Text Exploits

31,392 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-4752 EXPLOITDB text VERIFIED
Swinger Club Portal - Remote Code Execution via Anzeiger Start PHP Go Parameter
PHP remote file inclusion vulnerability in anzeiger/start.php in Swinger Club Portal allows remote attackers to execute arbitrary PHP code via a URL in the go parameter.
by Moudi
CVE-2009-2437 EXPLOITDB text VERIFIED
Rentventory 1.0.1 - Cross-Site Scripting via Login Parameters
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Rentventory 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) username (aka Login) and (2) password parameters in a login action.
by 599eme Man
CVE-2009-2684 EXPLOITDB text VERIFIED
HP Printers - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote attackers to inject arbitrary web script or HTML via the (1) Product_URL or (2) Tech_URL parameter in an Apply action to the support_param.html/config script.
by sh2kerr
CVE-2009-2340 EXPLOITDB text VERIFIED
Opial 1.0 - SQL Injection via txtUserName Parameter
SQL injection vulnerability in admin/index.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the txtUserName (aka User Name) parameter. NOTE: some of these details are obtained from third party information.
by Moudi
CVE-2009-2339 EXPLOITDB text VERIFIED
Rentventory - SQL Injection via Product Parameter
SQL injection vulnerability in index.php in Rentventory allows remote attackers to execute arbitrary SQL commands via the product parameter.
by Moudi
CVE-2009-2388 EXPLOITDB text VERIFIED
Opial 1.0 - SQL Injection via txtPassword Parameter
SQL injection vulnerability in admin/index.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the txtPassword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Moudi
CVE-2009-2341 EXPLOITDB text VERIFIED
Opial 1.0 - SQL Injection via albumid Parameter
SQL injection vulnerability in albumdetail.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the albumid parameter.
by ThE g0bL!N
EIP-2026-106133 EXPLOITDB text VERIFIED
ConPresso 3.4.8 - 'detail.php' Blind SQL Injection
by tmh
EIP-2026-104960 EXPLOITDB text VERIFIED
AdminLog 0.5 - 'valid_login' Authentication Bypass
by SirGod
EIP-2026-103798 EXPLOITDB text VERIFIED
Oracle 10g - 'SYS.LT.COMPRESSWORKSPACETREE' SQL Injection (2)
by Sumit Siddharth
EIP-2026-103414 EXPLOITDB text VERIFIED
Apple Safari 4.x - JavaScript Reload Remote Crash
by SkyOut
CVE-2009-2344 EXPLOITDB text VERIFIED
Sourcefire DC/3D Sensor <4.8.2 - Privilege Escalation
The web-based management interfaces in Sourcefire Defense Center (DC) and 3D Sensor before 4.8.2 allow remote authenticated users to gain privileges via a $admin value for the admin parameter in an edit action to admin/user/user.cgi and unspecified other components.
by Gregory Duchemin
CVE-2009-2332 EXPLOITDB text VERIFIED
CMS Chainuk < 1.2 - Exposure of Sensitive Information via Crafted id Parameter
CMS Chainuk 1.2 and earlier allows remote attackers to obtain sensitive information via (1) a crafted id parameter to index.php or (2) a nonexistent folder name in the id parameter to admin/admin_delete.php, which reveals the installation path in an error message.
by eLwaux
CVE-2009-2331 EXPLOITDB text VERIFIED
CMS Chainuk < 1.2 - Remote PHP Code Injection via Menu or Title Parameter
Multiple static code injection vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to inject arbitrary PHP code (1) into settings.php via the menu parameter to admin_settings.php or (2) into a content/=NUMBER.php file via the title parameter to admin_new.php.
by eLwaux
CVE-2009-2330 EXPLOITDB text VERIFIED
CMS Chainuk < 1.2 - Cross-Site Scripting via Admin Menu Parameter
Cross-site scripting (XSS) vulnerability in admin/admin_menu.php in CMS Chainuk 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the menu parameter.
by eLwaux
CVE-2009-2328 EXPLOITDB text VERIFIED
KerviNet Forum < 1.1 - Unauthenticated SQL Injection and Arbitrary Account Deletion via del_user_id Parameter
admin/edit_user.php in KerviNet Forum 1.1 and earlier does not require administrative authentication, which allows remote attackers to delete arbitrary accounts and conduct SQL injection attacks via the del_user_id parameter.
by eLwaux
CVE-2009-2327 EXPLOITDB text VERIFIED
KerviNet Forum < 1.1 - Authenticated Cross-Site Scripting via v_variant1 Parameter
Cross-site scripting (XSS) vulnerability in add_voting.php in KerviNet Forum 1.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the v_variant1 parameter.
by eLwaux
CVE-2009-2326 EXPLOITDB text VERIFIED
KerviNet Forum <1.1 - SQL Injection
Multiple SQL injection vulnerabilities in KerviNet Forum 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) an enter_parol cookie to index.php in an auto action or (2) the topic parameter to message.php. NOTE: vector 2 can be leveraged for a cross-site scripting (XSS) attack.
by eLwaux
EIP-2026-109429 EXPLOITDB text VERIFIED
Messages Library 2.0 - Insecure Cookie Handling
by Stack
CVE-2009-2329 EXPLOITDB text VERIFIED
KerviNet Forum <1.1 - Info Disclosure
KerviNet Forum 1.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) admin/head.php, or (2) voting_diagram.php, (3) voting.php, (4) topics_search.php, (5) topics_list.php, (6) top_part.php, (7) quick_search.php, (8) quick_reply.php, (9) moder_menu.php, (10) messages_list.php, (11) menu.php, (12) head.php, (13) forums_list.php, (14) forum_statistics.php, (15) forum_info.php, or (16) birthday.php in include_files/, which reveals the installation path in an error message.
by eLwaux
CVE-2009-2333 EXPLOITDB text VERIFIED
CMS Chainuk < 1.2 - Path Traversal and Arbitrary File Execution via Menu Parameter
Multiple directory traversal vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the menu parameter to admin/admin_menu.php, and the id parameter to (2) index.php and (3) admin/admin_edit.php; and (4) delete arbitrary local files via a .. (dot dot) in the id parameter to admin/admin_delete.php. NOTE: vector 2 can be leveraged for static code injection by sending a crafted menu parameter to admin/admin_menu.php, and then sending an id=../menu.csv request to index.php.
by eLwaux
CVE-2009-2306 EXPLOITDB text VERIFIED
armassa ARD-9808 Software - Unauthenticated Sensitive Information Exposure via Direct Request
The ARD-9808 DVR card security camera stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing usernames and passwords via a direct request for dvr.ini.
by Septemb0x
CVE-2009-2783 EXPLOITDB text VERIFIED
XOOPS 2.3.3 - Cross-Site Scripting via op Parameter and Query String
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) op parameter to modules/pm/viewpmsg.php and (2) query string to modules/profile/user.php.
by Sense of Security
CVE-2009-2383 EXPLOITDB text VERIFIED
WordPress Related Sites 2.1 - SQL Injection
SQL injection vulnerability in BTE_RW_webajax.php in the Related Sites plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the guid parameter.
by eLwaux
EIP-2026-113684 EXPLOITDB text VERIFIED
WordPress Plugin DM Albums 1.9.2 - Remote File Disclosure
by Stack