Text Exploits

31,392 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-4693 EXPLOITDB text VERIFIED
GraFX MiniCWB 2.3.0 - Remote Code Execution via LANG Parameter File Inclusion
Multiple PHP remote file inclusion vulnerabilities in GraFX MiniCWB 2.3.0 allow remote attackers to execute arbitrary PHP code via a URL in the LANG parameter to (1) en.inc.php, (2) hu.inc.php, (3) no.inc.php, (4) ro.inc.php, and (5) ru.inc.php in language/.
by NoGe
CVE-2009-3716 EXPLOITDB text VERIFIED
MCshoutbox 1.1 - Authenticated Arbitrary File Upload via Admin Panel
Unrestricted file upload vulnerability in admin.php in MCshoutbox 1.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in smilies/.
by SirGod
CVE-2009-3858 EXPLOITDB text VERIFIED
GejoSoft - Cross-Site Scripting via PATH_INFO to photos/tags
Cross-site scripting (XSS) vulnerability in GejoSoft allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI in photos/tags.
by Moudi
CVE-2009-3599 EXPLOITDB text VERIFIED
HUBScript 1.0 - Cross-Site Scripting via bid_id Parameter
Cross-site scripting (XSS) vulnerability in single_winner1.php in HUBScript 1.0 allows remote attackers to inject arbitrary web script or HTML via the bid_id parameter.
by Moudi
CVE-2009-4684 EXPLOITDB text VERIFIED
EZodiak - Cross-Site Scripting via Sign Parameter
Cross-site scripting (XSS) vulnerability in index.php in EZodiak allows remote attackers to inject arbitrary web script or HTML via the sign parameter.
by Moudi
CVE-2009-2591 EXPLOITDB text VERIFIED
runcms myannonces - SQL Injection via lid Parameter
SQL injection vulnerability in the MyAnnonces module for E-Xoopport 3.1 allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewannonces action to index.php.
by Vrs-hCk
CVE-2009-2587 EXPLOITDB text VERIFIED
DragDropCart - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in DragDropCart allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to assets/js/ddcart.php, the (2) prefix parameter to includes/ajax/getstate.php, the search parameter to (3) index.php and (4) search.php, the (5) redirect parameter to login.php, and the (6) product parameter to productdetail.php.
by Moudi
CVE-2009-2587 EXPLOITDB text VERIFIED
DragDropCart - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in DragDropCart allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to assets/js/ddcart.php, the (2) prefix parameter to includes/ajax/getstate.php, the search parameter to (3) index.php and (4) search.php, the (5) redirect parameter to login.php, and the (6) product parameter to productdetail.php.
by Moudi
CVE-2009-2587 EXPLOITDB text VERIFIED
DragDropCart - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in DragDropCart allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to assets/js/ddcart.php, the (2) prefix parameter to includes/ajax/getstate.php, the search parameter to (3) index.php and (4) search.php, the (5) redirect parameter to login.php, and the (6) product parameter to productdetail.php.
by Moudi
CVE-2009-2587 EXPLOITDB text VERIFIED
DragDropCart - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in DragDropCart allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to assets/js/ddcart.php, the (2) prefix parameter to includes/ajax/getstate.php, the search parameter to (3) index.php and (4) search.php, the (5) redirect parameter to login.php, and the (6) product parameter to productdetail.php.
by Moudi
CVE-2009-2587 EXPLOITDB text VERIFIED
DragDropCart - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in DragDropCart allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to assets/js/ddcart.php, the (2) prefix parameter to includes/ajax/getstate.php, the search parameter to (3) index.php and (4) search.php, the (5) redirect parameter to login.php, and the (6) product parameter to productdetail.php.
by Moudi
CVE-2009-2587 EXPLOITDB text VERIFIED
DragDropCart - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in DragDropCart allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to assets/js/ddcart.php, the (2) prefix parameter to includes/ajax/getstate.php, the search parameter to (3) index.php and (4) search.php, the (5) redirect parameter to login.php, and the (6) product parameter to productdetail.php.
by Moudi
CVE-2009-4685 EXPLOITDB text VERIFIED
PHP Scripts Now Astrology - Cross-Site Scripting via Day Parameter
Cross-site scripting (XSS) vulnerability in celebrities.php in PHP Scripts Now Astrology allows remote attackers to inject arbitrary web script or HTML via the day parameter.
by Moudi
CVE-2009-2439 EXPLOITDB text VERIFIED
Web Development House Alibaba Clone - SQL Injection
Multiple SQL injection vulnerabilities in Web Development House Alibaba Clone allow remote attackers to execute arbitrary SQL commands via the (1) IndustryID parameter to category.php and the (2) SellerID parameter to supplier/view_contact_details.php. NOTE: this is a product that was developed by a third party; it is not associated with alibaba.com or the Alibaba Group.
by 599eme Man
CVE-2009-4686 EXPLOITDB text VERIFIED
phplemon AdQuick 2.2.1 - Cross-Site Scripting via red_url Parameter
Cross-site scripting (XSS) vulnerability in account.php in phplemon AdQuick 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the red_url parameter.
by Moudi
CVE-2009-1894 EXPLOITDB text VERIFIED
PulseAudio <0.9.14 - Privilege Escalation
Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink.
by anonymous
CVE-2009-2766 EXPLOITDB text VERIFIED
DD-WRT 24 sp1 - Unauthenticated Settings Modification via cgi-bin/
httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not require administrative authentication for programs under cgi-bin/, which allows remote attackers to change settings via HTTP requests.
by gat3way
CVE-2009-4696 EXPLOITDB text VERIFIED
RadNICS Gold 5 - SQL Injection via fid Parameter
SQL injection vulnerability in index.php in RadNICS Gold 5 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action.
by Moudi
CVE-2009-4692 EXPLOITDB text VERIFIED
RadScripts RadLance Gold 7.5 - Cross-Site Scripting via index.php pr Parameter
Cross-site scripting (XSS) vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to inject arbitrary web script or HTML via the pr parameter in a ulist action.
by Moudi
CVE-2009-4682 EXPLOITDB text VERIFIED
Good/Bad Vote - Cross-Site Scripting via Vote ID Parameter
Cross-site scripting (XSS) vulnerability in vote.php in Good/Bad Vote allows remote attackers to inject arbitrary web script or HTML via the id parameter in a vote action.
by Moudi
CVE-2009-3718 EXPLOITDB text VERIFIED
Battle Blog 1.25 and 1.30 build 2 - SQL Injection via UserName Parameter
SQL injection vulnerability in admin/authenticate.asp in Battle Blog 1.25 and 1.30 build 2 allows remote attackers to execute arbitrary SQL commands via the UserName parameter.
by $qL_DoCt0r
CVE-2009-3529 EXPLOITDB text VERIFIED
RadScripts RadBids Gold 4 - SQL Injection via fid Parameter
SQL injection vulnerability in index.php in RadScripts RadBids Gold 4 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action, a different vector than CVE-2005-1074.
by Moudi
CVE-2009-2533 EXPLOITDB text VERIFIED
RealNetworks Helix Server <13.0.0 - DoS
rmserver in RealNetworks Helix Server and Helix Mobile Server before 13.0.0 allows remote attackers to cause a denial of service (daemon exit) via multiple RTSP SET_PARAMETER requests with empty DataConvertBuffer headers.
by Core Security
CVE-2009-2552 EXPLOITDB text VERIFIED
Super Simple Blog Script 2.5.4 - Path Traversal
Multiple directory traversal vulnerabilities in comments.php in Super Simple Blog Script 2.5.4 allow remote attackers to overwrite, include, and execute arbitrary local files via the entry parameter.
by JIKO
CVE-2009-2553 EXPLOITDB text VERIFIED
Super Simple Blog Script 2.5.4 - SQL Injection
Multiple SQL injection vulnerabilities in comments.php in Super Simple Blog Script 2.5.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the entry parameter.
by JIKO