Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-3149 EXPLOITDB text VERIFIED
Elgg 1.5 - Path Traversal via js Parameter
Directory traversal vulnerability in _css/js.php in Elgg 1.5, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the js parameter. NOTE: some of these details are obtained from third party information.
by eLwaux
CVE-2009-2579 EXPLOITDB text VERIFIED
CS-Cart < 2.0.6 - Authenticated SQL Injection via Reward Points sort_order Parameter
SQL injection vulnerability in reward_points.post.php in the Reward points addon in CS-Cart before 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sort_order parameter in a reward_points.userlog action to index.php, a different vulnerability than CVE-2005-4429.2.
by Ryan Dewhurst
EIP-2026-100873 EXPLOITDB text VERIFIED
Perl$hop E-Commerce Script - Trust Boundary Input Parameter Injection
by Shadow
CVE-2009-4551 EXPLOITDB text VERIFIED
Miniweb 2.0 - SQL Injection via Survey Pro Campaign ID Parameter
SQL injection vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the campaign_id parameter in a results action to index.php.
by Moudi
CVE-2009-3425 EXPLOITDB text VERIFIED
MaxCMS 3.11.20b - Path Traversal via thCMS_root Parameter
Directory traversal vulnerability in includes/inc.thcms_admin_dirtree.php in MaxCMS 3.11.20b allows remote attackers to read arbitrary files via directory traversal sequences in the thCMS_root parameter.
by GoLd_M
CVE-2009-3419 EXPLOITDB text VERIFIED
Miniweb Publisher Module 2.0 - SQL Injection via Historymonth Parameter
SQL injection vulnerability in index.php in the Publisher module 2.0 for Miniweb allows remote attackers to execute arbitrary SQL commands via the historymonth parameter.
by Moudi
CVE-2009-2123 EXPLOITDB text VERIFIED
elvinbts 1.2.0 - SQL Injection via Username or Password Parameter
Multiple SQL injection vulnerabilities in Elvin 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) inUser (aka Username) and (2) inPass (aka Password) parameters to (a) inc/login.ei, reachable through login.php; and the (3) id parameter to (b) show_bug.php and (c) show_activity.php. NOTE: it was later reported that vector 3c also affects 1.2.2.
by 599eme Man
CVE-2009-4729 EXPLOITDB text VERIFIED
x10media adult_script 1.7 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in x10 Adult Media Script 1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, (3) id parameter to templates/header1.php, and (4) key parameter to video_listing.php.
by Moudi
CVE-2009-4730 EXPLOITDB text VERIFIED
x10 Adult Media Script 1.7 - SQL Injection
SQL injection vulnerability in report.php in x10 Adult Media Script 1.7 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Moudi
CVE-2009-4732 EXPLOITDB text VERIFIED
TT Web Site Manager 0.5 - SQL Injection
SQL injection vulnerability in tt/index.php in TT Web Site Manager 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the tt_name parameter. NOTE: some of these details are obtained from third party information.
by SirGod
CVE-2009-3158 EXPLOITDB text VERIFIED
simplePHPWeb 0.2 - Unauthenticated Administrative Access via admin/files.php
admin/files.php in simplePHPWeb 0.2 does not require authentication, which allows remote attackers to perform unspecified administrative actions via unknown vectors. NOTE: some of these details are obtained from third party information.
by SirGod
CVE-2009-4733 EXPLOITDB text VERIFIED
SimpleLoginSys 0.5 - SQL Injection via Username Parameter
SQL injection vulnerability in checkuser.php in SimpleLoginSys 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
by SirGod
CVE-2009-4726 EXPLOITDB text VERIFIED
Quickdev 4 PHP - Path Traversal via Download File Parameter
Directory traversal vulnerability in download.php in Quickdev 4 PHP allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
by SirGod
CVE-2009-4728 EXPLOITDB text VERIFIED
Questions Answered <1.3 - SQL Injection
SQL injection vulnerability in the administrative interface in Questions Answered 1.3 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
by snakespc
CVE-2009-2791 EXPLOITDB text VERIFIED
WebDynamite ProjectButler 1.5.0 - Code Injection
PHP remote file inclusion vulnerability in pda_projects.php in WebDynamite ProjectButler 1.5.0 allows remote attackers to execute arbitrary PHP code via a URL in the offset parameter.
by cr4wl3r
CVE-2009-4724 EXPLOITDB text VERIFIED
PaymentProcessorScript.net - SQL Injection
SQL injection vulnerability in shop.htm in PaymentProcessorScript.net PPScript allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by MizoZ
CVE-2009-4724 EXPLOITDB text VERIFIED
PaymentProcessorScript.net - SQL Injection
SQL injection vulnerability in shop.htm in PaymentProcessorScript.net PPScript allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by ZoRLu
CVE-2009-4723 EXPLOITDB text VERIFIED
Netpet CMS 1.9 - Path Traversal via Language Parameter
Directory traversal vulnerability in confirm.php in Netpet CMS 1.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
by SirGod
CVE-2009-3150 EXPLOITDB text VERIFIED
Multi Website 1.5 - SQL Injection via Browse Parameter
SQL injection vulnerability in index.php in Multi Website 1.5 allows remote attackers to execute arbitrary SQL commands via the Browse parameter in a vote action.
by SarBoT511
CVE-2009-4552 EXPLOITDB text VERIFIED
Miniweb 2.0 - Cross-Site Scripting via PATH_INFO to index.php
Cross-site scripting (XSS) vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
by Moudi
CVE-2009-3420 EXPLOITDB text VERIFIED
Miniweb Publisher 2.0 - Cross-Site Scripting via Begin Parameter or PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in index.php in the Publisher module 2.0 for Miniweb allow remote attackers to inject arbitrary web script or HTML via the (1) begin parameter and the (2) PATH_INFO.
by Moudi
CVE-2009-3426 EXPLOITDB text VERIFIED
MaxCMS 3.11.20b - Remote Code Execution via File Manager Special Parameter
PHP remote file inclusion vulnerability in includes/file_manager/special.php in MaxCMS 3.11.20b allows remote attackers to execute arbitrary PHP code via a URL in the fm_includes_special parameter.
by GoLd_M
CVE-2009-2920 EXPLOITDB text VERIFIED
elvinbts 1.2.2 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Elvin 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) component and (2) priority parameters to buglist.php; and the (3) Username (4) E-mail, (5) Pass, and (6) Confirm pass fields to createaccount.php.
by 599eme Man
CVE-2009-4719 EXPLOITDB text VERIFIED
Discloser 0.0.4 rc2 - SQL Injection
SQL injection vulnerability in index.php in Discloser 0.0.4 rc2 allows remote attackers to execute arbitrary SQL commands via the more parameter.
by Salvatore Fresta
EIP-2026-105516 EXPLOITDB text VERIFIED
Blog Ink (Blink) - Multiple SQL Injections
by Drosophila