Text Exploits

31,392 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-2542 EXPLOITDB text VERIFIED
Netscape Navigator - Denial of Service via Select Object Length Property
Netscape 6 and 8 allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
by Thierry Zoller
CVE-2009-2541 EXPLOITDB HIGH text VERIFIED
Sony PLAYSTATION 3 - Denial of Service via Large Select Object Length Property
The web browser on the Sony PLAYSTATION 3 (PS3) allows remote attackers to cause a denial of service (memory consumption and console hang) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
by Thierry Zoller
CVSS 7.5
CVE-2009-2540 EXPLOITDB text VERIFIED
Opera < 9.64 - Denial of Service via Large Select Object Length Property
Opera, possibly 9.64 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
by Thierry Zoller
CVE-2009-2539 EXPLOITDB text VERIFIED
aigo_md_p8860 - Denial of Service via Large Select Object Length Property
The Aigo P8860 allows remote attackers to cause a denial of service (memory consumption and browser hang) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
by Thierry Zoller
CVE-2009-2538 EXPLOITDB text VERIFIED
Nokia Symbian OS 9.2 - Denial of Service via Large Select Object Length Property
The Nokia N95 running Symbian OS 9.2, N82, and N810 Internet Tablet allow remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
by Thierry Zoller
CVE-2009-2537 EXPLOITDB text VERIFIED
KDE Konqueror - Denial of Service via Large Select Object Length Property
KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
by Thierry Zoller
CVE-2009-2536 EXPLOITDB text VERIFIED
Microsoft Internet Explorer <9 - DoS
Microsoft Internet Explorer 5 through 8 allows remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
by Thierry Zoller
CVE-2009-4748 EXPLOITDB text VERIFIED
My Category Order <2.8 - SQL Injection
SQL injection vulnerability in mycategoryorder.php in the My Category Order plugin 2.8 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the parentID parameter in an act_OrderCategories action to wp-admin/post-new.php.
by Manh Luat
CVE-2009-4560 EXPLOITDB text VERIFIED
WebLeague 2.2.0 - SQL Injection via Profile Name Parameter
SQL injection vulnerability in profile.php in WebLeague 2.2.0 allows remote attackers to execute arbitrary SQL commands via the name parameter.
by Arka69
CVE-2009-3541 EXPLOITDB text VERIFIED
phpgenealogy 2.0 - Remote Code Execution via DataDirectory Parameter
PHP remote file inclusion vulnerability in CoupleDB.php in PHPGenealogy 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the DataDirectory parameter.
by Khashayar Fereidani
EIP-2026-107784 EXPLOITDB text VERIFIED
ILIAS Lms 3.9.9/3.10.7 - Arbitrary Edition / Information Disclosure
by YEnH4ckEr
CVE-2009-3598 EXPLOITDB text VERIFIED
ecardmax.com FormXP 2007 - Cross-Site Scripting via survey_result.php sid Parameter
Cross-site scripting (XSS) vulnerability in survey_result.php in eCardMAX FormXP 2007 allows remote attackers to inject arbitrary web script or HTML via the sid parameter.
by Moudi
CVE-2009-2557 EXPLOITDB text VERIFIED
Admin News Tools 2.5 - Path Traversal
Directory traversal vulnerability in system/download.php in Admin News Tools 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the fichier parameter.
by Securitylab.ir
CVE-2009-2558 EXPLOITDB text VERIFIED
Admin News Tools 2.5 - Unauthenticated News Message Posting via Direct Request
system/message.php in Admin News Tools 2.5 does not properly restrict access, which allows remote attackers to post news messages via a direct request.
by Securitylab.ir
CVE-2009-2535 EXPLOITDB text VERIFIED
Mozilla Firefox <2.0.0.19 & 3.x <3.0.5 - DoS
Mozilla Firefox before 2.0.0.19 and 3.x before 3.0.5, SeaMonkey, and Thunderbird allow remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
by Thierry Zoller
CVE-2009-3823 EXPLOITDB text VERIFIED
Mobilelib GOLD 3.0 - Path Traversal via GLOBALS[page] Parameter
Directory traversal vulnerability in myhtml.php in Mobilelib GOLD 3.0, when magic_quotes_gpc is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the GLOBALS[page] parameter.
by Qabandi
EIP-2026-106749 EXPLOITDB text VERIFIED
eCardMAX - Multiple Cross-Site Scripting Vulnerabilities
by Moudi
EIP-2026-103239 EXPLOITDB text VERIFIED
Virtualmin < 3.703 - Multiple Local/Remote Vulnerabilities
by Filip Palian
CVE-2009-2925 EXPLOITDB text VERIFIED
DJCalendar - Path Traversal via TEMPLATE Parameter
Directory traversal vulnerability in DJcalendar.cgi in DJCalendar allows remote attackers to read arbitrary files via a .. (dot dot) in the TEMPLATE parameter.
by cibbao
CVE-2009-4750 EXPLOITDB text VERIFIED
Top Paidmailer - Remote Code Execution via home.php page Parameter
PHP remote file inclusion vulnerability in home.php in Top Paidmailer allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
by Moudi
EIP-2026-110051 EXPLOITDB text VERIFIED
onepound shop 1.x - 'products.php' SQL Injection
by Affix
CVE-2009-2593 EXPLOITDB text VERIFIED
Censura 1.16.04 - SQL Injection via itemid Parameter
SQL injection vulnerability in censura.php in Censura 1.16.04 allows remote attackers to execute arbitrary SQL commands via the itemid parameter in a details action.
by Vrs-hCk
EIP-2026-110640 EXPLOITDB text VERIFIED
PHP AdminPanel Free 1.0.5 - Remote File Disclosure
by Khashayar Fereidani
CVE-2009-2594 EXPLOITDB text VERIFIED
Censura 1.16.04 - Cross-Site Scripting via itemid Parameter
Cross-site scripting (XSS) vulnerability in censura.php in Censura 1.16.04 allows remote attackers to inject arbitrary web script or HTML via the itemid parameter in a details action.
by Vrs-hCk
CVE-2009-3752 EXPLOITDB text VERIFIED
Opial 1.0 - SQL Injection via Genres Parent Parameter
SQL injection vulnerability in home.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the genres_parent parameter.
by LMaster