Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-4224 EXPLOITDB text VERIFIED
SweetRice < 0.5.4 - Remote File Inclusion via root_dir Parameter
Multiple PHP remote file inclusion vulnerabilities in SweetRice 0.5.4, 0.5.3, and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root_dir parameter to (1) _plugin/subscriber/inc/post.php and (2) as/lib/news_modify.php.
by cr4wl3r
EIP-2026-114258 EXPLOITDB text VERIFIED
WordPress Plugin WP-phpList 2.10.2 - 'unsubscribeemail' Cross-Site Scripting
by MustLive
CVE-2009-4231 EXPLOITDB text VERIFIED
SweetRice < 0.5.3 - Remote File Inclusion via Plugin Parameter
Directory traversal vulnerability in as/lib/plugins.php in SweetRice 0.5.3 and earlier allows remote attackers to include and execute arbitrary local files via .. (dot dot) in the plugin parameter.
by cr4wl3r
EIP-2026-112470 EXPLOITDB text VERIFIED
Sugar CRM 5.5.0.rc2/5.2.0j - Multiple Vulnerabilities
by waraxe
EIP-2026-104944 EXPLOITDB text VERIFIED
AdaptCMS Lite 1.5 - Remote File Inclusion
by v3n0m
CVE-2009-4117 EXPLOITDB text VERIFIED
MuPDF <20091125231942 - Buffer Overflow
Multiple stack-based buffer overflows in pdf_shade4.c in MuPDF before commit 20091125231942, as used in SumatraPDF before 1.0.1, allow remote attackers to cause a denial of service and possibly execute arbitrary code via a /Decode array for certain types of shading that are not properly handled by the (1) pdf_loadtype4shade, (2) pdf_loadtype5shade, (3) pdf_loadtype6shade, and (4) pdf_loadtype7shade functions. NOTE: some of these details are obtained from third party information.
by Christophe Devine
EIP-2026-112915 EXPLOITDB text VERIFIED
Uploaderr 1.0 File Hosting Script - Arbitrary File Upload
by DigitALL
CVE-2009-4221 EXPLOITDB text VERIFIED
phpBazar < 2.1.1fix - SQL Injection via Classified.php catid Parameter
SQL injection vulnerability in classified.php in phpBazar 2.1.1fix and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2008-3767.
by MizoZ
CVE-2009-4104 EXPLOITDB text VERIFIED
LyftenBloggie 1.0.4 - SQL Injection
SQL injection vulnerability in Lyften Designs LyftenBloggie (com_lyftenbloggie) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the author parameter to index.php.
by kaMtiEz
EIP-2026-110866 EXPLOITDB text VERIFIED
PHP-Nuke 8.0 - News Module Cross-Site Scripting / HTML Code Injection
by K053
CVE-2009-4234 EXPLOITDB text VERIFIED
Micronet Network Access Controller SP1910 - XSS
Cross-site scripting (XSS) vulnerability in loginpages/error_user.shtml on the Micronet Network Access Controller SP1910 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
by K053
EIP-2026-107120 EXPLOITDB text VERIFIED
Flashden - Multiple Arbitrary File Uploads
by DigitALL
EIP-2026-106316 EXPLOITDB text VERIFIED
CyberCMS - 'faq.php' SQL Injection
by hc0de
CVE-2010-2543 EXPLOITDB text VERIFIED
Cacti < 0.8.7g - Cross-Site Scripting via graph_start Parameter
Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graph_start parameter to graph.php. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-4032.2.b.
by Moritz Naumann
CVE-2009-4170 EXPLOITDB text VERIFIED
WP-Cumulus Plug-in <1.20 - Info Disclosure
WP-Cumulus Plug-in 1.20 for WordPress, and possibly other versions, allows remote attackers to obtain sensitive information via a crafted request to wp-cumulus.php, probably without parameters, which reveals the installation path in an error message.
by MustLive
CVE-2009-4096 EXPLOITDB text VERIFIED
RADIO istek scripti 2.5 - Info Disclosure
RADIO istek scripti 2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user credentials via a direct request for estafresgaftesantusyan.inc.
by kurdish hackers team
EIP-2026-111447 EXPLOITDB text VERIFIED
Power BB 1.8.3 - Remote File Inclusions
by DigitALL
CVE-2009-4222 EXPLOITDB text VERIFIED
phpBazar <2.1.1fix - Info Disclosure
phpBazar 2.1.1fix and earlier does not require administrative authentication for admin/admin.php, which allows remote attackers to obtain access to the admin control panel via a direct request.
by kurdish hackers team
EIP-2026-110280 EXPLOITDB text VERIFIED
OpenCSP - Multiple Remote File Inclusions
by EANgel
EIP-2026-108450 EXPLOITDB text VERIFIED
Joomla! Component com_mygallery - 'cid' SQL Injection
by S@BUN
CVE-2009-4099 EXPLOITDB text VERIFIED
Google Calendar GCalendar <2.1.4 - SQL Injection
SQL injection vulnerability in the Google Calendar GCalendar (com_gcalendar) component 1.1.2, 2.1.4, and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the gcid parameter. NOTE: some of these details are obtained from third party information.
by Yogyacarderlink Crew
EIP-2026-107035 EXPLOITDB text VERIFIED
Fake Hit Generator 2.2 - Arbitrary File Upload
by DigitALL
CVE-2009-4108 EXPLOITDB text VERIFIED
XM Easy Personal FTP Server 5.8.0 - DoS
XM Easy Personal FTP Server 5.8.0 allows remote authenticated users to cause a denial of service (crash) by uploading or creating a large number of files or directories, then performing a LIST command.
by leinakesi
CVE-2009-4105 EXPLOITDB text VERIFIED
TYPSoft FTP Server 1.10 - Authenticated Denial of Service via APPE and DELE Command Sequence
TYPSoft FTP Server 1.10 allows remote authenticated users to cause a denial of service (crash) by sending an APPE (append) command immediately followed by a DELE (delete) command without sending file data in between these two commands.
by leinakesi
EIP-2026-113750 EXPLOITDB text VERIFIED
WordPress Plugin Firestats 1.0.2 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabilities (1)
by MustLive