Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-4540 EXPLOITDB text VERIFIED
Mini CMS 1.0.1 - SQL Injection via Page ID Parameter
SQL injection vulnerability in page.php in Mini CMS 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Ins3t
CVE-2009-4868 EXPLOITDB text VERIFIED
Hitron Soft Answer Me 1.0 - Cross-Site Scripting via q_id Parameter
Cross-site scripting (XSS) vulnerability in Hitron Soft Answer Me 1.0 allows remote attackers to inject arbitrary web script or HTML via the q_id parameter to the answers script (aka answers.php). NOTE: some of these details are obtained from third party information.
by Moudi
EIP-2026-105980 EXPLOITDB text VERIFIED
CMS Made Simple 1.6.2 - Local File Disclosure
by IHTeam
EIP-2026-100468 EXPLOITDB text VERIFIED
Online Work Order Suite Lite Edition - Multiple Cross-Site Scripting Vulnerabilities
by Moudi
EIP-2026-112384 EXPLOITDB text VERIFIED
SpiceWorks - 'query' Cross-Site Scripting
by Adam Baldwin
CVE-2009-4545 EXPLOITDB text VERIFIED
Logoshows BBS 2.0 - Info Disclosure
Logoshows BBS 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/globepersonnel.mdb.
by ZoRLu
CVE-2009-4543 EXPLOITDB text VERIFIED
Cromosoft Technologies Facil Helpdesk 2.3 Lite - RCE
PHP remote file inclusion vulnerability in index.php in Cromosoft Technologies Facil Helpdesk 2.3 Lite allows remote attackers to execute arbitrary PHP code via a URL in the lng parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.
by Moudi
CVE-2009-4541 EXPLOITDB text VERIFIED
IsolSoft Support Center 2.5 - Remote Code Execution via Lang Parameter File Inclusion
Multiple PHP remote file inclusion vulnerabilities in IsolSoft Support Center 2.5 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) newticket.php or (2) rempass.php, or a URL in the lang parameter in an adduser action to (3) index.php. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.
by Moudi
CVE-2008-6101 EXPLOITDB text VERIFIED
Adult Banner Exchange Website - SQL Injection
SQL injection vulnerability in click.php in Adult Banner Exchange Website allows remote attackers to execute arbitrary SQL commands via the targetid parameter.
by 599eme Man
CVE-2015-7985 EXPLOITDB text VERIFIED
Valve Steam <2.10.91.91 - Privilege Escalation
Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) for the Install folder, which allows local users to gain privileges via a Trojan horse steam.exe file.
by MrDoug
CVE-2009-4860 EXPLOITDB text VERIFIED
Typing Pal 1.0 - SQL Injection via idTableProduit Parameter
SQL injection vulnerability in demo.php in Typing Pal 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idTableProduit parameter.
by Red-D3v1L
CVE-2009-4870 EXPLOITDB text VERIFIED
PHPCityPortal - SQL Injection via Username or Password Parameter
Multiple SQL injection vulnerabilities in login.php in PHPCityPortal allow remote attackers to execute arbitrary SQL commands via the (1) req_username (aka Username) and (2) req_password (aka Password) parameters. NOTE: some of these details are obtained from third party information.
by CoBRa_21
CVE-2009-4857 EXPLOITDB text VERIFIED
PHP Photo Vote 1.3F - Cross-Site Scripting via Login Page Parameter
Cross-site scripting (XSS) vulnerability in login.php in PHP Photo Vote 1.3F allows remote attackers to inject arbitrary web script or HTML via the page parameter.
by Moudi
CVE-2009-4856 EXPLOITDB text VERIFIED
PHP Easy Shopping Cart 3.1R - Cross-Site Scripting via Name Parameter
Cross-site scripting (XSS) vulnerability in subitems.php in PHP Easy Shopping Cart 3.1R allows remote attackers to inject arbitrary web script or HTML via the name parameter.
by Moudi
EIP-2026-110623 EXPLOITDB text VERIFIED
PhotoPost PHP 3.3.1 - 'cat' Cross-Site Scripting / SQL Injection
by 599eme Man
EIP-2026-110619 EXPLOITDB text VERIFIED
PHotoLa Gallery 1.0 - Authentication Bypass
by Red-D3v1L
CVE-2009-4546 EXPLOITDB text VERIFIED
Logoshows BBS 2.0 - Authentication Bypass via Cookie Manipulation
globepersonnel_login.asp in Logoshows BBS 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the (1) pb_username (aka pb%5Fusername) and (2) level cookies.
by ZoRLu
CVE-2009-4872 EXPLOITDB text VERIFIED
Logoshows BBS 2.0 - SQL Injection via Username and Password Fields
Multiple SQL injection vulnerabilities in globepersonnel_login.asp in Logoshows BBS 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
by Dns-Team
CVE-2009-4871 EXPLOITDB text VERIFIED
Logoshows BBS 2.0 - SQL Injection via globepersonnel_forum.asp forumid Parameter
SQL injection vulnerability in globepersonnel_forum.asp in Logoshows BBS 2.0 allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
by Ruzgarin_Oglu
CVE-2009-4542 EXPLOITDB text VERIFIED
IsolSoft Support Center 2.5 - Cross-Site Scripting via lang Parameter
Cross-site scripting (XSS) vulnerability in newticket.php in IsolSoft Support Center 2.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
by Moudi
CVE-2009-4544 EXPLOITDB text VERIFIED
Cromosoft Technologies Facil Helpdesk 2.3 Lite - XSS
Cross-site scripting (XSS) vulnerability in kbase/kbase.php in Cromosoft Technologies Facil Helpdesk 2.3 Lite allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
by Moudi
CVE-2009-4544 EXPLOITDB text VERIFIED
Cromosoft Technologies Facil Helpdesk 2.3 Lite - XSS
Cross-site scripting (XSS) vulnerability in kbase/kbase.php in Cromosoft Technologies Facil Helpdesk 2.3 Lite allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
by Moudi
CVE-2009-5003 EXPLOITDB text VERIFIED
e-soft24 Banner Exchange Script 1.0 - SQL Injection via click.php targetid Parameter
SQL injection vulnerability in click.php in e-soft24 Banner Exchange Script 1.0 allows remote attackers to execute arbitrary SQL commands via the targetid parameter.
by 599eme Man
CVE-2009-4862 EXPLOITDB text VERIFIED
Alwasel 1.5 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in Alwasel 1.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) show.php and (2) xml.php.
by SwEET-DeViL
CVE-2009-4992 EXPLOITDB text VERIFIED
LM Starmail Paidmail 2.0 - SQL Injection via ID Parameter
SQL injection vulnerability in paidbanner.php in LM Starmail Paidmail 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by int_main();