Text Exploits

31,392 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-101305 EXPLOITDB text VERIFIED
HTC / Windows Mobile OBEX FTP Service - Directory Traversal
by Alberto Tablado
CVE-2009-4854 EXPLOITDB text VERIFIED
TalkBack 2.3.14 - Remote Code Execution via Import.php Result Parameter
addons/import.php in TalkBack 2.3.14 allows remote attackers to execute arbitrary commands via the result parameter.
by JIKO
CVE-2008-3371 EXPLOITDB text VERIFIED
TalkBack < 2.3.6.2 - Remote File Inclusion via Language Parameter
Directory traversal vulnerability in install/help.php in TalkBack 2.3.5, and other versions before 2.3.6.2, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.
by JIKO
EIP-2026-119173 EXPLOITDB text VERIFIED
Sun One WebServer 6.1 - .JSP Source Viewing
by kingcope
CVE-2009-2544 EXPLOITDB text VERIFIED
Marcelo Costa FileServer <1.0 - Path Traversal
Directory traversal vulnerability in the Marcelo Costa FileServer component 1.0 for Microsoft Windows Live Messenger and Messenger Plus! Live (MPL) allows remote authenticated users to list arbitrary directories and read arbitrary files via a .. (dot dot) in a pathname.
by joepie91
CVE-2009-1830 EXPLOITDB text VERIFIED
Soulseek 156 and 157 NS - Stack-Based Buffer Overflow via Long Search Query
Stack-based buffer overflow in Soulseek 156 and 157 NS allows remote attackers to execute arbitrary code via a long search query.
by laurent gaffié
EIP-2026-113242 EXPLOITDB text VERIFIED
webasyst shop-script - Blind SQL Injection / Cross-Site Scripting
by Vrs-hCk
EIP-2026-113241 EXPLOITDB text VERIFIED
WebAsyst Shop-Script - 'index.php' Cross-Site Scripting
by Vrs-hCk
CVE-2009-4874 EXPLOITDB text VERIFIED
TalkBack 2.3.14 - Unauthenticated Comment Modification via comments.php
TalkBack 2.3.14 does not properly restrict access to the edit comment feature (comments.php), which allows remote attackers to modify comments.
by JIKO
EIP-2026-112426 EXPLOITDB text VERIFIED
StatsCode - Multiple Cross-Site Scripting Vulnerabilities
by 599eme Man
CVE-2009-2443 EXPLOITDB text VERIFIED
Siteframe 3.2.x - Information Exposure via phpinfo.php Direct Request
Siteframe 3.2.3, and other 3.2.x versions, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.
by NoGe
CVE-2009-2441 EXPLOITDB text VERIFIED
Online Guestbook Pro 5.1 - Cross-Site Scripting via entry Parameter
Cross-site scripting (XSS) vulnerability in ogp_show.php in Online Guestbook Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter.
by Moudi
EIP-2026-109613 EXPLOITDB text VERIFIED
MRCGIGUY Thumbnail Gallery Post 1b - Arbitrary File Upload
by ThE g0bL!N
CVE-2009-2440 EXPLOITDB text VERIFIED
JNM Guestbook 3.0 - Cross-Site Scripting via Page Parameter
Cross-site scripting (XSS) vulnerability in index.php in JNM Guestbook 3.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
by Moudi
EIP-2026-107430 EXPLOITDB text VERIFIED
Glossword 1.8.11 - Arbitrary Uninstall / Install
by Evil-Cod3r
EIP-2026-106739 EXPLOITDB text VERIFIED
EasyVillaRentalSite - 'id' SQL Injection
by BazOka-HaCkEr
CVE-2009-3535 EXPLOITDB text VERIFIED
Clear Content 1.1 - Path Traversal via Image.php URL Parameter
Directory traversal vulnerability in image.php in Clear Content 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. NOTE: the researcher also suggests an analogous PHP remote file inclusion vulnerability, but this may be incorrect.
by MizoZ
EIP-2026-103823 EXPLOITDB text VERIFIED
xscreensaver 5.01 - Arbitrary File Disclosure Symlink
by kingcope
EIP-2026-103591 EXPLOITDB text VERIFIED
MySQL 5.0.45 - (Authenticated) COM_CREATE_DB Format String (PoC)
by kingcope
EIP-2026-111678 EXPLOITDB text VERIFIED
Rapidsendit Clone Script - 'admin.php' Insecure Cookie Authentication Bypass
by NoGe
CVE-2009-2442 EXPLOITDB text VERIFIED
linea21 1.2.1 - Cross-Site Scripting via Search Parameter
Cross-site scripting (XSS) vulnerability in public/index.php in Linea21 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a resultats-recherche action.
by 599eme Man
EIP-2026-108097 EXPLOITDB text VERIFIED
JNM Solutions DB Top Sites 1.0 - 'vote.php' Cross-Site Scripting
by Moudi
CVE-2009-2428 EXPLOITDB text VERIFIED
Tausch Ticket Script 3 - SQL Injection
Multiple SQL injection vulnerabilities in Tausch Ticket Script 3 allow remote attackers to execute arbitrary SQL commands via the (1) userid parameter to suchauftraege_user.php and the (2) descr parameter to vote.php; and other unspecified vectors.
by Moudi
CVE-2009-2428 EXPLOITDB text VERIFIED
Tausch Ticket Script 3 - SQL Injection
Multiple SQL injection vulnerabilities in Tausch Ticket Script 3 allow remote attackers to execute arbitrary SQL commands via the (1) userid parameter to suchauftraege_user.php and the (2) descr parameter to vote.php; and other unspecified vectors.
by Moudi
CVE-2009-4751 EXPLOITDB text VERIFIED
Swinger Club Portal - Anzeiger <start.php - SQL Injection
SQL injection vulnerability in anzeiger/start.php in Swinger Club Portal allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik action.
by Moudi