Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-1868 EXPLOITDB text VERIFIED
Adobe AIR < 1.5.2 - Heap-Based Buffer Overflow via URL Parsing
Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving URL parsing.
by iDefense
CVE-2009-1869 EXPLOITDB text VERIFIED
Adobe AIR < 1.5.2 - Integer Overflow in AVM2 abcFile Parser
Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile parser in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an AVM2 file with a large intrf_count value that triggers a dereference of an out-of-bounds pointer.
by Roee Hay
CVE-2009-2620 EXPLOITDB text VERIFIED
Firebird SQL 1.5-1.5.5, 2.0-2.0.5, 2.1-2.1.2, 2.5 Beta 1 - Denial of Service via Malformed op_connect_request Message
src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2 allows remote attackers to cause a denial of service (daemon crash) via a malformed op_connect_request message that triggers an infinite loop or NULL pointer dereference.
by Core Security
CVE-2009-2769 EXPLOITDB text VERIFIED
Ultrize TimeSheet 1.2.2 - Remote Code Execution via config[include_dir] Parameter
PHP remote file inclusion vulnerability in include/timesheet.php in Ultrize TimeSheet 1.2.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the config[include_dir] parameter.
by NoGe
CVE-2011-4908 EXPLOITDB CRITICAL text VERIFIED
TinyBrowser < 1.5.13 - Unauthenticated Arbitrary File Upload via upload.php
TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php.
by Aung Khant
CVSS 9.8
CVE-2009-2775 EXPLOITDB text VERIFIED
PHPArcadeScript 4.0 - SQL Injection
SQL injection vulnerability in linkout.php in PHPArcadeScript (PHP Arcade Script) 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by MizoZ
CVE-2009-2774 EXPLOITDB text VERIFIED
PHP Paid 4 Mail Script - SQL Injection
SQL injection vulnerability in paidbanner.php in PHP Paid 4 Mail Script allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by ThE g0bL!N
CVE-2009-3423 EXPLOITDB text VERIFIED
Zenas PaoLink 1.0 - Unauthenticated Authentication Bypass via login_ok Parameter
login.php in Zenas PaoLink 1.0, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1.
by SirGod
CVE-2009-3422 EXPLOITDB text VERIFIED
Zenas PaoLiber 1.1 - Unauthenticated Authentication Bypass via login_ok Parameter
login.php in Zenas PaoLiber 1.1, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1.
by SirGod
CVE-2009-3421 EXPLOITDB CRITICAL text VERIFIED
Zenas PaoBacheca Guestbook 2.1 - Unauthenticated Authentication Bypass via login_ok Parameter
login.php in Zenas PaoBacheca Guestbook 2.1, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1.
by SirGod
CVSS 9.8
EIP-2026-107819 EXPLOITDB text VERIFIED
In-portal 4.3.1 - Arbitrary File Upload
by Mr.tro0oqy
CVE-2009-4713 EXPLOITDB text VERIFIED
XOOPS Celepar Qas Module - Stored Cross-Site Scripting via cod_categoria and opcao Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to inject arbitrary web script or HTML via (1) the cod_categoria parameter to categoria.php, (2) the opcao parameter to index.php, and the PATH_INFO to (3) categoria.php and (4) index.php.
by Moudi
CVE-2009-4700 EXPLOITDB text VERIFIED
SkaDate Online Dating Software - Path Traversal via Layout Parameter
Directory traversal vulnerability in index.php in SkaDate Dating allows remote attackers to read arbitrary files via a .. (dot dot) in the layout parameter.
by Moudi
CVE-2009-4699 EXPLOITDB text VERIFIED
SkaDate Dating - Cross-Site Scripting via PATH_INFO to admin/auth.php and file_uploader.php
Multiple cross-site scripting (XSS) vulnerabilities in SkaDate Dating allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/auth.php and (2) file_uploader.php.
by Moudi
CVE-2009-3216 EXPLOITDB text VERIFIED
iWiccle 1.01 - Path Traversal via Show or Module Parameter
Multiple directory traversal vulnerabilities in iWiccle 1.01, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the show parameter to the admin module, reachable through index.php; or (2) the module parameter to index.php.
by SirGod
CVE-2009-3154 EXPLOITDB text VERIFIED
Almond Classifieds (com_aclassf) 7.5 - SQL Injection via replid Parameter
SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the replid parameter in a manw_repl add_form action to index.php, a different vector than CVE-2009-2567.
by Moudi
CVE-2009-2777 EXPLOITDB text VERIFIED
GarageSales Script - SQL Injection via visitor/view.php key Parameter
SQL injection vulnerability in visitor/view.php in GarageSales Script allows remote attackers to execute arbitrary SQL commands via the key parameter.
by Moudi
CVE-2007-6289 EXPLOITDB text VERIFIED
iptel serweb < 2.0.0dev1 - Remote Code Execution via _SERWEB[configdir] Parameter
Multiple PHP remote file inclusion vulnerabilities in SerWeb 2.0.0 dev1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SERWEB[configdir] parameter to load_lang.php, (2) _SERWEB[functionsdir] parameter to main_prepend.php, and the (3) _PHPLIB[libdir] parameter to load_phplib.php, different vectors than CVE-2007-3359 and CVE-2007-3358.
by GoLd_M
CVE-2009-4698 EXPLOITDB text VERIFIED
XOOPS Celepar Qas Module - SQL Injection via codigo or cod_categoria Parameter
Multiple SQL injection vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to execute arbitrary SQL commands via the codigo parameter to (1) aviso.php and (2) imprimir.php, and the (3) cod_categoria parameter to categoria.php.
by Moudi
EIP-2026-113244 EXPLOITDB text VERIFIED
WebAsyst Shop-Script PREMIUM - 'SearchString' Cross-Site Scripting
by u.f.
EIP-2026-113154 EXPLOITDB text VERIFIED
VS PANEL 7.5.5 - 'Cat_ID' SQL Injection
by octopos
CVE-2009-2895 EXPLOITDB text VERIFIED
Ultimate Regnow Affiliate 3.0 - SQL Injection via RSS cat Parameter
SQL injection vulnerability in rss.php in Ultimate Regnow Affiliate (URA) 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
by Chip d3 bi0s
CVE-2009-3224 EXPLOITDB text VERIFIED
Super Mod System - SQL Injection via s Parameter
SQL injection vulnerability in index.php in Super Mod System, when using the 68 Classifieds 3.1 Core System, allows remote attackers to execute arbitrary SQL commands via the s parameter.
by MizoZ
CVE-2009-4739 EXPLOITDB text VERIFIED
SkaDate Dating - Remote Code Execution via Language ID Parameter
PHP remote file inclusion vulnerability in index.php in SkaDate Dating allows remote attackers to execute arbitrary PHP code via a URL in the language_id parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences.
by Moudi
CVE-2009-2773 EXPLOITDB text VERIFIED
PHP Paid 4 Mail Script - Remote Code Execution via home.php page Parameter
PHP remote file inclusion vulnerability in home.php in PHP Paid 4 Mail Script allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
by int_main();