Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-3243 EXPLOITDB text VERIFIED
Wireshark 1.2.0-1.2.1 - Denial of Service in TLS Dissector
Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and 1.2.1, when running on Windows, allows remote attackers to cause a denial of service (application crash) via unknown vectors related to TLS 1.2 conversations.
by Buildbot Builder
CVE-2009-3241 EXPLOITDB text VERIFIED
Wireshark 0.99.6-1.0.8 and 1.2.0-1.2.1 - Denial of Service via OPCUA Service CallRequest Packets
Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets.
by Buildbot Builder
CVE-2009-3242 EXPLOITDB text VERIFIED
Wireshark 1.2.0 and 1.2.1 - Denial of Service in GSM A RR Dissector
Unspecified vulnerability in packet.c in the GSM A RR dissector in Wireshark 1.2.0 and 1.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors related to "an uninitialized dissector handle," which triggers an assertion failure.
by Buildbot Builder
CVE-2006-2043 EXPLOITDB text VERIFIED
IP3 Networks NetAccess NA75 - Local Command Injection via Backtick Characters in CLI
na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 allows local users to gain Unix shell access via "`" (backtick) characters in the appliance's command line interface (CLI).
by r00t
CVE-2009-3343 EXPLOITDB text VERIFIED
HotWeb Rentals - SQL Injection via PropId Parameter
SQL injection vulnerability in details.asp in HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropId parameter.
by R3d-D3V!L
EIP-2026-115276 EXPLOITDB text VERIFIED
FotoTagger 2.12.0.0 - '.XML' Buffer Overflow (PoC)
by the_Edit0r
EIP-2026-114984 EXPLOITDB text VERIFIED
Batch Picture Watemark 1.0 - '.jpg' Local Crash (PoC)
by the_Edit0r
CVE-2009-3335 EXPLOITDB text VERIFIED
TurtuShout 0.11 - SQL Injection via Name Field
SQL injection vulnerability in the TurtuShout component 0.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Name field.
by jdc
CVE-2009-3659 EXPLOITDB text VERIFIED
BS Counter 2.5.3 - SQL Injection via Page Parameter
SQL injection vulnerability in file/stats.php in BS Counter 2.5.3 allows remote attackers to execute arbitrary SQL commands via the page parameter.
by Bgh7
CVE-2009-3365 EXPLOITDB text VERIFIED
Aurora CMS 1.0.2 - Remote Code Execution via AURORA_MODULES_FOLDER Parameter
PHP remote file inclusion vulnerability in add-ons/modules/sysmanager/plugins/install.plugin.php in Aurora CMS 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the AURORA_MODULES_FOLDER parameter.
by EA Ngel
EIP-2026-101387 EXPLOITDB text VERIFIED
Neufbox NB4-R1.5.10-MAIN - Persistent Cross-Site Scripting
by 599eme Man
CVE-2006-5034 EXPLOITDB text VERIFIED
Paul Smith Computer Services vCAP <1.9.0 - Path Traversal
Directory traversal vulnerability in Paul Smith Computer Services vCAP 1.9.0 Beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
by securma massine
CVE-2009-3357 EXPLOITDB text VERIFIED
com_hbssearch - SQL Injection via h_id, id, or rid Parameters
Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) h_id, (2) id, and (3) rid parameters to longDesc.php, and the h_id parameter to (4) detail.php, (5) detail1.php, (6) detail2.php, (7) detail3.php, (8) detail4.php, (9) detail5.php, (10) detail6.php, (11) detail7.php, and (12) detail8.php, different vectors than CVE-2008-5865, CVE-2008-5874, and CVE-2008-5875.
by K-159
CVE-2009-3348 EXPLOITDB text VERIFIED
Datavore Gyro 5.0 - Cross-Site Scripting via Home Component cid Parameter
Cross-site scripting (XSS) vulnerability in Datavore Gyro 5.0 allows remote attackers to inject arbitrary web script or HTML via the cid parameter in a cat action to the home component.
by OoN_Boy
CVE-2009-3544 EXPLOITDB text VERIFIED
Xerver HTTP Server 4.32 - Exposure of Sensitive Information via ::$DATA Suffix
Xerver HTTP Server 4.32 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name.
by Dr_IDE
EIP-2026-118716 EXPLOITDB text VERIFIED
Kolibri+ Web Server 2 - Source Code Disclosure
by SkuLL-HackeR
EIP-2026-118714 EXPLOITDB text VERIFIED
kolibri+ Web Server 2 - Directory Traversal
by Usman Saeed
EIP-2026-118713 EXPLOITDB text VERIFIED
Kolibri+ Web Server 2 - Arbitrary Source Code Disclosure (2)
by Dr_IDE
CVE-2009-3362 EXPLOITDB text VERIFIED
SZNews 2.7 - Remote Code Execution via printnews.php3 id Parameter
PHP remote file inclusion vulnerability in printnews.php3 in SZNews 2.7 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.
by kurdish hackers team
CVE-2009-2937 EXPLOITDB text VERIFIED
Planet and Planet Venus - Cross-Site Scripting via IMG SRC Attribute
Cross-site scripting (XSS) vulnerability in Planet 2.0 and Planet Venus allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IMG element in a feed.
by Steve Kemp
CVE-2009-3361 EXPLOITDB text VERIFIED
PHP-IPNMonitor - SQL Injection via maincat_id Parameter
SQL injection vulnerability in index.php in PHP-IPNMonitor allows remote attackers to execute arbitrary SQL commands via the maincat_id parameter.
by noname
CVE-2009-3359 EXPLOITDB text VERIFIED
Match Agency BiZ 1.0 - Cross-Site Scripting via Important Parameter or PID Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Match Agency BiZ 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) important parameter to edit_profile.php and (2) pid parameter to report.php.
by Moudi
CVE-2009-3359 EXPLOITDB text VERIFIED
Match Agency BiZ 1.0 - Cross-Site Scripting via Important Parameter or PID Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Match Agency BiZ 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) important parameter to edit_profile.php and (2) pid parameter to report.php.
by Moudi
CVE-2009-3368 EXPLOITDB text VERIFIED
com_hbssearch - Cross-Site Scripting via Adult Parameter
Cross-site scripting (XSS) vulnerability in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the adult parameter in a showhoteldetails action to index.php.
by K-159
EIP-2026-108440 EXPLOITDB text VERIFIED
Joomla! Component com_mediaalert - 'id' SQL Injection
by Moudi