Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-3057 EXPLOITDB text VERIFIED
AOM Software Beex 3 - Cross-Site Scripting via navaction Parameter
Multiple cross-site scripting (XSS) vulnerabilities in AOM Software Beex 3 allow remote attackers to inject arbitrary web script or HTML via the navaction parameter to (1) news.php and (2) partneralle.php.
by Moudi
EIP-2026-100382 EXPLOITDB text VERIFIED
JSFTemplating / Mojarra Scales / GlassFish - File Disclosure
by SEC Consult
CVE-2009-3252 EXPLOITDB text VERIFIED
Dave Robinson Rockbandcms - SQL Injection
Multiple SQL injection vulnerabilities in news.php in Rock Band CMS 0.10 allow remote attackers to execute arbitrary SQL commands via the (1) year and (2) id parameters.
by Affix
EIP-2026-111696 EXPLOITDB text VERIFIED
Re-Script 0.99 Beta - 'listings.php?op' SQL Injection
by Mr.SQL
CVE-2009-3246 EXPLOITDB text VERIFIED
MyBuxScript PTC-BUX - SQL Injection via spnews.php id Parameter
SQL injection vulnerability in spnews.php in MyBuxScript PTC-BUX allows remote attackers to execute arbitrary SQL commands via the id parameter in an spnews action to the default URI. NOTE: some of these details are obtained from third party information.
by HxH
EIP-2026-109541 EXPLOITDB text VERIFIED
Modern Script 5.0 - 'index.php?s' SQL Injection
by Red-D3v1L
EIP-2026-109507 EXPLOITDB text VERIFIED
MKPortal 1.x - Multiple BBCode HTML Injection Vulnerabilities
by Inj3ct0r
EIP-2026-109506 EXPLOITDB text VERIFIED
MKPortal 1.x (Multiple Modules) - Cross-Site Scripting
by Inj3ct0r
CVE-2009-3260 EXPLOITDB text VERIFIED
LiveStreet 0.2 - Cross-Site Scripting via Topic Header in Comment
Cross-site scripting (XSS) vulnerability in LiveStreet 0.2 allows remote attackers to inject arbitrary web script or HTML via the header of the topic in a comment.
by Inj3ct0r
CVE-2009-3256 EXPLOITDB text VERIFIED
LiveStreet 0.2 - Cross-Site Scripting via URI Parameter
Cross-site scripting (XSS) vulnerability in include/ajax/blogInfo.php in LiveStreet 0.2 allows remote attackers to inject arbitrary web script or HTML via the URI, as demonstrated by a SCRIPT element in an arbitrary parameter such as the asd parameter.
by Inj3ct0r
CVE-2009-3059 EXPLOITDB text VERIFIED
Allpublication Jboard < 2.0 - SQL Injection
Multiple SQL injection vulnerabilities in Joker Board (aka JBoard) 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) core/select.php or (2) the city parameter to top_add.inc.php, reachable through sboard.php.
by Inj3ct0r
EIP-2026-106647 EXPLOITDB text VERIFIED
e-Soft24 PTC Script 1.2 - 'login.php' Multiple Cross-Site Scripting Vulnerabilities
by 599eme Man
EIP-2026-106645 EXPLOITDB text VERIFIED
e-Soft24 Jokes Portal Script Seo 1.0 - Multiple Cross-Site Scripting Vulnerabilities
by 599eme Man
EIP-2026-106644 EXPLOITDB text VERIFIED
e-Soft24 Flash Games Script 1.0 - Cross-Site Scripting
by 599eme Man
EIP-2026-106643 EXPLOITDB text VERIFIED
e-soft24 Article Directory Script - 'q' Cross-Site Scripting
by 599eme Man
CVE-2009-3153 EXPLOITDB text VERIFIED
x10 MP3 Search Engine 1.6.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in x10 MP3 Search engine 1.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, id parameter to (3) templates/header1.php and (4) mp3/lyrics.php, key parameter to (5) video_listing.php and (6) adult/video_listing.php, and name parameter to (7) mp3/embed.php and (8) mp3/info.php.
by Moudi
CVE-2009-3153 EXPLOITDB text VERIFIED
x10 MP3 Search Engine 1.6.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in x10 MP3 Search engine 1.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, id parameter to (3) templates/header1.php and (4) mp3/lyrics.php, key parameter to (5) video_listing.php and (6) adult/video_listing.php, and name parameter to (7) mp3/embed.php and (8) mp3/info.php.
by Moudi
CVE-2009-3153 EXPLOITDB text VERIFIED
x10 MP3 Search Engine 1.6.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in x10 MP3 Search engine 1.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, id parameter to (3) templates/header1.php and (4) mp3/lyrics.php, key parameter to (5) video_listing.php and (6) adult/video_listing.php, and name parameter to (7) mp3/embed.php and (8) mp3/info.php.
by Moudi
CVE-2009-3153 EXPLOITDB text VERIFIED
x10 MP3 Search Engine 1.6.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in x10 MP3 Search engine 1.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, id parameter to (3) templates/header1.php and (4) mp3/lyrics.php, key parameter to (5) video_listing.php and (6) adult/video_listing.php, and name parameter to (7) mp3/embed.php and (8) mp3/info.php.
by Moudi
CVE-2009-3153 EXPLOITDB text VERIFIED
x10 MP3 Search Engine 1.6.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in x10 MP3 Search engine 1.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, id parameter to (3) templates/header1.php and (4) mp3/lyrics.php, key parameter to (5) video_listing.php and (6) adult/video_listing.php, and name parameter to (7) mp3/embed.php and (8) mp3/info.php.
by Moudi
CVE-2009-3153 EXPLOITDB text VERIFIED
x10 MP3 Search Engine 1.6.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in x10 MP3 Search engine 1.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, id parameter to (3) templates/header1.php and (4) mp3/lyrics.php, key parameter to (5) video_listing.php and (6) adult/video_listing.php, and name parameter to (7) mp3/embed.php and (8) mp3/info.php.
by Moudi
CVE-2009-3153 EXPLOITDB text VERIFIED
x10 MP3 Search Engine 1.6.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in x10 MP3 Search engine 1.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, id parameter to (3) templates/header1.php and (4) mp3/lyrics.php, key parameter to (5) video_listing.php and (6) adult/video_listing.php, and name parameter to (7) mp3/embed.php and (8) mp3/info.php.
by Moudi
CVE-2009-3153 EXPLOITDB text VERIFIED
x10 MP3 Search Engine 1.6.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in x10 MP3 Search engine 1.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, id parameter to (3) templates/header1.php and (4) mp3/lyrics.php, key parameter to (5) video_listing.php and (6) adult/video_listing.php, and name parameter to (7) mp3/embed.php and (8) mp3/info.php.
by Moudi
CVE-2009-4717 EXPLOITDB text VERIFIED
Gonafish WebStatCaffe - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Gonafish WebStatCaffe allow remote attackers to inject arbitrary web script or HTML via the (1) host parameter to stat/host.php, nodayshow parameter to (2) mostvisitpage.php and (3) visitorduration.php in stat/, (4) nopagesmost parameter to stat/mostvisitpagechart.php, and date parameter to (5) pageviewers.php, (6) pageviewerschart.php, and (7) referer.php in stat/.
by Moudi
CVE-2009-4717 EXPLOITDB text VERIFIED
Gonafish WebStatCaffe - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Gonafish WebStatCaffe allow remote attackers to inject arbitrary web script or HTML via the (1) host parameter to stat/host.php, nodayshow parameter to (2) mostvisitpage.php and (3) visitorduration.php in stat/, (4) nopagesmost parameter to stat/mostvisitpagechart.php, and date parameter to (5) pageviewers.php, (6) pageviewerschart.php, and (7) referer.php in stat/.
by Moudi