Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-4960 EXPLOITDB text VERIFIED
Lanai Core 0.6 - Path Traversal via Download Module f Parameter
Directory traversal vulnerability in modules/backup/download.php in Lanai Core 0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.
by Khashayar Fereidani
EIP-2026-116523 EXPLOITDB text VERIFIED
War-FTPD 1.65 - MKD/CD Requests Denial of Service
by opt!x hacker
CVE-2009-3199 EXPLOITDB text VERIFIED
Uebimiau Webmail 3.2.0-2.0 - Unauthenticated Exposure of Sensitive Information via Direct Request
Uebimiau Webmail 3.2.0-2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database with usernames and password hashes via a direct request for system_admin/admin.ucf.
by Septemb0x
CVE-2009-2965 EXPLOITDB text VERIFIED
Radvision Scopia - Cross-Site Scripting via Page Parameter
Cross-site scripting (XSS) vulnerability in entry/index.jsp in Radvision Scopia 5.7, and possibly other versions before SD 7.0.100, allows remote attackers to inject arbitrary web script or HTML via the page parameter.
by Francesco Bianchino
CVE-2009-3970 EXPLOITDB text VERIFIED
PHP Dir Submit - Authenticated SQL Injection via aid Parameter
SQL injection vulnerability in index.php in PHP Dir Submit (aka WebsiteSubmitter or Submitter Script) allows remote authenticated users to execute arbitrary SQL commands via the aid parameter in a showarticle action.
by Mr.tro0oqy
CVE-2009-3965 EXPLOITDB text VERIFIED
New 5 Star Rating 1.0 - SQL Injection
SQL injection vulnerability in rating.php in New 5 star Rating 1.0 allows remote attackers to execute arbitrary SQL commands via the det parameter.
by Bgh7
CVE-2009-3975 EXPLOITDB text VERIFIED
Moa Gallery 1.1.0 and 1.2.0 - SQL Injection via gallery_id Parameter
SQL injection vulnerability in index.php in Moa Gallery 1.1.0 and 1.2.0 allows remote attackers to execute arbitrary SQL commands via the gallery_id parameter in a gallery_view action.
by Mr.tro0oqy
CVE-2009-4961 EXPLOITDB text VERIFIED
lanai-core 0.6 - Exposure of Sensitive Information via info.php
Lanai Core 0.6 allows remote attackers to obtain configuration information via a direct request to info.php, which calls the phpinfo function.
by Khashayar Fereidani
CVE-2009-3964 EXPLOITDB text VERIFIED
com_ninjamonials 1.1.0 - SQL Injection via testimID Parameter
SQL injection vulnerability in the NinjaMonials (com_ninjacentral) component 1.1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the testimID parameter in a display action to index.php.
by Chip d3 bi0s
CVE-2009-3971 EXPLOITDB text VERIFIED
jtips com_jtips - SQL Injection via Season Parameter
SQL injection vulnerability in the jTips (com_jtips) component 1.0.7 and 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the season parameter in a ladder action to index.php.
by Chip d3 bi0s
EIP-2026-107679 EXPLOITDB text VERIFIED
humanCMS - Authentication Bypass
by next
EIP-2026-107370 EXPLOITDB text VERIFIED
Geeklog 1.6.0sr1 - Arbitrary File Upload
by JaL0h
CVE-2009-2960 EXPLOITDB text VERIFIED
CuteFlow 2.10.3 and 2.11.0_c - Unauthenticated User Account Modification via Direct Request
CuteFlow 2.10.3 and 2.11.0_c does not properly restrict access to pages/edituser.php, which allows remote attackers to modify usernames and passwords via a direct request.
by Hever Costa Rocha
CVE-2009-3966 EXPLOITDB text VERIFIED
Arcade Trade Script 1.0 - Auth Bypass
Arcade Trade Script 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLoggedIn cookie to true.
by Mr.tro0oqy
EIP-2026-103766 EXPLOITDB text VERIFIED
BSD (Multiple Distributions) - 'setusercontext()' Multiple Vulnerabilities
by kingcope
EIP-2026-101383 EXPLOITDB text VERIFIED
Netgear WNR2000 FW 1.2.0.8 - Information Disclosure
by Jean Trolleur
EIP-2026-101312 EXPLOITDB text VERIFIED
Huawei SmartAX MT880 - Multiple Cross-Site Request Forgery Vulnerabilities
by Jerome Athias
EIP-2026-103536 EXPLOITDB text VERIFIED
Live For Speed S2 - Duplicate Join Packet Remote Denial of Service
by Luigi Auriemma
CVE-2009-4689 EXPLOITDB text VERIFIED
PHP Shopping Cart Selling Website Script - SQL Injection
SQL injection vulnerability in index.php in PHP Shopping Cart Selling Website Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by 599eme Man
CVE-2009-4688 EXPLOITDB text VERIFIED
PHP Shopping Cart Selling Website Script - XSS
Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Shopping Cart Selling Website Script allow remote attackers to inject arbitrary web script or HTML via the (1) txtkeywords and (2) cid parameters.
by 599eme Man
CVE-2009-2588 EXPLOITDB text VERIFIED
Hotscripts Type PHP Clone Script - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Hotscripts Type PHP Clone Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) feedback.php, (2) index.php, and (3) lostpassword.php.
by Moudi
CVE-2009-2588 EXPLOITDB text VERIFIED
Hotscripts Type PHP Clone Script - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Hotscripts Type PHP Clone Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) feedback.php, (2) index.php, and (3) lostpassword.php.
by Moudi
CVE-2009-2588 EXPLOITDB text VERIFIED
Hotscripts Type PHP Clone Script - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Hotscripts Type PHP Clone Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) feedback.php, (2) index.php, and (3) lostpassword.php.
by Moudi
CVE-2009-2890 EXPLOITDB text VERIFIED
PHP Scripts Now Riddles - Cross-Site Scripting via Search Query Parameter
Cross-site scripting (XSS) vulnerability in results.php in PHP Scripts Now Riddles allows remote attackers to inject arbitrary web script or HTML via the searchquery parameter.
by Moudi
CVE-2009-2891 EXPLOITDB text VERIFIED
PHP Scripts Now Riddles - SQL Injection via list.php catid Parameter
SQL injection vulnerability in list.php in PHP Scripts Now Riddles allows remote attackers to execute arbitrary SQL commands via the catid parameter.
by Moudi