Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-0821 EXPLOITDB text VERIFIED
OSI Codes Inc. PHP Live! 3.2.2 - SQL Injection via questid Parameter
SQL injection vulnerability in admin/traffic/knowledge_searchm.php in OSI Codes Inc. PHP Live! 3.2.2 allows remote attackers to execute arbitrary SQL commands via the questid parameter in an expand_question action.
by skys
EIP-2026-109471 EXPLOITDB text VERIFIED
Million-Dollar Pixel Ads Platinum - SQL Injection / Cross-Site Scripting
by Moudi
EIP-2026-109469 EXPLOITDB text VERIFIED
Million Dollar Pixel Ads - Cross-Site Scripting / SQL Injection
by Moudi
EIP-2026-108908 EXPLOITDB text VERIFIED
Joomla! Extension UIajaxIM 1.1 - JavaScript Execution
by 599eme Man
EIP-2026-106422 EXPLOITDB text VERIFIED
Deonixscripts Templates Management 1.3 - SQL Injection
by d3b4g
EIP-2026-105931 EXPLOITDB text VERIFIED
Clipbucket 1.7.1 - Multiple SQL Injections
by Qabandi
EIP-2026-105926 EXPLOITDB text VERIFIED
Clip Bucket 1.7.1 - Insecure Cookie Handling
by Qabandi
CVE-2009-2881 EXPLOITDB text VERIFIED
Basilic 1.5.13 - SQL Injection via idAuthor Parameter
Multiple SQL injection vulnerabilities in Basilic 1.5.13 allow remote attackers to execute arbitrary SQL commands via the idAuthor parameter to (1) index.php and possibly (2) allpubs.php in publications/.
by NoGe
CVE-2009-3218 EXPLOITDB text VERIFIED
AR Web Content Manager 2.1 - SQL Injection via Username Parameter
SQL injection vulnerability in control/login.php in AR Web Content Manager (AWCM) 2.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
by SwEET-DeViL
EIP-2026-110726 EXPLOITDB text VERIFIED
PHP Melody 1.5.3 - Arbitrary File Upload Injection
by Chip d3 bi0s
EIP-2026-108412 EXPLOITDB text VERIFIED
Joomla! Component com_Joomlaoads - 'packageId' SQL Injection
by Mr.tro0oqy
CVE-2009-0299 EXPLOITDB text VERIFIED
Groone GLinks 2.1 - SQL Injection via Cat Parameter
SQL injection vulnerability in index.php in Groone GLinks 2.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
by 599eme Man
CVE-2009-3219 EXPLOITDB text VERIFIED
AR Web Content Manager 2.1 - Remote File Inclusion via 'a' Parameter
Directory traversal vulnerability in a.php in AR Web Content Manager (AWCM) 2.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the a parameter.
by SwEET-DeViL
EIP-2026-110608 EXPLOITDB text VERIFIED
Phorum 5.2.11 - Persistent Cross-Site Scripting
by Crashfr
CVE-2009-4680 EXPLOITDB text VERIFIED
phpDirectorySource 1.x - SQL Injection
SQL injection vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to execute arbitrary SQL commands via the st parameter.
by Moudi
CVE-2009-2564 EXPLOITDB text VERIFIED
NOS Microsystems getPlus Download Manager - Privilege Escalation
NOS Microsystems getPlus Download Manager, as used in Adobe Reader 1.6.2.36 and possibly other versions, Corel getPlus Download Manager before 1.5.0.48, and possibly other products, installs NOS\bin\getPlus_HelperSvc.exe with insecure permissions (Everyone:Full Control), which allows local users to gain SYSTEM privileges by replacing getPlus_HelperSvc.exe with a Trojan horse program, as demonstrated by use of getPlus Download Manager within Adobe Reader. NOTE: within Adobe Reader, the scope of this issue is limited because the program is deleted and the associated service is not automatically launched after a successful installation and reboot.
by Jeremy Brown
CVE-2009-4681 EXPLOITDB text VERIFIED
phpDirectorySource 1.x - Cross-Site Scripting via search.php st Parameter
Cross-site scripting (XSS) vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to inject arbitrary web script or HTML via the st parameter.
by Moudi
CVE-2009-2888 EXPLOITDB text VERIFIED
PHP Scripts Now Hangman - SQL Injection via index.php n Parameter
SQL injection vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to execute arbitrary SQL commands via the n parameter.
by Moudi
CVE-2009-2889 EXPLOITDB text VERIFIED
PHP Scripts Now Hangman - Cross-Site Scripting via Letters Parameter
Cross-site scripting (XSS) vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to inject arbitrary web script or HTML via the letters parameter.
by Moudi
EIP-2026-109762 EXPLOITDB text VERIFIED
MyDLstore Pixel Ad Script - 'payment.php' Cross-Site Scripting
by Moudi
EIP-2026-109761 EXPLOITDB text VERIFIED
MyDLstore Meta Search Engine Script 1.0 - 'url' Remote File Inclusion
by Moudi
EIP-2026-109430 EXPLOITDB text VERIFIED
Meta Search Engine Script - 'url' Local File Disclosure
by Moudi
CVE-2009-4691 EXPLOITDB text VERIFIED
Classified Linktrader Script - SQL Injection
SQL injection vulnerability in addlink.php in Classified Linktrader Script allows remote attackers to execute arbitrary SQL commands via the slctCategories parameter.
by Moudi
CVE-2009-3509 EXPLOITDB text VERIFIED
CJ Dynamic Poll PRO 2.0 - Cross-Site Scripting via PATH_INFO
Cross-site scripting (XSS) vulnerability in admin/admin_index.php in CJ Dynamic Poll PRO 2.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
by Moudi
EIP-2026-105194 EXPLOITDB text VERIFIED
APBook 1.3 - Admin Login Multiple SQL Injections
by n3w7u