Text Exploits

31,392 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-2233 EXPLOITDB text VERIFIED
AWScripts.com Gallery Search Engine 1.5 - Auth Bypass
The admin interface in AWScripts.com Gallery Search Engine 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the awse_logged cookie to 1.
by TiGeR-Dz
EIP-2026-103648 EXPLOITDB text VERIFIED
S.T.A.L.K.E.R. Clear Sky 1.0010 - Remote Denial of Service
by Luigi Auriemma
CVE-2009-2231 EXPLOITDB text VERIFIED
MIDAS 1.43 - Unauthenticated Authentication Bypass via Admin Cookie
MIDAS 1.43 allows remote attackers to bypass authentication and obtain administrative access via an admin account record in a MIDAS cookie.
by HxH
CVE-2009-2464 EXPLOITDB text VERIFIED
Mozilla Firefox <3.0.12 - Memory Corruption
The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3.0.12, SeaMonkey 2.0a1pre, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to loading multiple RDF files in a XUL tree element.
by Christophe Charron
CVE-2009-4690 EXPLOITDB text VERIFIED
YourFreeWorld Programs Rating Script - XSS
Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Programs Rating Script allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) rate.php and (2) postcomments.php.
by Moudi
CVE-2009-4690 EXPLOITDB text VERIFIED
YourFreeWorld Programs Rating Script - XSS
Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Programs Rating Script allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) rate.php and (2) postcomments.php.
by Moudi
EIP-2026-103445 EXPLOITDB text VERIFIED
Crysis 1.21/1.5 - HTTP/XML-RPC Service Access Violation Remote Denial of Service
by Luigi Auriemma
CVE-2009-2169 EXPLOITDB text VERIFIED
Edraw PDF Viewer Component <3.2.0.126 - RCE
Insecure method vulnerability in the PDFVIEWER.PDFViewerCtrl.1 ActiveX control (pdfviewer.ocx) in Edraw PDF Viewer Component before 3.2.0.126 allows remote attackers to create and overwrite arbitrary files via a URL argument to the FtpConnect argument and a target filename argument to the FtpDownloadFile method. NOTE: this can be leveraged for code execution by writing to a Startup folder.
by Jambalaya
EIP-2026-105961 EXPLOITDB text VERIFIED
CMS buzz - Cross-Site Scripting / Password Change / HTML Injection
by ThE g0bL!N
CVE-2009-2176 EXPLOITDB text VERIFIED
fuzzylime_cms <= 3.03a - Remote File Inclusion via Directory Traversal
Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) list parameter to code/confirm.php and the (2) template parameter to code/display.php.
by StAkeR
CVE-2009-2120 EXPLOITDB text VERIFIED
TekBase All-in-One 3.1 - SQL Injection
Multiple SQL injection vulnerabilities in TekBase All-in-One 3.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) ids parameter to admin.php, the (2) y parameter to members.php, and other unspecified vectors. NOTE: vector 1 requires administrative access.
by n3wb0ss
CVE-2009-2117 EXPLOITDB text VERIFIED
phPortal 1.0 - Unauthenticated Authentication Bypass via kulladi Cookie
uye_paneli.php in phPortal 1.0 allows remote attackers to bypass authentication and obtain administrative access by setting the kulladi cookie to a valid username.
by KnocKout
CVE-2009-2112 EXPLOITDB text VERIFIED
phpfk 7.03 - Path Traversal and Arbitrary File Inclusion via _FORUM[settings_design_style] Parameter
Directory traversal vulnerability in include/page_bottom.php in phpFK 7.03 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _FORUM[settings_design_style] parameter.
by ahmadbady
CVE-2009-2177 EXPLOITDB text VERIFIED
Fuzzylime CMS <3.03a - Path Traversal
code/display.php in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to conduct directory traversal attacks and overwrite arbitrary files via a "....//" (dot dot) in the s parameter, which is collapsed into a "../" value.
by StAkeR
CVE-2009-2109 EXPLOITDB text VERIFIED
FretsWeb 1.2 - Path Traversal via Language Parameter or Cookie
Multiple directory traversal vulnerabilities in FretsWeb 1.2 allow remote attackers to read arbitrary files via directory traversal sequences in the (1) language parameter to charts.php and the (2) fretsweb_language cookie parameter to unspecified vectors, possibly related to admin/common.php.
by YEnH4ckEr
CVE-2009-1897 EXPLOITDB text VERIFIED
Linux kernel 2.6.30-2.6.30.1 - Privilege Escalation
The tun_chr_poll function in drivers/net/tun.c in the tun subsystem in the Linux kernel 2.6.30 and 2.6.30.1, when the -fno-delete-null-pointer-checks gcc option is omitted, allows local users to gain privileges via vectors involving a NULL pointer dereference and an mmap of /dev/net/tun, a different vulnerability than CVE-2009-1894.
by Christian Borntraeger
EIP-2026-118761 EXPLOITDB text VERIFIED
McAfee 3.6.0.608 - 'naPolicyManager.dll' ActiveX Arbitrary Data Write
by callAX
EIP-2026-114461 EXPLOITDB text VERIFIED
XOOPS 2.3.3 - '.htaccess' Remote File Disclosure
by daath
EIP-2026-111125 EXPLOITDB text VERIFIED
PHPLive! 3.2.2 - 'request.php' SQL Injection
by boom3rang
EIP-2026-103752 EXPLOITDB text VERIFIED
World in Conflict 1.0.1 - Typecheck Remote Denial of Service
by Luigi Auriemma
CVE-2009-2129 EXPLOITDB text VERIFIED
elvinbts 1.2.0 - Cross-Site Request Forgery via Logout Action
Cross-site request forgery (CSRF) vulnerability in login.php in Elvin 1.2.0 allows remote attackers to hijack the authentication of arbitrary users via a logout action.
by SirGod
CVE-2009-2127 EXPLOITDB text VERIFIED
elvinbts 1.2.0 - Cross-Site Scripting via show_activity.php id Parameter
Cross-site scripting (XSS) vulnerability in show_activity.php in Elvin 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
by SirGod
CVE-2009-2124 EXPLOITDB text VERIFIED
elvinbts 1.2.0 - Path Traversal via Page.php ID Parameter
Directory traversal vulnerability in page.php in Elvin 1.2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter.
by SirGod
CVE-2009-2123 EXPLOITDB text VERIFIED
elvinbts 1.2.0 - SQL Injection via Username or Password Parameter
Multiple SQL injection vulnerabilities in Elvin 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) inUser (aka Username) and (2) inPass (aka Password) parameters to (a) inc/login.ei, reachable through login.php; and the (3) id parameter to (b) show_bug.php and (c) show_activity.php. NOTE: it was later reported that vector 3c also affects 1.2.2.
by SirGod
CVE-2009-2257 EXPLOITDB text VERIFIED
Netgear DG632 3.4.0_ap - Auth Bypass
The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and possibly (7) indextop.htm in html/.
by Tom Neaves