Text Exploits

31,392 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-112397 EXPLOITDB text VERIFIED
Splog 1.2 Beta - Multiple SQL Injections
by YEnH4ckEr
CVE-2009-2081 EXPLOITDB text VERIFIED
phpWebThings <1.5.2 - Path Traversal
Directory traversal vulnerability in help.php in phpWebThings 1.5.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter.
by Br0ly
CVE-2009-2011 EXPLOITDB text VERIFIED
Worldweaver DX Studio Player <3.0.29.1 - RCE
Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0.29.1, when used as a plug-in for Firefox, does not restrict access to the shell.execute JavaScript API method, which allows remote attackers to execute arbitrary commands via a .dxstudio file that invokes this method.
by Core Security
CVE-2009-2641 EXPLOITDB text VERIFIED
School Data Navigator - Remote File Inclusion Code Execution
PHP remote file inclusion vulnerability in app_and_readme/navigator/index.php in School Data Navigator allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.
by Br0ly
EIP-2026-109607 EXPLOITDB text VERIFIED
mrcgiguy freeticket - Cookie Handling / SQL Injection
by ThE g0bL!N
CVE-2009-2642 EXPLOITDB text VERIFIED
Desi Short URL Script 1.0 - Auth Bypass
index.php in Desi Short URL Script 1.0 allows remote attackers to bypass authentication by setting the logged cookie to 1 and the uid cookie to an integer value, as demonstrated by a value of 13.
by N@bilX
EIP-2026-104133 EXPLOITDB text VERIFIED
XAMPP 1.6.x - Multiple Cross-Site Scripting Vulnerabilities
by MustLive
CVE-2009-2080 EXPLOITDB text VERIFIED
MRCGIGUY The Ticket System 2.0 - Info Disclosure
admin.php in MRCGIGUY The Ticket System 2.0 does not properly restrict access, which allows remote attackers to (1) obtain sensitive configuration information via the editconfig action or (2) change the administrator's password via the id parameter in an editop action.
by ThE g0bL!N
CVE-2009-1699 EXPLOITDB HIGH text VERIFIED
Apple Safari < 4.0 - XML External Entity Injection via XSL Stylesheet
The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack."
by Chris Evans
CVSS 7.5
CVE-2008-4378 EXPLOITDB text VERIFIED
Hot Links SQL-PHP < 3.0 - SQL Injection via Report ID Parameter
SQL injection vulnerability in report.php in Mr. CGI Guy Hot Links SQL-PHP 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by ThE g0bL!N
CVE-2009-1140 EXPLOITDB text VERIFIED
Microsoft Internet Explorer Cross-Domain Information Disclosure via Cached Content Rendering
Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not prevent HTML rendering of cached content, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Cross-Domain Information Disclosure Vulnerability."
by Jorge Luis Alvarez Medina
EIP-2026-111855 EXPLOITDB text VERIFIED
S-CMS 2.0b3 - Multiple SQL Injections
by YEnH4ckEr
EIP-2026-111854 EXPLOITDB text VERIFIED
S-CMS 2.0b3 - Multiple Local File Inclusions
by YEnH4ckEr
CVE-2009-2639 EXPLOITDB text VERIFIED
MRCGIGUY The Ticket System 2.0 - SQL Injection
SQL injection vulnerability in admin.php in MRCGIGUY The Ticket System 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewticket action.
by ThE g0bL!N
CVE-2009-2633 EXPLOITDB text VERIFIED
Joomla! com_vehiclemanager 1.0 - RCE
PHP remote file inclusion vulnerability in toolbar_ext.php in the VehicleManager (com_vehiclemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
by Mehmet Ince
CVE-2009-2635 EXPLOITDB text VERIFIED
Joomla! com_realestatemanager 1.0 Basic - RCE
PHP remote file inclusion vulnerability in toolbar_ext.php in the RealEstateManager (com_realestatemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
by Mehmet Ince
CVE-2009-2634 EXPLOITDB text VERIFIED
MediaLibrary (com_media_library) 1.5.3 Basic - Remote Code Execution via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in toolbar_ext.php in the MediaLibrary (com_media_library) component 1.5.3 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
by Mehmet Ince
CVE-2009-2637 EXPLOITDB text VERIFIED
Joomla! com_booklibrary <1.5.2.4 - RCE
PHP remote file inclusion vulnerability in toolbar_ext.php in the BookLibrary (com_booklibrary) component 1.5.2.4 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
by Mehmet Ince
CVE-2009-2638 EXPLOITDB text VERIFIED
konze com_akobook 2.3 - SQL Injection via gbid Parameter
SQL injection vulnerability in the AkoBook (com_akobook) component 2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a reply action to index.php.
by Ab1i
CVE-2009-2019 EXPLOITDB text VERIFIED
Virtue News Manager - SQL Injection
SQL injection vulnerability in news_detail.php in Virtue News Manager allows remote attackers to execute arbitrary SQL commands via the nid parameter.
by snakespc
EIP-2026-116217 EXPLOITDB text VERIFIED
SAP GUI 6.4 - ActiveX (Accept) Remote Buffer Overflow (PoC)
by DSecRG
CVE-2009-2016 EXPLOITDB text VERIFIED
Virtue Shopping Mall - SQL Injection
SQL injection vulnerability in products.php in Virtue Shopping Mall allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by OzX
CVE-2009-2020 EXPLOITDB text VERIFIED
Virtue News Manager - Cross-Site Scripting via nid Parameter
Cross-site scripting (XSS) vulnerability in news_detail.php in Virtue News Manager allows remote attackers to inject arbitrary web script or HTML via the nid parameter.
by snakespc
CVE-2009-2021 EXPLOITDB text VERIFIED
Virtue Classifieds - SQL Injection via Search Category Parameter
SQL injection vulnerability in search.php in Virtue Classifieds allows remote attackers to execute arbitrary SQL commands via the category parameter.
by OzX
CVE-2009-2017 EXPLOITDB text VERIFIED
Virtue Book Store - SQL Injection via products.php cid Parameter
SQL injection vulnerability in products.php in Virtue Book Store allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by OzX