Text Exploits

31,392 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-4697 EXPLOITDB text VERIFIED
RadNICS Gold 5 - Cross-Site Scripting via Order or Fid Parameter
Multiple cross-site scripting (XSS) vulnerabilities in index.php in RadNICS Gold 5 allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter in a ulist action and the (2) fid parameter in a view_forum action.
by Moudi
CVE-2009-4695 EXPLOITDB text VERIFIED
RadScripts RadLance Gold 7.5 - SQL Injection
SQL injection vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action.
by Moudi
CVE-2009-3530 EXPLOITDB text VERIFIED
RadScripts RadBids Gold 4 - Cross-Site Scripting via Storefront Mode Parameter
Cross-site scripting (XSS) vulnerability in storefront.php in RadScripts RadBids Gold 4 allows remote attackers to inject arbitrary web script or HTML via the mode parameter.
by Moudi
CVE-2009-2554 EXPLOITDB text VERIFIED
Joomla! Jobline <1.3.1 - SQL Injection
SQL injection vulnerability in the search method in jobline.class.php in Jobline (com_jobline) 1.1.2.2, 1.3.1, and possibly earlier versions, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the search parameter in a results action to index.php, which invokes the search method from the searchJobPostings function in jobline.php.
by ManhLuat93
CVE-2009-3222 EXPLOITDB text VERIFIED
FreeWebScriptz Honest Traffic 1.x - Cross-Site Scripting via msg Parameter
Cross-site scripting (XSS) vulnerability in index.php in FreeWebScriptz Honest Traffic (FWSHT) 1.x allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
by Moudi
CVE-2009-4683 EXPLOITDB text VERIFIED
Good/Bad Vote <unknown> - Path Traversal
Directory traversal vulnerability in vote.php in Good/Bad Vote allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the id parameter in a dovote action. NOTE: some of these details are obtained from third party information.
by Moudi
EIP-2026-107386 EXPLOITDB text VERIFIED
Ger Versluis 2000 5.5 24 - 'SITE_fiche.php' SQL Injection
by DeCo017
CVE-2009-3719 EXPLOITDB text VERIFIED
Battle Blog 1.25 and 1.30 build 2 - Cross-Site Scripting via Comment
Cross-site scripting (XSS) vulnerability in comment.asp in Battle Blog 1.25 and 1.30 build 2 allows remote attackers to inject arbitrary web script or HTML via a comment.
by $qL_DoCt0r
CVE-2009-3596 EXPLOITDB text VERIFIED
JoxTechnology Ajox Poll - Unauthenticated Authentication Bypass via Direct Request to admin/managepoll.php
JoxTechnology Ajox Poll does not properly restrict access to admin/managepoll.php, which allows remote attackers to bypass authentication and gain administrative access via a direct request.
by SirGod
EIP-2026-103650 EXPLOITDB text VERIFIED
Sguil/PADS - Remote Server Crash
by Ataraxia
CVE-2009-2534 EXPLOITDB text VERIFIED
RealNetworks Helix Server <13.0.0 - DoS
RealNetworks Helix Server and Helix Mobile Server before 13.0.0 allow remote attackers to cause a denial of service (daemon crash) via an RTSP SETUP request that (1) specifies the / URI or (2) lacks a / character in the URI.
by Core Security
CVE-2009-1897 EXPLOITDB text VERIFIED
Linux kernel 2.6.30-2.6.30.1 - Privilege Escalation
The tun_chr_poll function in drivers/net/tun.c in the tun subsystem in the Linux kernel 2.6.30 and 2.6.30.1, when the -fno-delete-null-pointer-checks gcc option is omitted, allows local users to gain privileges via vectors involving a NULL pointer dereference and an mmap of /dev/net/tun, a different vulnerability than CVE-2009-1894.
by spender
CVE-2009-4562 EXPLOITDB text VERIFIED
Zenphoto 1.2.5 - Cross-Site Scripting via Admin.php From Parameter
Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenphoto 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the from parameter.
by petros
CVE-2009-3811 EXPLOITDB text VERIFIED
Music Tag Editor 1.61 build 212 - Stack-based Buffer Overflow via Long ID3 Tag in MP3 File
Stack-based buffer overflow in Music Tag Editor 1.61 build 212 allows remote attackers to execute arbitrary code via an MP3 file with a long ID3 tag. NOTE: some of these details are obtained from third party information.
by LiquidWorm
CVE-2009-1136 EXPLOITDB text VERIFIED
Microsoft Office Web Components Spreadsheet ActiveX Control - Remote Code Execution via msDataSourceObject Method
The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability."
by anonymous
EIP-2026-114949 EXPLOITDB text VERIFIED
Audio Editor Pro 2.91 - Remote Memory Corruption (PoC)
by LiquidWorm
CVE-2009-4563 EXPLOITDB text VERIFIED
Zenphoto 1.2.5 - Cross-Site Request Forgery via Admin Password Change
Cross-site request forgery (CSRF) vulnerability in zp-core/admin-options.php in Zenphoto 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via the 0-adminpass and 0-adminpass_2 parameters in a saveoptions action.
by petros
EIP-2026-113326 EXPLOITDB text VERIFIED
webLeague 2.2.0 - 'install.php' Remote Change Password
by TiGeR-Dz
CVE-2009-3595 EXPLOITDB text VERIFIED
VS PANEL 7.5.5 - SQL Injection via Cat_ID Parameter
SQL injection vulnerability in results.php in VS PANEL 7.5.5 allows remote attackers to execute arbitrary SQL commands via the Cat_ID parameter, a different vector than CVE-2009-3590.
by C0D3R-Dz
CVE-2009-2116 EXPLOITDB text VERIFIED
SkyBlueCanvas 1.1 r237 - Path Traversal
Directory traversal vulnerability in admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to list directory contents via a .. (dot dot) in the dir parameter.
by MaXe
CVE-2009-3601 EXPLOITDB text VERIFIED
Scriptsez Ultimate Poll - Cross-Site Scripting via demo_page.php clr Parameter
Cross-site scripting (XSS) vulnerability in demo_page.php in Scriptsez Ultimate Poll allows remote attackers to inject arbitrary web script or HTML via the clr parameter in a vote action.
by Moudi
CVE-2009-4749 EXPLOITDB text VERIFIED
PHP Live! 3.2.1-3.2.2 - SQL Injection via x Parameter
Multiple SQL injection vulnerabilities in PHP Live! 3.2.1 and 3.2.2 allow remote attackers to execute arbitrary SQL commands via the x parameter to (1) message_box.php and (2) request.php.
by boom3rang
EIP-2026-106371 EXPLOITDB text VERIFIED
dB Masters MultiMedia's Content Manager 4.5 - SQL Injection
by NoGe
EIP-2026-104508 EXPLOITDB text VERIFIED
XAMPP 1.6.x - 'showcode.php' Local File Inclusion
by MustLive
CVE-2009-1692 EXPLOITDB text VERIFIED
iPhone OS 1.0-2.2.1 and iPod touch 1.1-2.2.1 - Denial of Service via HTMLSelectElement Length Attribute
WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object.
by Thierry Zoller