Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-4047 EXPLOITDB text VERIFIED
PHD Help Desk 1.43 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in PHD Help Desk 1.43 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to area.php; the (2) pagina, (3) sentido, (4) q_registros, and (5) orden parameters to area.php; (6) the q_registros parameter to solic_display.php; (7) the PATH_INFO to area_list.php; (8) the q_registros parameter to area_list.php; (9) the PATH_INFO to atributo.php; the (10) pagina, (11) q_registros, and (12) orden parameters to atributo_list.php; (13) an arbitrary parameter name beginning with "sentido" to atributo_list.php; and (14) the PATH_INFO to caso_insert.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Amol Naik
CVE-2009-4047 EXPLOITDB text VERIFIED
PHD Help Desk 1.43 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in PHD Help Desk 1.43 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to area.php; the (2) pagina, (3) sentido, (4) q_registros, and (5) orden parameters to area.php; (6) the q_registros parameter to solic_display.php; (7) the PATH_INFO to area_list.php; (8) the q_registros parameter to area_list.php; (9) the PATH_INFO to atributo.php; the (10) pagina, (11) q_registros, and (12) orden parameters to atributo_list.php; (13) an arbitrary parameter name beginning with "sentido" to atributo_list.php; and (14) the PATH_INFO to caso_insert.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Amol Naik
EIP-2026-108962 EXPLOITDB text VERIFIED
kalimat new system 1.0 - 'index.php' SQL Injection
by ProF.Code
CVE-2009-4112 EXPLOITDB text VERIFIED
Cacti <0.8.7e - Privilege Escalation
Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands.
by MustLive
EIP-2026-106560 EXPLOITDB text VERIFIED
Dow Group - 'new.php' SQL Injection
by ProF.Code
EIP-2026-105852 EXPLOITDB text VERIFIED
Cifshanghai - 'chanpin_info.php' CMS SQL Injection
by ProF.Code
EIP-2026-101521 EXPLOITDB text VERIFIED
Alteon OS BBI (Nortell) - Cross-Site Scripting / Cross-Site Request Forgery
by Alexey Sintsov
EIP-2026-114124 EXPLOITDB text VERIFIED
WordPress Plugin Trashbin 0.1 - 'mtb_undelete' Cross-Site Scripting
by MustLive
CVE-2009-4651 EXPLOITDB text VERIFIED
Webee Comments 1.1.1, 1.2, 2.0 - Cross-Site Scripting via BBCode Tags
Multiple cross-site scripting (XSS) vulnerabilities in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) color, (2) img, or (3) url BBCode tags in unspecified vectors.
by Jeff Channell
CVE-2009-4650 EXPLOITDB text VERIFIED
Webee Comments (com_webeecomment) 1.1.1, 1.2, 2.0 - SQL Injection
SQL injection vulnerability in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a default action to index2.php. NOTE: some of these details are obtained from third party information.
by Jeff Channell
EIP-2026-110347 EXPLOITDB text VERIFIED
OS Commerce 2.2r2 - Authentication Bypass
by Stuart Udall
EIP-2026-104066 EXPLOITDB text VERIFIED
Samba 3.0.10 < 3.3.5 - Format String / Security Bypass
by Jeremy Allison
CVE-2009-1284 EXPLOITDB text VERIFIED
BibTeX 0.99 - Denial of Service via Long .bib File
Buffer overflow in BibTeX 0.99 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a long .bib bibliography file.
by Vincent Lafevre
CVE-2009-4171 EXPLOITDB text VERIFIED
Yahoo! Messenger 9.0.0.2162 - Denial of Service via YahooBridgeLib.dll RegisterMe Method
An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument.
by HACKATTACK
EIP-2026-104126 EXPLOITDB text VERIFIED
WebKit - 'Document()' Remote Information Disclosure
by Chris Evans
CVE-2009-2285 EXPLOITDB text VERIFIED
libtiff 3.8.2 - Denial of Service via LZWDecodeCompat Buffer Underflow
Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.
by wololo
CVE-2009-2473 EXPLOITDB text VERIFIED
neon < 0.28.6 - Denial of Service via Nested XML Entity Expansion
neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
by Peter Valchev
CVE-2009-3565 EXPLOITDB text VERIFIED
McAfee IntruShield Network Security Manager < 5.1.11.6 - Cross-Site Scripting via Login.jsp Parameters
Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before 5.1.11.6 allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or (2) node parameter.
by Daniel King
EIP-2026-102505 EXPLOITDB text VERIFIED
McAfee Network Security Manager < 5.1.11.8.1 - Information Disclosure
by Daniel King
CVE-2009-0184 EXPLOITDB text VERIFIED
Free Download Manager <3.0.844 - RCE
Multiple buffer overflows in the torrent parsing implementation in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allow remote attackers to execute arbitrary code via (1) a long file name within a torrent file, (2) a long tracker URL in a torrent file, or (3) a long comment in a torrent file.
by Carsten Eiram
CVE-2009-3890 EXPLOITDB text VERIFIED
WordPress < 2.8.5 - Authenticated Remote Code Execution via Multiple-Extension Filename Upload
Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
by Dawid Golunski
CVE-2009-2820 EXPLOITDB text VERIFIED
macOS < 10.6.2 - Cross-Site Scripting via CUPS Web Interface
The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs, as demonstrated by an XSS attack that uses the kerberos parameter to the admin program, and leverages attribute injection and HTTP Parameter Pollution (HPP) issues.
by Aaron Sigel
EIP-2026-113511 EXPLOITDB text VERIFIED
WordPress MU 1.2.2 < 1.3.1 - '/wp-includes/wpmu-functions.php' Cross-Site Scripting
by Juan Galiana Lara
EIP-2026-113494 EXPLOITDB text VERIFIED
WordPress Core 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass
by Fernando Arnaboldi
CVE-2009-4250 EXPLOITDB text VERIFIED
CutePHP CuteNews 1.4.6 and UTF-8 CuteNews < 8b - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to register.php; (2) the user parameter to search.php; the (3) cat_msg, (4) source_msg, (5) postponed_selected, (6) unapproved_selected, and (7) news_per_page parameters in a list action to the editnews module of index.php; and (8) the link tag in news comments. NOTE: some of the vulnerabilities require register_globals to be enabled and/or magic_quotes_gpc to be disabled.
by Andrew Horton