Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-112036 EXPLOITDB text VERIFIED
Shorty 0.7.1b - (Authentication Bypass) Insecure Cookie Handling
by Pedro Laguna
CVE-2009-3418 EXPLOITDB text VERIFIED
Plume CMS 1.2.3 - Authenticated SQL Injection via Manager Parameters
Multiple SQL injection vulnerabilities in Plume CMS 1.2.3 allow (1) remote authenticated users to execute arbitrary SQL commands via the m parameter to manager/index.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit_link action to manager/tools.php. NOTE: some of these details are obtained from third party information.
by Sense of Security
EIP-2026-107331 EXPLOITDB text VERIFIED
Gallarific 1.1 - '/gallery.php' Arbitrary Delete/Edit Category
by ilker Kandemir
EIP-2026-101142 EXPLOITDB text VERIFIED
2WIRE Routers - 'CD35_SETUP_01' Access Validation
by hkm
EIP-2026-101141 EXPLOITDB text VERIFIED
2WIRE Gateway - Authentication Bypass / Password Reset (1)
by hkm
CVE-2009-3020 EXPLOITDB text VERIFIED
Windows Server 2003 SP2 - Denial of Service via Crafted EOT Font File
win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information.
by webDEViL
CVE-2009-2762 EXPLOITDB text VERIFIED
WordPress < 2.8.3 - Unauthenticated Password Reset via Array Parameter Bypass
wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to force a password reset for the first user in the database, possibly the administrator, via a key[] array variable in a resetpass (aka rp) action, which bypasses a check that assumes that $key is not an array.
by laurent gaffié
CVE-2009-3042 EXPLOITDB text VERIFIED
ocs_inventory_ng 1.02.1 - SQL Injection via machine.php systemid Parameter
SQL injection vulnerability in machine.php in Open Computer and Software (OCS) Inventory NG 1.02.1 allows remote attackers to execute arbitrary SQL commands via the systemid parameter, a different vector than CVE-2009-3040.
by Guilherme Marinheiro
CVE-2009-3417 EXPLOITDB text VERIFIED
IDoBlog 1.1 build 30 - SQL Injection via Userid Parameter
SQL injection vulnerability in the IDoBlog (com_idoblog) component 1.1 build 30 for Joomla! allows remote attackers to execute arbitrary SQL commands via the userid parameter in a profile action to index.php, a different vector than CVE-2008-2627.
by kkr
CVE-2009-2195 EXPLOITDB text VERIFIED
Apple Safari < 4.0.3 - Remote Code Execution via Crafted Floating-Point Numbers
Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers.
by Apple
CVE-2009-4548 EXPLOITDB text VERIFIED
ViArt Helpdesk 3.x - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ViArt Helpdesk 3.x allow remote attackers to inject arbitrary web script or HTML via the category_id parameter to (1) products.php, (2) article.php, (3) product_details.php, or (4) reviews.php; the (5) forum_id parameter to forum.php; or the (6) search_category_id parameter to products_search.php.
by Moudi
CVE-2009-4548 EXPLOITDB text VERIFIED
ViArt Helpdesk 3.x - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ViArt Helpdesk 3.x allow remote attackers to inject arbitrary web script or HTML via the category_id parameter to (1) products.php, (2) article.php, (3) product_details.php, or (4) reviews.php; the (5) forum_id parameter to forum.php; or the (6) search_category_id parameter to products_search.php.
by Moudi
CVE-2009-4548 EXPLOITDB text VERIFIED
ViArt Helpdesk 3.x - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ViArt Helpdesk 3.x allow remote attackers to inject arbitrary web script or HTML via the category_id parameter to (1) products.php, (2) article.php, (3) product_details.php, or (4) reviews.php; the (5) forum_id parameter to forum.php; or the (6) search_category_id parameter to products_search.php.
by Moudi
CVE-2009-4548 EXPLOITDB text VERIFIED
ViArt Helpdesk 3.x - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ViArt Helpdesk 3.x allow remote attackers to inject arbitrary web script or HTML via the category_id parameter to (1) products.php, (2) article.php, (3) product_details.php, or (4) reviews.php; the (5) forum_id parameter to forum.php; or the (6) search_category_id parameter to products_search.php.
by Moudi
CVE-2009-4548 EXPLOITDB text VERIFIED
ViArt Helpdesk 3.x - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ViArt Helpdesk 3.x allow remote attackers to inject arbitrary web script or HTML via the category_id parameter to (1) products.php, (2) article.php, (3) product_details.php, or (4) reviews.php; the (5) forum_id parameter to forum.php; or the (6) search_category_id parameter to products_search.php.
by Moudi
CVE-2009-4548 EXPLOITDB text VERIFIED
ViArt Helpdesk 3.x - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ViArt Helpdesk 3.x allow remote attackers to inject arbitrary web script or HTML via the category_id parameter to (1) products.php, (2) article.php, (3) product_details.php, or (4) reviews.php; the (5) forum_id parameter to forum.php; or the (6) search_category_id parameter to products_search.php.
by Moudi
CVE-2009-4547 EXPLOITDB text VERIFIED
ViArt CMS 3.x - Cross-Site Scripting via category_id or forum_id Parameter
Multiple cross-site scripting (XSS) vulnerabilities in ViArt CMS 3.x allow remote attackers to inject arbitrary web script or HTML via the (1) category_id parameter to forums.php, or the forum_id parameter to (2) forum.php or (3) forum_topic_new.php.
by Moudi
CVE-2009-4547 EXPLOITDB text VERIFIED
ViArt CMS 3.x - Cross-Site Scripting via category_id or forum_id Parameter
Multiple cross-site scripting (XSS) vulnerabilities in ViArt CMS 3.x allow remote attackers to inject arbitrary web script or HTML via the (1) category_id parameter to forums.php, or the forum_id parameter to (2) forum.php or (3) forum_topic_new.php.
by Moudi
CVE-2009-4547 EXPLOITDB text VERIFIED
ViArt CMS 3.x - Cross-Site Scripting via category_id or forum_id Parameter
Multiple cross-site scripting (XSS) vulnerabilities in ViArt CMS 3.x allow remote attackers to inject arbitrary web script or HTML via the (1) category_id parameter to forums.php, or the forum_id parameter to (2) forum.php or (3) forum_topic_new.php.
by Moudi
CVE-2009-4858 EXPLOITDB text VERIFIED
Yahoo Answers Clone - Cross-Site Scripting via questionid Parameter
Cross-site scripting (XSS) vulnerability in questiondetail.php in Yahoo Answers Clone allows remote attackers to inject arbitrary web script or HTML via the questionid parameter.
by Moudi
EIP-2026-112498 EXPLOITDB text VERIFIED
SupportPRO SupportDesk 3.0 - 'shownews.php' Cross-Site Scripting
by Moudi
CVE-2007-1231 EXPLOITDB text VERIFIED
SQLiteManager 1.2.0 - Cross-Site Scripting via Database and Table Name Fields
Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) database name, (2) table name, (3) ViewName, (4) view, (5) trigger, and (6) function fields in main.php and certain other files.
by Hadi Kiamarsi
EIP-2026-112255 EXPLOITDB text VERIFIED
SmilieScript 1.0 - Authentication Bypass
by Mr.tro0oqy
EIP-2026-110472 EXPLOITDB text VERIFIED
Papoo CMS 3.7.3 - (Authenticated) Arbitrary Code Execution
by RedTeam Pentesting
EIP-2026-110470 EXPLOITDB text VERIFIED
Papoo 3.x - Upload Images Arbitrary File Upload
by RedTeam Pentesting GmbH