Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-105515 EXPLOITDB text VERIFIED
Blink Blog System - Authentication Bypass
by Salvatore Fresta
CVE-2009-4725 EXPLOITDB text VERIFIED
Arab Portal < 2.2 - Remote File Inclusion via Module Parameter Path Traversal
Directory traversal vulnerability in modules/aljazeera/admin/setup.php in Arab Portal 2.2 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter.
by Qabandi
CVE-2009-4727 EXPLOITDB text VERIFIED
JungleScripts Ajax Short Url Script - SQL Injection
SQL injection vulnerability in x/login in JungleScripts Ajax Short Url Script allows remote attackers to execute arbitrary SQL commands via the username parameter.
by Cicklow
CVE-2009-4721 EXPLOITDB text VERIFIED
Andrews-Web BannerAd 1.0 - SQL Injection
Multiple SQL injection vulnerabilities in Admin/index.asp in Andrews-Web (A-W) BannerAd 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) User and (2) Password parameters. NOTE: some of these details are obtained from third party information.
by Ro0T-MaFia
CVE-2009-3148 EXPLOITDB text VERIFIED
PortalXP Teacher Edition 1.2 - SQL Injection via id or assignment_id Parameter
Multiple SQL injection vulnerabilities in PortalXP Teacher Edition 1.2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) calendar.php, (2) news.php, and (3) links.php; and the (4) assignment_id parameter to assignments.php.
by SirGod
CVE-2009-2788 EXPLOITDB text VERIFIED
Mobilelib GOLD 3 - SQL Injection via adminName Parameter
Multiple SQL injection vulnerabilities in Mobilelib GOLD 3 allow remote attackers to execute arbitrary SQL commands via the (1) adminName parameter to cp/auth.php, (2) cid parameter to artcat.php, and (3) catid parameter to show.php.
by SwEET-DeViL
CVE-2009-3424 EXPLOITDB text VERIFIED
MaxCMS 3.11.20b - Remote Code Execution via Multiple PHP File Inclusion Parameters
Multiple PHP remote file inclusion vulnerabilities in MaxCMS 3.11.20b, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) is_projectPath parameter to includes/InstantSite/inc.is_root.php; GLOBALS[thCMS_root] parameter to (2) classes/class.Tree.php, (3) includes/inc.thcms_admin_mediamanager.php, and (4) modul/mod.rssreader.php; is_path parameter to (5) class.tasklist.php, (6) class.thcms.php, (7) class.thcms_content.php, (8) class.thcms_modul_parent.php, (9) class.thcms_page.php, and (10) class.thcsm_user.php in classes/; and (11) includes/InstantSite/class.Tree.php; and thCMS_root parameter to (12) classes/class.thcms_modul.php; (13) inc.page_edit_tasklist.php, (14) inc.thcms_admin_overview_backup.php, and (15) inc.thcms_edit_content.php in includes/; and (16) class.thcms_modul_parent_xml.php, (17) mod.cmstranslator.php, (18) mod.download.php, (19) mod.faq.php, (20) mod.guestbook.php, (21) mod.html.php, (22) mod.menu.php, (23) mod.news.php, (24) mod.newsticker.php, (25) mod.rss.php, (26) mod.search.php, (27) mod.sendtofriend.php, (28) mod.sitemap.php, (29) mod.tagdoc.php, (30) mod.template.php, (31) mod.test.php, (32) mod.text.php, (33) mod.upload.php, and (34) mod.users.php in modul/.
by NoGe
CVE-2009-2782 EXPLOITDB text VERIFIED
JFusion com_jfusion - SQL Injection via Itemid Parameter
SQL injection vulnerability in the JFusion (com_jfusion) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
by Chip d3 bi0s
EIP-2026-104879 EXPLOITDB text VERIFIED
aa33code 0.0.1 - Local File Inclusion / Authentication Bypass / File Disclosure
by SirGod
CVE-2009-2715 EXPLOITDB text VERIFIED
Sun VirtualBox 2.2-3.0.2 - Denial of Service via sysenter Instruction
Sun VirtualBox 2.2 through 3.0.2 r49928 allows guest OS users to cause a denial of service (Linux host OS reboot) via a sysenter instruction.
by Tadas Vilkeliskis
CVE-2009-3514 EXPLOITDB text VERIFIED
d.net CMS - SQL Injection via Page Parameter
Multiple SQL injection vulnerabilities in d.net CMS allow remote attackers to execute arbitrary SQL commands via (1) the page parameter to index.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (2) edit_id and (3) _p parameter in a news action to dnet_admin/index.php.
by SirGod
CVE-2009-3506 EXPLOITDB text VERIFIED
CMSphp 0.21 - Cross-Site Scripting via cook_user or name Parameter
Multiple cross-site scripting (XSS) vulnerabilities in CMSphp 0.21 allow remote attackers to inject arbitrary web script or HTML via the (1) cook_user parameter to index.php and the (2) name parameter to modules.php.
by SirGod
CVE-2009-2653 EXPLOITDB text VERIFIED
Microsoft Windows XP SP2-SP3 & Server 2003 - Privilege Escalation
The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.
by NT Internals
EIP-2026-117137 EXPLOITDB text VERIFIED
EPSON Status Monitor 3 - Local Privilege Escalation
by Nine:Situations:Group
EIP-2026-115220 EXPLOITDB text VERIFIED
Epiri Professional Web Browser 3.0 - Remote Crash
by LiquidWorm
CVE-2009-3151 EXPLOITDB text VERIFIED
Ultrize TimeSheet 1.2.2 - Path Traversal via File Download Parameter
Directory traversal vulnerability in actions/downloadFile.php in Ultrize TimeSheet 1.2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter.
by GoLd_M
CVE-2009-2790 EXPLOITDB text VERIFIED
SoftBiz Dating Script - SQL Injection
SQL injection vulnerability in cat_products.php in SoftBiz Dating Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: this might overlap CVE-2006-3271.4.
by MizoZ
CVE-2009-2792 EXPLOITDB text VERIFIED
Really Simple CMS 0.3a - Path Traversal
Directory traversal vulnerability in plugings/pagecontent.php in Really Simple CMS (RSCMS) 0.3a allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PT parameter.
by SirGod
EIP-2026-110339 EXPLOITDB text VERIFIED
Orbis CMS 1.0 - File Delete / Download File / Arbitrary File Upload / SQL Injection
by SirGod
CVE-2009-3508 EXPLOITDB text VERIFIED
Fcgphilipp Mujecms - Path Traversal
Multiple directory traversal vulnerabilities in MUJE CMS 1.0.4.34 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) _class parameter to admin.php and the (2) url parameter to install/install.php; and allow remote authenticated administrators to read arbitrary files via a .. (dot dot) in the (3) _htmlfile parameter to admin.php.
by SirGod
CVE-2009-3510 EXPLOITDB text VERIFIED
linkspheric 0.74 Beta 6 - SQL Injection via listID Parameter
SQL injection vulnerability in viewListing.php in linkSpheric 0.74 Beta 6 allows remote attackers to execute arbitrary SQL commands via the listID parameter.
by NoGe
CVE-2009-3511 EXPLOITDB text VERIFIED
justVisual 1.2 - Remote Code Execution via fs_jVroot Parameter
Multiple PHP remote file inclusion vulnerabilities in justVisual 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the fs_jVroot parameter to (1) sites/site/pages/index.php, (2) sites/test/pages/contact.php, (3) system/pageTemplate.php, and (4) system/utilities.php.
by SirGod
CVE-2009-2784 EXPLOITDB text VERIFIED
dit.cms 1.3 - Path Traversal via Multiple Parameters
Multiple directory traversal vulnerabilities in dit.cms 1.3, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path parameter to index.php in (1) install/, (2) menus/left_rightslideopen/, (3) menus/side_pullout/, (4) menus/side_slideopen/, (5) menus/simple/, (6) menus/top_dropdown/, and (7) menus/topside/; the sitemap parameter to index.php in (8) menus/left_rightslideopen/, (9) menus/side_pullout/, (10) menus/side_slideopen/, (11) menus/top_dropdown/, and (12) menus/topside/; and the (13) relPath parameter to index/index.php. NOTE: PHP remote file inclusion vulnerabilities reportedly also exist for some of these vectors.
by SirGod
CVE-2009-3515 EXPLOITDB text VERIFIED
d.net CMS - Authenticated Path Traversal via Type Parameter
Directory traversal vulnerability in dnet_admin/index.php in d.net CMS allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the type parameter.
by SirGod
CVE-2009-3507 EXPLOITDB text VERIFIED
CMSphp 0.21 - Path Traversal and Arbitrary File Execution via mod_file Parameter
Directory traversal vulnerability in modules.php in CMSphp 0.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod_file parameter.
by SirGod