Text Exploits

31,392 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-112800 EXPLOITDB text VERIFIED
tsep 0.942.02 - Multiple Vulnerabilities
by eLwaux
CVE-2009-2382 EXPLOITDB CRITICAL text VERIFIED
phpMyBlockchecker 1.0.0055 - Auth Bypass
admin.php in phpMyBlockchecker 1.0.0055 allows remote attackers to bypass authentication and gain administrative access by setting the PHPMYBCAdmin cookie to LOGGEDIN.
by SirGod
CVSS 9.8
CVE-2009-3152 EXPLOITDB text VERIFIED
NTSOFT BBS E-Market Professional - Cross-Site Scripting via Page, bt_code, or b_no Parameters
Multiple cross-site scripting (XSS) vulnerabilities in becommunity/community/index.php in NTSOFT BBS E-Market Professional allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) bt_code, and (3) b_no parameters in a board view action.
by Ivan Sanchez
CVE-2009-2307 EXPLOITDB text VERIFIED
maxdev cwguestbook < 2.1 - SQL Injection via rid Parameter
SQL injection vulnerability in the CWGuestBook module 2.1 and earlier for MAXdev MDPro (aka MD-Pro) allows remote attackers to execute arbitrary SQL commands via the rid parameter in a viewrecords action to modules.php.
by Dante90
CVE-2009-2378 EXPLOITDB text VERIFIED
Jax FormMailer 3.0.0 - Remote Code Execution via BASE_DIR Parameter
PHP remote file inclusion vulnerability in formmailer.admin.inc.php in Jax FormMailer 3.0.0 allows remote attackers to execute arbitrary PHP code via a URL in the BASE_DIR[jax_formmailer] parameter.
by ahmadbady
EIP-2026-106478 EXPLOITDB text VERIFIED
DM FileManager 3.9.4 - Remote File Disclosure
by Stack
CVE-2009-2379 EXPLOITDB text VERIFIED
BIGACE Web CMS 2.6 - Path Traversal
Directory traversal vulnerability in public/index.php in BIGACE Web CMS 2.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter.
by CWD@rBe
CVE-2009-2396 EXPLOITDB text VERIFIED
DM Albums 1.9.2 - Remote Code Execution via SECURITY_FILE Parameter
PHP remote file inclusion vulnerability in template/album.php in DM Albums 1.9.2, as used standalone or as a WordPress plugin, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITY_FILE parameter.
by Septemb0x
EIP-2026-113421 EXPLOITDB text VERIFIED
WHOISCART - Authentication Bypass / Information Disclosure
by SecurityRules
CVE-2009-2398 EXPLOITDB text VERIFIED
PHP-Sugar 0.80 - Path Traversal via t Parameter
Directory traversal vulnerability in test/index.php in PHP-Sugar 0.80 allows remote attackers to read arbitrary files via a ..// (dot dot slash slash) in the t parameter.
by ahmadbady
CVE-2009-2361 EXPLOITDB text VERIFIED
osTicket < 1.6 - SQL Injection via Staff Username Parameter
SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter.
by Adam Baldwin
EIP-2026-109492 EXPLOITDB text VERIFIED
Miniweb 2.0 Site Builder Module - Multiple Cross-Site Scripting Vulnerabilities
by Moudi
CVE-2009-2394 EXPLOITDB text VERIFIED
SMSPages 1.0 - SQL Injection via CatID Parameter
SQL injection vulnerability in cat.php in SMSPages 1.0 in Mr.Saphp Arabic Script Mobile (aka Messages Library) 2.0 allows remote attackers to execute arbitrary SQL commands via the CatID parameter.
by SecurityRules
CVE-2009-2400 EXPLOITDB text VERIFIED
com_php - SQL Injection via id Parameter
SQL injection vulnerability in the PHP (com_php) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by Chip d3 bi0s
CVE-2009-2395 EXPLOITDB text VERIFIED
com_k2 < 1.0.1 - SQL Injection via Category Parameter
SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in an itemlist action to index.php.
by Chip d3 bi0s
CVE-2009-2399 EXPLOITDB text VERIFIED
DM FileManager 3.9.4 - Remote Code Execution via SECURITY_FILE Parameter
PHP remote file inclusion vulnerability in dm-albums/template/album.php in DM FileManager 3.9.4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITY_FILE parameter.
by Septemb0x
CVE-2009-2325 EXPLOITDB text VERIFIED
Clicknet CMS 2.1 - Path Traversal via Side Parameter
Directory traversal vulnerability in index.php in Clicknet CMS 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the side parameter.
by ThE g0bL!N
CVE-2009-2595 EXPLOITDB text
Censura 2.0.4 and 2.1.0 - Cross-Site Scripting via ProductSearch q Parameter
Cross-site scripting (XSS) vulnerability in productSearch.html in Censura 2.0.4 and 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a ProductSearch action.
by mark99
CVE-2009-2397 EXPLOITDB text VERIFIED
Audio Article Directory - Path Traversal
Directory traversal vulnerability in download.php in Audio Article Directory allows remote attackers to read arbitrary files via directory traversal sequences in the file parameter.
by ThE g0bL!N
CVE-2009-2275 EXPLOITDB text VERIFIED
cPanel - Path Traversal via Domain Parameter in Last Visit Stats Page
Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attackers to read arbitrary files via a .. (dot dot) in the domain parameter.
by SecurityRules
EIP-2026-109348 EXPLOITDB text VERIFIED
Matterdaddy Market 1.x - 'index.php' Cross-Site Scripting
by Moudi
EIP-2026-108827 EXPLOITDB text VERIFIED
Joomla! Component Permis 1.0 (com_groups) - 'id' SQL Injection
by Prince_Pwn3r
EIP-2026-103910 EXPLOITDB text VERIFIED
Google Chrome 2.0.172 - 'chrome://history/' URI Cross-Site Scripting
by Karn Ganeshen
CVE-2009-2772 EXPLOITDB text VERIFIED
PG Roommate Finder Solution - Cross-Site Scripting via Part Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PG Roommate Finder Solution allow remote attackers to inject arbitrary web script or HTML via the part parameter to (1) quick_search.php and (2) viewprofile.php.
by Moudi
CVE-2009-2772 EXPLOITDB text VERIFIED
PG Roommate Finder Solution - Cross-Site Scripting via Part Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PG Roommate Finder Solution allow remote attackers to inject arbitrary web script or HTML via the part parameter to (1) quick_search.php and (2) viewprofile.php.
by Moudi