Text Exploits

31,392 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-2256 EXPLOITDB text VERIFIED
Netgear DG632 3.4.0_ap - Denial of Service via Firmware Configuration CGI Endpoint
The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to cause a denial of service (web outage) via an HTTP POST request to cgi-bin/firmwarecfg.
by Tom Neaves
CVE-2009-2551 EXPLOITDB text VERIFIED
ScriptsEz Easy Image Downloader - XSS
Multiple cross-site scripting (XSS) vulnerabilities in ScriptsEz Easy Image Downloader allow remote attackers to inject arbitrary web script or HTML via the id parameter in a detail action to (1) main.php and possibly (2) demo_page.php.
by Moudi
CVE-2009-1975 EXPLOITDB text VERIFIED
BEA Product Suite 10.3 - Info Disclosure
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3 allows remote attackers to affect confidentiality, integrity, and availability, related to the WLS Console Package.
by Alexandr Polyakov
CVE-2009-1020 EXPLOITDB text VERIFIED
Oracle Database 9.2.0.8/10.1.0.5/10.2.0.4/11.1.0.7 - Remote Authenticated Impact via Network Foundation
Unspecified vulnerability in the Network Foundation component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
by Dennis Yurichev
CVE-2009-1968 EXPLOITDB text VERIFIED
Oracle Database 10.1.8.3 - Cross-Site Scripting via Secure Enterprise Search Parameter
Unspecified vulnerability in the Secure Enterprise Search component in Oracle Database 10.1.8.3 allows remote attackers to affect integrity via unknown vectors. NOTE: the previous information was obtained from the July 2009 CPU. Oracle has not commented on claims from an established researcher that this is cross-site scripting (XSS) via the search_p_groups parameter in search/query/search.
by Alexandr Polyakov
CVE-2009-1970 EXPLOITDB text VERIFIED
Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, 11.1.0.7 - Denial of Service in Listener Component
Unspecified vulnerability in the Listener component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2009-0991.
by Dennis Yurichev
CVE-2009-1963 EXPLOITDB text VERIFIED
Oracle Database 11.1.0.6 - Info Disclosure
Unspecified vulnerability in the Network Foundation component in Oracle Database 11.1.0.6 allows remote authenticated users to affect integrity and availability via unknown vectors.
by Dennis Yurichev
CVE-2009-1422 EXPLOITDB text VERIFIED
HP ProCurve Threat Management Services <ST.1.0.090213 - Privilege E...
Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to gain privileges via unknown vectors, aka PR_41209.
by anonymous
CVE-2009-2133 EXPLOITDB text VERIFIED
Pivot 1.40.4 and 1.40.7 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.40.4 and 1.40.7 allow remote attackers to inject arbitrary web script or HTML via the (1) menu or (2) sort parameter to pivot/index.php, (3) the value of a check array parameter in a delete action to pivot/index.php, (4) the element name in a check array parameter in a delete action to pivot/index.php, (5) the edituser parameter in an edituser action to pivot/index.php, (6) the edit parameter in a templates action to pivot/index.php, (7) the blog parameter in a blog_edit1 action to pivot/index.php, (8) the cat parameter in a cat_edit action to pivot/index.php, (9) a certain form field in a doaction=1 request to pivot/index.php, (10) the url field in a my_weblog edit_prefs action to pivot/user.php, or (11) the username (aka name) field in a my_weblog reg_user action to pivot/user.php.
by intern0t
CVE-2009-2131 EXPLOITDB text VERIFIED
4images <= 1.7.7 - Authenticated Cross-Site Scripting via User Homepage Parameter
Cross-site scripting (XSS) vulnerability in 4images 1.7.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML by providing a crafted user_homepage parameter to member.php, and then posting a comment associated with a picture.
by Qabandi
CVE-2009-20008 EXPLOITDB HIGH text VERIFIED
Green Dam Youth Escort <3.17 - Buffer Overflow
Green Dam Youth Escort version 3.17 is vulnerable to a stack-based buffer overflow when processing overly long URLs. The flaw resides in the URL filtering component, which fails to properly validate input length before copying user-supplied data into a fixed-size buffer. A remote attacker can exploit this vulnerability by enticing a user to visit a specially crafted webpage containing a long URL, resulting in arbitrary code execution.
by seer[N.N.U]
CVE-2009-2149 EXPLOITDB text VERIFIED
Campus Virtual-LMS - Cross-Site Scripting via courseid, search, or siteid Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Campus Virtual-LMS allow remote attackers to inject arbitrary web script or HTML via the (1) courseid parameter to enrolments/step1.php, or the (2) search or (3) siteid parameter to files/shared_list.php.
by Yasión
CVE-2009-2148 EXPLOITDB text VERIFIED
Campus Virtual-LMS - SQL Injection via News ID Parameter
SQL injection vulnerability in news/index.php in Campus Virtual-LMS allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Yasión
CVE-2009-2138 EXPLOITDB text VERIFIED
TBDev.NET 01-01-08 - Open Redirect via Returnto Parameter
Multiple open redirect vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the returnto parameter to login.php or (2) the returnto parameter in a delete action to news.php. NOTE: this can be leveraged for cross-site scripting (XSS) by redirecting to a data: URI.
by intern0t
CVE-2009-2142 EXPLOITDB text VERIFIED
Zip Store Chat 4.0-5.0 - SQL Injection
Multiple SQL injection vulnerabilities in admin/index.asp in Zip Store Chat 4.0 and 5.0 allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) senha parameters.
by ByALBAYX
EIP-2026-112854 EXPLOITDB text VERIFIED
Uebimiau Web-Mail 3.2.0-1.8 - Remote File / Overwrite
by GoLd_M
CVE-2009-2145 EXPLOITDB text VERIFIED
transLucid 1.75 - Cross-Site Scripting via NodeID and Action Parameters
Multiple cross-site scripting (XSS) vulnerabilities in transLucid 1.75 allow remote attackers to inject arbitrary web script or HTML via the (a) NodeID and (b) action parameters to the default URI, and the (c) NodeID parameter to the default URI for the admin section; and allow remote authenticated users to inject arbitrary web script or HTML via the (d) Title (aka page name) and (e) Url fields in a (1) new or (2) modified page.
by intern0t
CVE-2009-2141 EXPLOITDB text VERIFIED
TBDev.NET 01-01-08 - Cross-Site Scripting via Returnto Parameter or User Profile Fields
Multiple cross-site scripting (XSS) vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to inject arbitrary web script or HTML via (1) the returnto parameter to makepoll.php, (2) the returnto parameter in a delete action to polls.php, or the (3) Info or (4) Avatar field to my.php.
by intern0t
CVE-2009-2134 EXPLOITDB text VERIFIED
Pivot 1.40.4 and 1.40.7 - Exposure of Sensitive Information via Invalid URL Parameter
pivot/tb.php in Pivot 1.40.4 and 1.40.7 allows remote attackers to obtain sensitive information via an invalid url parameter, which reveals the installation path in an error message.
by intern0t
CVE-2009-2150 EXPLOITDB text VERIFIED
Campus Virtual-LMS - Cross-Site Request Forgery via Session Termination and Enrolment Actions
Multiple cross-site request forgery (CSRF) vulnerabilities in Campus Virtual-LMS allow (1) remote attackers to hijack the authentication of arbitrary users for requests that terminate a session via login/logout.php, and might allow remote attackers to hijack the authentication of certain users via a (2) ADD or (3) DELETE action to enrolments/step2.php.
by Yasión
CVE-2009-2132 EXPLOITDB text VERIFIED
4images < 1.7.7 - Unauthenticated Path Traversal via Global.php l Parameter
Directory traversal vulnerability in global.php in 4images before 1.7.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l parameter.
by Qabandi
CVE-2009-2033 EXPLOITDB text VERIFIED
Yogurt 0.3 - Cross-Site Scripting via msg Parameter
Cross-site scripting (XSS) vulnerability in index.php in Yogurt 0.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
by Br0ly
EIP-2026-118918 EXPLOITDB text VERIFIED
ModSecurity 2.5.9 (Core Rules 2.5-1.6.1) - Filter Bypass
by Lavakumar Kuppan
CVE-2009-2034 EXPLOITDB text VERIFIED
Yogurt 0.3 - Authenticated SQL Injection via Original Parameter
SQL injection vulnerability in writemessage.php in Yogurt 0.3, when register_globals is enabled, allows remote authenticated users to execute arbitrary SQL commands via the original parameter.
by Br0ly
CVE-2009-2101 EXPLOITDB text VERIFIED
TorrentVolve 1.4 - Path Traversal via DeleteTorrent Parameter
Directory traversal vulnerability in archive.php in TorrentVolve 1.4, when register_globals is enabled, allows remote attackers to delete arbitrary files via a .. (dot dot) in the deleteTorrent parameter.
by Br0ly