.5.5 - Cross-Site Scripting via Multiple Index.php Parameters
Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpMyFAQ before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter in a sitemap action, (2) the search parameter in a search action, (3) the tagging_id parameter in a search action, (4) the highlight parameter in an artikel action, (5) the artlang parameter in an artikel action, (6) the letter parameter in a sitemap action, (7) the lang parameter in a show action, (8) the cat parameter in a show action, (9) the newslang parameter in a news action, (10) the artlang parameter in a send2friend action, (11) the cat parameter in a send2friend action, (12) the id parameter in a send2friend action, (13) the srclang parameter in a translate action, (14) the id parameter in a translate action, (15) the cat parameter in a translate action, (16) the cat parameter in an add action, or (17) the question parameter in an add action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Amol Naik
CVE-2009-4157 EXPLOITDB text
Joomla! com_proofreader <1.0 RC9 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in index.php in the ProofReader (com_proofreader) component 1.0 RC9 and earlier for Joomla! allow remote attackers to inject arbitrary web script or HTML via the URI, which is not properly handled in (1) 404 or (2) error pages.
by MustLive
CVE-2009-4789 EXPLOITDB text VERIFIED
MojoBlog RC 0.15 - Remote Code Execution via mosConfig_absolute_path Parameter
Multiple PHP remote file inclusion vulnerabilities in the MojoBlog component RC 0.15 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) wp-comments-post.php and (2) wp-trackback.php.
by kaMtiEz
CVE-2009-4784 EXPLOITDB text VERIFIED
Joaktree com_joaktree 1.0 - SQL Injection via treeId Parameter
SQL injection vulnerability in the Joaktree (com_joaktree) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the treeId parameter to index.php.
by Don Tukulesto
CVE-2009-4156 EXPLOITDB text VERIFIED
Ciamos CMS < 0.9.5 - Remote Code Execution via module_path Parameter
PHP remote file inclusion vulnerability in modules/pms/index.php in Ciamos CMS 0.9.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_path parameter.
by cr4wl3r
EIP-2026-104165 EXPLOITDB text VERIFIED
Apache Tomcat 3.2.1 - 404 Error Page Cross-Site Scripting
by MustLive
EIP-2026-103796 EXPLOITDB text VERIFIED
Oracle - SYS.LT.REMOVEWORKSPACE Evil Cursor
by Andrea Purificato
EIP-2026-103795 EXPLOITDB text VERIFIED
Oracle - SYS.LT.MERGEWORKSPACE Evil Cursor
by Andrea Purificato
EIP-2026-103794 EXPLOITDB text VERIFIED
Oracle - SYS.LT.COMPRESSWORKSPACETREE Evil Cursor
by Andrea Purificato
EIP-2026-103793 EXPLOITDB text VERIFIED
Oracle - ctxsys.drvxtabc.create_tables Evil Cursor
by Andrea Purificato
EIP-2026-103792 EXPLOITDB text VERIFIED
Oracle - ctxsys.drvxtabc.create_tables
by Andrea Purificato
EIP-2026-103313 EXPLOITDB text VERIFIED
Quate CMS 0.3.5 - Local/Remote File Inclusion
by cr4wl3r
EIP-2026-103287 EXPLOITDB text VERIFIED
ISPworker 1.23 - Remote File Disclosure
by cr4wl3r
EIP-2026-103273 EXPLOITDB text VERIFIED
dotDefender 3.8-5 - Remote Command Execution
by John Dos
EIP-2026-114259 EXPLOITDB text VERIFIED
WordPress Plugin WP-Polls 2.x - Incorrect Flood Filter
by Jbyte
CVE-2009-4359 EXPLOITDB text VERIFIED
SmartMedia 0.85 Beta - Cross-Site Scripting via CategoryID Parameter
Cross-site scripting (XSS) vulnerability in folder.php in the SmartMedia 0.85 Beta module for XOOPS allows remote attackers to inject arbitrary web script or HTML via the categoryid parameter.
by SoldierOfAllah
CVE-2009-4785 EXPLOITDB text VERIFIED
Joomla! com_quicknews - SQL Injection
SQL injection vulnerability in the Quick News (com_quicknews) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a view_item action to index.php.
by Don Tukulesto
CVE-2009-4217 EXPLOITDB text VERIFIED
Joomla! MusicGallery - SQL Injection
SQL injection vulnerability in the Itamar Elharar MusicGallery (com_musicgallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an itempage action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Don Tukulesto
EIP-2026-107978 EXPLOITDB text VERIFIED
ita-forum 5.1.32 - SQL Injection
by BAYBORA
CVE-2009-4154 EXPLOITDB text VERIFIED
Elxis CMS - Path Traversal via Feed Creator Filename Parameter
Directory traversal vulnerability in includes/feedcreator.class.php in Elxis CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
by cr4wl3r
CVE-2009-4360 EXPLOITDB text VERIFIED
XOOPS 0.5 - Content Module - SQL Injection
SQL injection vulnerability in modules/content/index.php in the Content module 0.5 for XOOPS allows remote attackers to inject arbitrary web script or HTML via the id parameter.
by s4r4d0
CVE-2009-4147 EXPLOITDB text VERIFIED
FreeBSD 7.1-8.0 - Privilege Escalation
The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1 and 8.0 does not clear the (1) LD_LIBMAP, (2) LD_LIBRARY_PATH, (3) LD_LIBMAP_DISABLE, (4) LD_DEBUG, and (5) LD_ELF_HINTS_PATH environment variables, which allows local users to gain privileges by executing a setuid or setguid program with a modified variable containing an untrusted search path that points to a Trojan horse library, different vectors than CVE-2009-4146.
by kingcope
EIP-2026-100633 EXPLOITDB text VERIFIED
Xxasp 3.3.2 - SQL Injection
by Secu_lab_ir
CVE-2009-4155 EXPLOITDB text VERIFIED
Eshopbuilde CMS - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Eshopbuilde CMS allow remote attackers to execute arbitrary SQL commands via the sitebid parameter to (1) home-f.asp and (2) opinions-f.asp; (3) sitebid, (4) id, (5) secText, (6) client-ip, and (7) G_id parameters to more-f.asp; (8) sitebid, (9) id, (10) ma_id, (11) mi_id, (12) secText, (13) client-ip, and (14) G_id parameters to selectintro.asp; (15) sitebid, (16) secText, (17) adv_code, and (18) client-ip parameters to advcount.asp; (19) sitebid, (20) secText, (21) Grp_Code, (22) _method, and (23) client-ip parameters to advview.asp; and (24) sitebid, (25) secText, (26) newsId, and (27) client-ip parameters to dis_new-f.asp.
by Isfahan