Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-102828 EXPLOITDB text VERIFIED
Enlightenment - Linux Null PTR Dereference Framework
by spender
EIP-2026-115960 EXPLOITDB text VERIFIED
Novell eDirectory 8.8 SP5 - Remote Denial of Service
by karak0rsan
CVE-2009-3103 EXPLOITDB text VERIFIED
Windows Vista and Server 2008 - Remote Code Execution via SMBv2 Negotiate Protocol Request
Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
by laurent gaffie
CVE-2009-2958 EXPLOITDB text VERIFIED
dnsmasq < 2.50 - Denial of Service via Malformed TFTP Blksize Option
The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option.
by Core Security
CVE-2009-3173 EXPLOITDB text VERIFIED
The Rat CMS Alpha 2 - Unauthenticated Arbitrary File Upload and Remote Code Execution via Album Image Upload
Unrestricted file upload vulnerability in admin/add_album.php in The Rat CMS Alpha 2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/.
by Securitylab.ir
CVE-2009-4626 EXPLOITDB text VERIFIED
phpNagios 1.2.0 - Remote File Inclusion via menu.php conf[lang] Parameter
Directory traversal vulnerability in menu.php in phpNagios 1.2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the conf[lang] parameter.
by CoBRa_21
CVE-2008-7000 EXPLOITDB text VERIFIED
PHPAuction 3.2 - Remote Code Execution via Index.php Lan Parameter
PHP remote file inclusion vulnerability in index.php in PHPAuction 3.2 allows remote attackers to execute arbitrary PHP code via a URL in the lan parameter. NOTE: this might be related to CVE-2005-2255.1.
by Beenu Arora
CVE-2009-3174 EXPLOITDB text VERIFIED
OBOphiX < 2.7.0 - Remote Code Execution via chemin_lib Parameter
PHP remote file inclusion vulnerability in fonctions_racine.php in OBOphiX 2.7.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin_lib parameter.
by EA Ngel
CVE-2009-3175 EXPLOITDB text VERIFIED
Model Agency Manager PRO - SQL Injection via user_id or id Parameter
Multiple SQL injection vulnerabilities in Model Agency Manager PRO (formerly Modeling Agency Content Management Script) allow remote attackers to execute arbitrary SQL commands via the user_id parameter to (1) view.php, (2) photos.php, and (3) motm.php; and the (4) id parameter to forum_message.php.
by R3d-D3V!L
EIP-2026-109289 EXPLOITDB text VERIFIED
Mambo Component Hestar - SQL Injection
by M3NW5
CVE-2009-4620 EXPLOITDB text VERIFIED
Joomloc com_joomloc 1.0 - SQL Injection via id Parameter
SQL injection vulnerability in the Joomloc (com_joomloc) component 1.0 for Joomla allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php.
by Chip d3 bi0s
CVE-2009-2692 EXPLOITDB HIGH text VERIFIED
Linux kernel <2.6.30.4, <2.4.37.4 - Privilege Escalation
The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.
by Ramon de C Valle
CVSS 7.8
EIP-2026-100995 EXPLOITDB text VERIFIED
Check Point Endpoint Security - Full Disk Encryption RDP Connection Denial of Service
by Tim Medin
EIP-2026-100197 EXPLOITDB text VERIFIED
ChartDirector 5.0.1 - 'cacheId' Arbitrary File Disclosure
by DokFLeed
EIP-2026-109645 EXPLOITDB text VERIFIED
MundiMail 0.8.2 - Remote Code Execution
by Dedalo
EIP-2026-109012 EXPLOITDB text VERIFIED
KingCMS 0.6 - 'CONFIG[AdminPath]' Remote File Inclusion
by Securitylab.ir
CVE-2009-4991 EXPLOITDB text VERIFIED
Omnistar Recruiting - Cross-Site Scripting via job2 Parameter
Cross-site scripting (XSS) vulnerability in users/resume_register.php in Omnistar Recruiting allows remote attackers to inject arbitrary web script or HTML via the job2 parameter.
by MizoZ
CVE-2009-2521 EXPLOITDB text VERIFIED
Microsoft Internet Information Services 5.0-7.0 - Authenticated Denial of Service via FTP List Command
Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka "IIS FTP Service DoS Vulnerability."
by kingcope
EIP-2026-112669 EXPLOITDB text VERIFIED
Ticket Support Script - 'ticket.php' Arbitrary File Upload
by InjEctOr5
CVE-2009-4474 EXPLOITDB text VERIFIED
Mike de Boer zoom (com_zoom) 2.0 - SQL Injection
SQL injection vulnerability in the Mike de Boer zoom (com_zoom) component 2.0 for Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
by boom3rang
CVE-2009-4475 EXPLOITDB text VERIFIED
Joomlub com_joomlub - SQL Injection via aid Parameter
SQL injection vulnerability in the Joomlub (com_joomlub) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an auction edit action to index.php.
by 599eme Man
CVE-2009-4470 EXPLOITDB text VERIFIED
DVBBS 2.0 - SQL Injection via boardrule.php groupboardid Parameter
SQL injection vulnerability in boardrule.php in DVBBS 2.0 allows remote attackers to execute arbitrary SQL commands via the groupboardid parameter.
by Securitylab.ir
EIP-2026-116093 EXPLOITDB text VERIFIED
PPstream 2.6.86.8900 - PPSMediaList ActiveX Remote Buffer Overflow (PoC) (2)
by expose 0day
EIP-2026-116092 EXPLOITDB text VERIFIED
PPstream 2.6.86.8900 - PPSMediaList ActiveX Remote Buffer Overflow (PoC) (1)
by expose 0day
CVE-2009-4472 EXPLOITDB text VERIFIED
PHPope < 1.0.0 - Remote Code Execution via GLOBALS Parameter Manipulation
Multiple PHP remote file inclusion vulnerabilities in PHPope 1.0.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[config][dir][plugins] parameter to plugins/address/admin/index.php, (2) GLOBALS[config][dir][functions] parameter to plugins/im/compose.php, and (3) GLOBALS[config][dir][classes] parameter to plugins/cssedit/admin/index.php.
by cr4wl3r