Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-3356 EXPLOITDB text VERIFIED
Image voting 1.0 - SQL Injection via Show Parameter
SQL injection vulnerability in index.php in Image voting 1.0 allows remote attackers to execute arbitrary SQL commands via the show parameter.
by SkuLL-HackeR
CVE-2009-3349 EXPLOITDB text VERIFIED
Datavore Gyro 5.0 - SQL Injection via cid Parameter in Home Component
SQL injection vulnerability in Datavore Gyro 5.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter in a cat action to the home component.
by OoN_Boy
CVE-2009-3076 EXPLOITDB text VERIFIED
Mozilla Firefox <3.0.14 - Info Disclosure
Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule operations, which makes it easier for remote attackers to trick a user into installing or removing an arbitrary PKCS11 module.
by Dan Kaminsky
CVE-2009-2692 EXPLOITDB HIGH text VERIFIED
Linux kernel <2.6.30.4, <2.4.37.4 - Privilege Escalation
The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.
by Ramon de C Valle
CVSS 7.8
CVE-2009-3366 EXPLOITDB text VERIFIED
An image gallery 1.0 - Path Traversal via Path Parameter
Directory traversal vulnerability in navigation.php in An image gallery 1.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the path parameter.
by ThE g0bL!N
CVE-2009-4615 EXPLOITDB text VERIFIED
MYRE Holiday Rental Manager - SQL Injection
SQL injection vulnerability in review.php in MYRE Holiday Rental Manager allows remote attackers to execute arbitrary SQL commands via the link_id parameter in a show_review action.
by Mr.SQL
CVE-2009-3665 EXPLOITDB text VERIFIED
Nullam Blog 0.1.2 - SQL Injection via i or v Parameter
Multiple SQL injection vulnerabilities in index.php in Nullam Blog 0.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) i parameter or (2) v parameters in a register action.
by Salvatore Fresta
CVE-2009-3664 EXPLOITDB text VERIFIED
Nullam Blog 0.1.2 - Path Traversal via p or s Parameter
Multiple directory traversal vulnerabilities in index.php in Nullam Blog 0.1.2 allow remote attackers to include or execute arbitrary files via a .. (dot dot) in the (1) p and (2) s parameters.
by Salvatore Fresta
EIP-2026-115526 EXPLOITDB text VERIFIED
Kolibri+ Web Server 2 - GET Denial of Service
by Usman Saeed
EIP-2026-112761 EXPLOITDB text VERIFIED
tourismscripts HotelBook - 'hotel_id' Multiple SQL Injections
by Mr.SQL
CVE-2009-3494 EXPLOITDB text VERIFIED
T-HTB Manager 0.5 - SQL Injection via id or name Parameter
Multiple SQL injection vulnerabilities in index.php in T-HTB Manager 0.5, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in a delete_category action, (2) the name parameter in an update_category action, and other vectors.
by Salvatore Fresta
CVE-2009-3666 EXPLOITDB text VERIFIED
Nullam Blog 0.1.2 - Cross-Site Scripting via Error Parameter
Cross-site scripting (XSS) vulnerability in index.php in Nullam Blog 0.1.2 allows remote attackers to inject arbitrary web script or HTML via the e parameter in an error action.
by Salvatore Fresta
CVE-2009-4616 EXPLOITDB text VERIFIED
MYRE Holiday Rental Manager - Cross-Site Scripting via search.php cat_id1 Parameter
Cross-site scripting (XSS) vulnerability in search.php in MYRE Holiday Rental Manager allows remote attackers to inject arbitrary web script or HTML via the cat_id1 parameter.
by Mr.SQL
EIP-2026-108493 EXPLOITDB text VERIFIED
Joomla! Component com_pressrelease - 'id' SQL Injection
by Moudi
CVE-2009-4624 EXPLOITDB text VERIFIED
Nicecoder iDesk - SQL Injection via download.php cat_id Parameter
SQL injection vulnerability in download.php in Nicecoder iDesk allows remote attackers to execute arbitrary SQL commands via the cat_id parameter, a different vector than CVE-2005-3843.
by Mr.SQL
EIP-2026-107473 EXPLOITDB text VERIFIED
Graffiti CMS 1.x - Arbitrary File Upload
by Alexander Concha
CVE-2009-4622 EXPLOITDB text VERIFIED
Drunken:Golem Gaming Portal 0.5.1 - RCE
PHP remote file inclusion vulnerability in admin/admin_news_bot.php in Drunken:Golem Gaming Portal 0.5.1 alpha 2 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, a different vector than CVE-2007-0572.
by EA Ngel
CVE-2009-3360 EXPLOITDB text VERIFIED
datemill 1.0 - Cross-Site Scripting via return and st Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Datemill 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) return parameter to photo_view.php, and st parameter to (2) photo_search.php and (3) search.php.
by Moudi
CVE-2009-3360 EXPLOITDB text VERIFIED
datemill 1.0 - Cross-Site Scripting via return and st Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Datemill 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) return parameter to photo_view.php, and st parameter to (2) photo_search.php and (3) search.php.
by Moudi
CVE-2009-3360 EXPLOITDB text VERIFIED
datemill 1.0 - Cross-Site Scripting via return and st Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Datemill 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) return parameter to photo_view.php, and st parameter to (2) photo_search.php and (3) search.php.
by Moudi
CVE-2009-4618 EXPLOITDB text VERIFIED
Tourism Script Bus Script - SQL Injection
Multiple SQL injection vulnerabilities in Tourism Script Bus Script allow remote attackers to execute arbitrary SQL commands via the sitetext_id parameter to (1) aboutus.php and (2) faq.php.
by Mr.SQL
CVE-2009-3367 EXPLOITDB text VERIFIED
An image gallery 1.0 - Cross-Site Scripting via Path and Show Parameters
Multiple cross-site scripting (XSS) vulnerabilities in An image gallery 1.0 allow remote attackers to inject arbitrary web script or HTML via the path parameter to (1) index.php and (2) main.php, and the (3) show parameter to main.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ThE g0bL!N
CVE-2009-4623 EXPLOITDB text VERIFIED
Advanced Comment System 1.0 - Remote Code Execution via ACS_path Parameter
Multiple PHP remote file inclusion vulnerabilities in Advanced Comment System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the ACS_path parameter to (1) index.php and (2) admin.php in advanced_comment_system/. NOTE: this might only be a vulnerability when the administrator has not followed installation instructions in install.php. NOTE: this might be the same as CVE-2020-35598.
by Kurd-Team
CVE-2009-3358 EXPLOITDB text VERIFIED
Tourism Scripts Adult Portal Escort Listing - SQL Injection via profile.php user_id Parameter
SQL injection vulnerability in profile.php in Tourism Scripts Adult Portal escort listing allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
by Mr.SQL
CVE-2009-4617 EXPLOITDB text VERIFIED
Tourismscripts Tourism Script Accomodation Hotel Booking Portal Script - SQL Injection
Multiple SQL injection vulnerabilities in Tourism Script Accommodation Hotel Booking Portal Script allow remote attackers to execute arbitrary SQL commands via the hotel_id parameter to (1) hotel.php, (2) details.php, (3) roomtypes.php, (4) photos.php, (5) map.php, (6) weather.php, (7) reviews.php, and (8) book.php.
by Mr.SQL