Text Exploits

31,392 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-108575 EXPLOITDB text VERIFIED
Joomla! Component com_user - 'view' Open Redirection
by 599eme Man
EIP-2026-108200 EXPLOITDB text VERIFIED
Joomla! Component Almond Classifieds 7.5 - Cross-Site Scripting / SQL Injection
by Moudi
CVE-2009-3226 EXPLOITDB text VERIFIED
Almond Classifieds Ads Enterprise and Almond Affiliate Network Classifieds - SQL Injection via replid Parameter
SQL injection vulnerability in index.php in AlmondSoft Almond Classifieds Ads Enterprise and Almond Affiliate Network Classifieds allows remote attackers to execute arbitrary SQL commands via the replid parameter in a manw_repl add_form action. NOTE: some of these details are obtained from third party information.
by Moudi
CVE-2009-3225 EXPLOITDB text VERIFIED
Almond Classifieds - Cross-Site Scripting via Page or Address Parameter
Multiple cross-site scripting (XSS) vulnerabilities in AlmondSoft Almond Classifieds Wap and Pro, and possibly Almond Affiliate Network Classifieds, allow remote attackers to inject arbitrary web script or HTML via (1) the page parameter in a browse action to index.php or (2) the addr parameter to gmap.php. NOTE: some of these details are obtained from third party information.
by Moudi
CVE-2009-3225 EXPLOITDB text VERIFIED
Almond Classifieds - Cross-Site Scripting via Page or Address Parameter
Multiple cross-site scripting (XSS) vulnerabilities in AlmondSoft Almond Classifieds Wap and Pro, and possibly Almond Affiliate Network Classifieds, allow remote attackers to inject arbitrary web script or HTML via (1) the page parameter in a browse action to index.php or (2) the addr parameter to gmap.php. NOTE: some of these details are obtained from third party information.
by Moudi
CVE-2009-3220 EXPLOITDB text VERIFIED
Tecnick Aiocp - Code Injection
PHP remote file inclusion vulnerability in cp_html2txt.php in All In One Control Panel (AIOCP) 1.4.001 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
by Hadi Kiamarsi
EIP-2026-103681 EXPLOITDB text VERIFIED
TrackMania 2.11.11 - Multiple Remote Vulnerabilities
by Luigi Auriemma
CVE-2009-2392 EXPLOITDB text VERIFIED
Virtuenetz Virtue Online Test Generator - SQL Injection
SQL injection vulnerability in text.php in Virtuenetz Virtue Online Test Generator allows remote attackers to execute arbitrary SQL commands via the tid parameter.
by HxH
CVE-2009-2391 EXPLOITDB text VERIFIED
Virtuenetz Virtue Online Test Generator - XSS
Cross-site scripting (XSS) vulnerability in text.php in Virtuenetz Virtue Online Test Generator allows remote attackers to inject arbitrary web script or HTML via the tid parameter.
by HxH
CVE-2008-2565 EXPLOITDB text VERIFIED
php-address_book < 4.0 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected.
by YEnH4ckEr
CVE-2009-2393 EXPLOITDB text VERIFIED
Virtuenetz Virtue Online Test Generator - Info Disclosure
admin/index.php in Virtuenetz Virtue Online Test Generator does not require administrative privileges, which allows remote authenticated users to have an unknown impact via unspecified vectors.
by HxH
CVE-2009-2608 EXPLOITDB text VERIFIED
PHP Address Book 4.0.x - SQL Injection
Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565.
by YEnH4ckEr
CVE-2009-2263 EXPLOITDB text VERIFIED
Awesome PHP Mega File Manager 1.0 - Path Traversal
Directory traversal vulnerability in index.php in Awesome PHP Mega File Manager 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
by SirGod
CVE-2009-2366 EXPLOITDB text VERIFIED
DataCheck Solutions ForumPal FE 1.1 & 1.5 - SQL Injection
SQL injection vulnerability in login.asp in DataCheck Solutions ForumPal FE 1.1 and ForumPal 1.5 allows remote attackers to execute arbitrary SQL commands via the (1) password parameter in 1.1 and (2) p_password parameter in 1.5. NOTE: some of these details are obtained from third party information.
by ThE g0bL!N
CVE-2009-2611 EXPLOITDB text VERIFIED
MyFusion 6 Beta - Path Traversal and Arbitrary File Execution via settings[locale] Parameter
Directory traversal vulnerability in infusions/last_seen_users_panel/last_seen_users_panel.php in MyFusion (aka MyF) 6 Beta, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the settings[locale] parameter.
by CraCkEr
CVE-2009-2618 EXPLOITDB text VERIFIED
MDPro 1.083.x - SQL Injection via PollID Parameter
SQL injection vulnerability in the Surveys (aka NS-Polls) module in MDPro (MD-Pro) 1.083.x allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results action to modules.php.
by XaDoS
EIP-2026-105147 EXPLOITDB text VERIFIED
AlumniServer 1.0.1 - Authentication Bypass
by YEnH4ckEr
CVE-2009-2401 EXPLOITDB text VERIFIED
PHPEcho CMS 2.0-rc3 - Stored Cross-Site Scripting via Forum Post
Cross-site scripting (XSS) vulnerability in PHPEcho CMS 2.0-rc3 allows remote attackers to inject arbitrary web script or HTML via a forum post.
by JosS
CVE-2009-2893 EXPLOITDB text VERIFIED
XZero Community Classifieds 4.97.8 - Cross-Site Scripting via postevent or _xzcal_y Parameter
Multiple cross-site scripting (XSS) vulnerabilities in index.php in XZero Community Classifieds 4.97.8 allow remote attackers to inject arbitrary web script or HTML via (1) the postevent parameter in a post action or (2) the _xzcal_y parameter.
by Moudi
CVE-2009-2220 EXPLOITDB text VERIFIED
Tribiq CMS 5.0.12c - Path Traversal
Multiple directory traversal vulnerabilities in Tribiq CMS 5.0.12c, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and possibly execute arbitrary files via directory traversal sequences in the template_path parameter to (1) masthead.inc.php, (2) toppanel.inc.php, and (3) contact.inc.php in templates/mytribiqsite/tribiq-CL-9000/includes; and the use_template_family parameter to (4) templates/mytribiqsite/tribiq-CL-9000/includes/nlarlist_content.inc.php. NOTE: the tribal-GPL-1066/includes/header.inc.php vector is already covered by CVE-2008-4894.
by CraCkEr
CVE-2009-3513 EXPLOITDB text VERIFIED
Pilot Group pg_etraining - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Pilot Group (PG) eTraining allow remote attackers to inject arbitrary web script or HTML via (1) the cat_id parameter to courses_login.php, the id parameter to (2) news_read.php or (3) lessons_login.php, or (4) the cur parameter in a start action to lessons_login.php.
by Moudi
CVE-2009-3513 EXPLOITDB text VERIFIED
Pilot Group pg_etraining - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Pilot Group (PG) eTraining allow remote attackers to inject arbitrary web script or HTML via (1) the cat_id parameter to courses_login.php, the id parameter to (2) news_read.php or (3) lessons_login.php, or (4) the cur parameter in a start action to lessons_login.php.
by Moudi
CVE-2009-3513 EXPLOITDB text VERIFIED
Pilot Group pg_etraining - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Pilot Group (PG) eTraining allow remote attackers to inject arbitrary web script or HTML via (1) the cat_id parameter to courses_login.php, the id parameter to (2) news_read.php or (3) lessons_login.php, or (4) the cur parameter in a start action to lessons_login.php.
by Moudi
CVE-2009-2402 EXPLOITDB text VERIFIED
PHPEcho CMS <2.0-rc3 - SQL Injection
SQL injection vulnerability in index.php in the forum module in PHPEcho CMS 2.0-rc3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a thread action, a different vector than CVE-2008-0355.
by JosS
CVE-2009-2882 EXPLOITDB text VERIFIED
PG MatchMaking - Cross-Site Scripting via show/gender/id Parameters
Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) browse_ladies.php and (2) browse_men.php, the (3) gender parameter to search.php, and the (4) id parameter to services.php.
by Moudi