Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-109245 EXPLOITDB text VERIFIED
Magician Blog 1.0 - Authentication Bypass
by Evil-Cod3r
EIP-2026-109244 EXPLOITDB text VERIFIED
Magician Blog 1.0 - 'ids' SQL Injection
by Evil-Cod3r
CVE-2009-4722 EXPLOITDB text VERIFIED
Limny 1.01 - SQL Injection via Username Parameter
SQL injection vulnerability in the CheckLogin function in includes/functions.php in Limny 1.01, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
by SirGod
CVE-2009-3215 EXPLOITDB text VERIFIED
ixxo_cart < 3.9.6.1 - SQL Injection via Parent Parameter
SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter.
by sm0k3
CVE-2009-3155 EXPLOITDB text VERIFIED
Almond Classifieds (com_aclassf) 7.5 - Cross-Site Scripting via addr Parameter
Cross-site scripting (XSS) vulnerability in gmap.php in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the addr parameter.
by Moudi
CVE-2009-3217 EXPLOITDB text VERIFIED
iWiccle 1.01 - SQL Injection via member_id Parameter
SQL injection vulnerability in the admin module in iWiccle 1.01 allows remote attackers to execute arbitrary SQL commands via the member_id parameter in an edit_user action to index.php.
by SirGod
CVE-2009-3223 EXPLOITDB text VERIFIED
inout_adserver - Authenticated SQL Injection via id Parameter
SQL injection vulnerability in ppc-add-keywords.php in Inout Adserver allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
by boom3rang
CVE-2009-2778 EXPLOITDB text VERIFIED
GarageSales Script - Cross-Site Scripting via Key Parameter
Cross-site scripting (XSS) vulnerability in visitor/view.php in GarageSales Script allows remote attackers to inject arbitrary web script or HTML via the key parameter. NOTE: some of these details are obtained from third party information.
by Moudi
EIP-2026-105408 EXPLOITDB text VERIFIED
Basilic 1.5.13 - 'index.php' Cross-Site Scripting
by PLATEN
EIP-2026-105117 EXPLOITDB text VERIFIED
almond Classifieds ads - Blind SQL Injection / Cross-Site Scripting
by Moudi
CVE-2009-2780 EXPLOITDB text VERIFIED
68 Classifieds 4.1 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in 68 Classifieds 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to category.php, view parameter to (2) login.php and (3) viewlisting.php, page parameter to (4) searchresults.php and (5) toplistings.php, and (6) member parameter to viewmember.php.
by Moudi
CVE-2009-2780 EXPLOITDB text VERIFIED
68 Classifieds 4.1 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in 68 Classifieds 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to category.php, view parameter to (2) login.php and (3) viewlisting.php, page parameter to (4) searchresults.php and (5) toplistings.php, and (6) member parameter to viewmember.php.
by Moudi
CVE-2009-2780 EXPLOITDB text VERIFIED
68 Classifieds 4.1 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in 68 Classifieds 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to category.php, view parameter to (2) login.php and (3) viewlisting.php, page parameter to (4) searchresults.php and (5) toplistings.php, and (6) member parameter to viewmember.php.
by Moudi
CVE-2009-2780 EXPLOITDB text VERIFIED
68 Classifieds 4.1 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in 68 Classifieds 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to category.php, view parameter to (2) login.php and (3) viewlisting.php, page parameter to (4) searchresults.php and (5) toplistings.php, and (6) member parameter to viewmember.php.
by Moudi
CVE-2009-2780 EXPLOITDB text VERIFIED
68 Classifieds 4.1 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in 68 Classifieds 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to category.php, view parameter to (2) login.php and (3) viewlisting.php, page parameter to (4) searchresults.php and (5) toplistings.php, and (6) member parameter to viewmember.php.
by Moudi
CVE-2009-2780 EXPLOITDB text VERIFIED
68 Classifieds 4.1 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in 68 Classifieds 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to category.php, view parameter to (2) login.php and (3) viewlisting.php, page parameter to (4) searchresults.php and (5) toplistings.php, and (6) member parameter to viewmember.php.
by Moudi
EIP-2026-100968 EXPLOITDB text VERIFIED
NcFTPd 2.8.5 - Remote Jail Breakout
by kingcope
CVE-2009-4698 EXPLOITDB text VERIFIED
XOOPS Celepar Qas Module - SQL Injection via codigo or cod_categoria Parameter
Multiple SQL injection vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to execute arbitrary SQL commands via the codigo parameter to (1) aviso.php and (2) imprimir.php, and the (3) cod_categoria parameter to categoria.php.
by s4r4d0
CVE-2009-4714 EXPLOITDB text VERIFIED
XOOPS Celepar Quiz Module - Cross-Site Scripting via PATH_INFO to cadastro_usuario.php
Cross-site scripting (XSS) vulnerability in the quiz module for XOOPS Celepar allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to cadastro_usuario.php.
by s4r4d0
EIP-2026-113347 EXPLOITDB text VERIFIED
WebShop Hun 1.062s - '/index.php' Local File Inclusion / Cross-Site Scripting
by u.f.
EIP-2026-112811 EXPLOITDB text VERIFIED
TurnkeySetup Net Marketing 6.0 - 'faqs.php' Cross-Site Scripting
by Moudi
EIP-2026-112204 EXPLOITDB text VERIFIED
SkaLinks 1.5 - 'cat' Multiple Cross-Site Scripting Vulnerabilities
by Moudi
CVE-2009-2892 EXPLOITDB text VERIFIED
Scripteen Free Image Hosting Script 2.3 - SQL Injection via cookid or cookgid Cookie
Multiple SQL injection vulnerabilities in header.php in Scripteen Free Image Hosting Script 2.3 allow remote attackers to execute arbitrary SQL commands via a (1) cookid or (2) cookgid cookie.
by Coksnuss
CVE-2009-4987 EXPLOITDB text VERIFIED
Scripteen Free Image Hosting Script 2.3 - Unauthenticated Authentication Bypass via cookgid Cookie
admin/header.php in Scripteen Free Image Hosting Script 2.3 allows remote attackers to bypass authentication and gain administrative access by setting the cookgid cookie value to 1, a different vector than CVE-2008-3211.
by Qabandi
CVE-2009-2883 EXPLOITDB text VERIFIED
SaphpLesson 4.0 - SQL Injection via cp_username Parameter
SQL injection vulnerability in admin/login.php in SaphpLesson 4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cp_username parameter, related to an error in the CleanVar function in includes/functions.php.
by SwEET-DeViL