Text Exploits

31,392 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-2018 EXPLOITDB text VERIFIED
Jared Eckersley MyCars - SQL Injection via authuserid Parameter
SQL injection vulnerability in admin/index.php in Jared Eckersley MyCars, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authuserid parameter.
by snakespc
CVE-2009-2015 EXPLOITDB text VERIFIED
Joomla! com_moofaq 1.0 - Path Traversal
Directory traversal vulnerability in includes/file_includer.php in the Ideal MooFAQ (com_moofaq) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
by Chip d3 bi0s
CVE-2009-2014 EXPLOITDB text VERIFIED
Joomla ComSchool 1.4 - SQL Injection via classid Parameter
SQL injection vulnerability in the ComSchool (com_school) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the classid parameter in a showclass action to index.php.
by Chip d3 bi0s
EIP-2026-108488 EXPLOITDB text VERIFIED
Joomla! Component com_portafolio - 'cid' SQL Injection
by Chip d3 bi0s
CVE-2009-2013 EXPLOITDB text VERIFIED
Frontis 3.9.01.24 - SQL Injection via source_class Parameter
SQL injection vulnerability in bin/aps_browse_sources.php in Frontis 3.9.01.24 allows remote attackers to execute arbitrary SQL commands via the source_class parameter in a browse_classes action.
by snakespc
CVE-2009-2025 EXPLOITDB text VERIFIED
DM FileManager 3.9.2 - Unauthenticated Authentication Bypass via Cookie Manipulation
admin/login.php in DM FileManager 3.9.2 allows remote attackers to bypass authentication and gain administrative access by setting the (1) USER, (2) GROUPID, (3) GROUP, and (4) USERID cookies to certain values.
by ThE g0bL!N
CVE-2009-2704 EXPLOITDB text VERIFIED
CA SiteMinder - XSS
CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing a %00 (encoded null byte).
by Arshan Dabirsiaghi
EIP-2026-105316 EXPLOITDB text VERIFIED
Automated link exchange portal 1.3 - Multiple Vulnerabilities
by TiGeR-Dz
CVE-2009-2386 EXPLOITDB text VERIFIED
Awingsoft Awakening Winds3D Viewer <3.5.0.0-<3.0.0.5 - Code Injection
Insecure method vulnerability in Awingsoft Awakening Winds3D Viewer plugin 3.5.0.0, 3.0.0.5, and possibly other versions allows remote attackers to force the download and execution of arbitrary files via the GetURL method.
by Diego Juarez
CVE-2009-2705 EXPLOITDB text VERIFIED
CA SiteMinder - XSS
CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing non-canonical, "overlong Unicode" in place of blacklisted characters.
by Arshan Dabirsiaghi
CVE-2009-2640 EXPLOITDB text VERIFIED
Interlogy Profile Manager Basic - SQL Injection
Multiple SQL injection vulnerabilities in cgi/admin.cgi in Interlogy Profile Manager Basic allow remote attackers to execute arbitrary SQL commands via a pmadm cookie in (1) an edittemp action or (2) a users action.
by ZoRLu
CVE-2009-2024 EXPLOITDB text VERIFIED
Vlad Titarenko ASP VT Auth 1.0 - Unauthenticated Sensitive Information Exposure via Direct Database File Request
Vlad Titarenko ASP VT Auth 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain usernames and passwords via a direct request for zHk8dEes3.txt.
by ByALBAYX
CVE-2009-2022 EXPLOITDB text VERIFIED
fipsCMS Light 2.1 - Info Disclosure
fipsCMS Light 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file and obtain sensitive information via a direct request for _fipsdb/db.mdb.
by ByALBAYX
CVE-2009-2438 EXPLOITDB text VERIFIED
ClanSphere 2009.0 and 2009.0.2 - Cross-Site Scripting via Search Module Text Parameter
Cross-site scripting (XSS) vulnerability in index.php in the search module in ClanSphere 2009.0 and 2009.0.2 allows remote attackers to inject arbitrary web script or HTML via the text parameter in a list action. NOTE: this might overlap CVE-2008-1399.
by 599eme Man
EIP-2026-103402 EXPLOITDB text VERIFIED
America's Army 3.0.4 - Invalid Query Remote Denial of Service
by Luigi Auriemma
EIP-2026-118728 EXPLOITDB text VERIFIED
LogMeIn 4.0.784 - 'cfgadvanced.html' HTTP Header Injection
by Inferno
EIP-2026-111303 EXPLOITDB text VERIFIED
Pixelactivo 3.0 - Authentication Bypass
by ThE g0bL!N
EIP-2026-111302 EXPLOITDB text VERIFIED
Pixelactivo 3.0 - 'idx' SQL Injection
by snakespc
CVE-2009-2164 EXPLOITDB text VERIFIED
Kjtechforce Mailman Beta1 - SQL Injection
Multiple SQL injection vulnerabilities in Kjtechforce mailman beta1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the code parameter to activate.php or (2) the dest parameter to index.php.
by YEnH4ckEr
CVE-2009-2360 EXPLOITDB text VERIFIED
Horde Passwd < 3.1 - Cross-Site Scripting via Backend Parameter
Cross-site scripting (XSS) vulnerability in passwd/main.php in the Passwd module before 3.1.1 for Horde allows remote attackers to inject arbitrary web script or HTML via the backend parameter.
by anonymous
CVE-2006-5905 EXPLOITDB text VERIFIED
Web Directory Pro - Info Disclosure
Web Directory Pro allows remote attackers to (1) backup the database and obtain the backup via a direct request to admin/backup_db.php or (2) modify configuration via a direct request to admin/options.php.
by TiGeR-Dz
CVE-2009-2450 EXPLOITDB text VERIFIED
Online Armor Personal Firewall < 3.5.0.14 - Privilege Escalation via OAmon.sys IOCTL
The OAmon.sys kernel driver 3.1.0.0 and earlier in Tall Emu Online Armor Personal Firewall AV+ before 3.5.0.12, and Personal Firewall 3.5 before 3.5.0.14, allows local users to gain privileges via crafted METHOD_NEITHER IOCTL requests to \Device\OAmon containing arbitrary kernel addresses, as demonstrated using the 0x830020C3 IOCTL.
by NT Internals
EIP-2026-112482 EXPLOITDB text VERIFIED
SuperCali PHP Event Calendar - Arbitrary Change Admin Password
by TiGeR-Dz
EIP-2026-107631 EXPLOITDB text VERIFIED
Host Directory PRO 2.1.0 - Remote Database Backup
by ZoRLu
EIP-2026-103152 EXPLOITDB text VERIFIED
kloxo 5.75 - Multiple Vulnerabilities
by anonymous