Text Exploits

31,392 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-105126 EXPLOITDB text VERIFIED
Alstrasoft Article Manager Pro - Arbitrary File Upload
by ZoRLu
CVE-2009-1950 EXPLOITDB text VERIFIED
WebEyes Guest Book 3 - SQL Injection
SQL injection vulnerability in yorum.asp in WebEyes Guest Book 3 allows remote attackers to execute arbitrary SQL commands via the mesajid parameter.
by Bl@ckbe@rD
CVE-2009-1948 EXPLOITDB text VERIFIED
Unclassified NewsBoard 1.6.4 - Path Traversal and Arbitrary File Read via GLOBALS Parameter
Multiple directory traversal vulnerabilities in forum.php in Unclassified NewsBoard (UNB) 1.6.4, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to (1) read arbitrary recently-modified files via a .. (dot dot) in the GLOBALS[filename] parameter or (2) include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[UTE][__tplCollection][a][file] parameter.
by girex
CVE-2009-1947 EXPLOITDB text VERIFIED
Unclassified NewsBoard (UNB) 1.6.4 - SQL Injection
SQL injection vulnerability in the UnbDbEncode function in unb_lib/database.lib.php in Unclassified NewsBoard (UNB) 1.6.4 allows remote attackers to execute arbitrary SQL commands via the Query parameter in a search action to forum.php, a different vector than CVE-2005-3686.
by girex
CVE-2009-1944 EXPLOITDB text VERIFIED
AIMP 2.51 build 330 - Stack-based Buffer Overflow via Long ID3 Tag
Stack-based buffer overflow in AIMP 2.51 build 330 allows remote attackers to execute arbitrary code via an MP3 file with a long ID3 tag.
by LiquidWorm
CVE-2009-1949 EXPLOITDB text VERIFIED
Unclassified NewsBoard (UNB) <1.6.4 - Info Disclosure
import_wbb1.php in Unclassified NewsBoard (UNB) 1.6.4 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.
by girex
CVE-2009-1941 EXPLOITDB text VERIFIED
PAD Site Scripts <3.6 - Info Disclosure
PAD Site Scripts 3.6 stores sensitive information under the web document root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for dbbackup.txt.
by TiGeR-Dz
CVE-2009-4208 EXPLOITDB text VERIFIED
Open-school 1.0 - SQL Injection via os_news Module id Parameter
SQL injection vulnerability in the os_news module in Open-school (OS) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action to index.php.
by OzX
CVE-2009-2598 EXPLOITDB text VERIFIED
Online Grades & Attendance <3.2.6 - SQL Injection
Multiple SQL injection vulnerabilities in Online Grades & Attendance 3.2.6 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the key parameter in a resetpass action to index.php and (2) remote authenticated users to execute arbitrary SQL commands via the ADD parameter in a mailto action to parents/parents.php.
by YEnH4ckEr
CVE-2009-3040 EXPLOITDB text VERIFIED
OCS Inventory NG 1.02 - SQL Injection via download.php Parameters or group_show.php SYSTEMID
Multiple SQL injection vulnerabilities in Open Computer and Software (OCS) Inventory NG 1.02 for Unix allow remote attackers to execute arbitrary SQL commands via the (1) N, (2) DL, (3) O and (4) V parameters to download.php and the (5) SYSTEMID parameter to group_show.php.
by Nico Leidecker
CVE-2009-2601 EXPLOITDB text VERIFIED
Joomlaequipment <2.0.4 - SQL Injection
SQL injection vulnerability in the Joomlaequipment (aka JUser or com_juser) component 2.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_profile action to index.php.
by Chip d3 bi0s
CVE-2009-2603 EXPLOITDB text VERIFIED
Escon SupportPortal Pro 3.0 - SQL Injection
Multiple SQL injection vulnerabilities in index.php in Escon SupportPortal Pro 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat and (2) tid parameters.
by OzX
EIP-2026-106837 EXPLOITDB text VERIFIED
elitecms 1.01 - SQL Injection / Cross-Site Scripting
by xeno_hive
EIP-2026-106767 EXPLOITDB text VERIFIED
ecsportal rel 6.5 - 'article_view_photo.php?id' SQL Injection
by taRentReXx
CVE-2009-1946 EXPLOITDB text VERIFIED
AdaptBB 1.0 - Remote Code Execution
PHP remote file inclusion vulnerability in latestposts.php in AdaptBB 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the forumspath parameter.
by Mehmet Ince
EIP-2026-101160 EXPLOITDB text VERIFIED
ASMAX AR 804 gu Web Management Console - Arbitrary Command Execution
by Securitum
EIP-2026-101125 EXPLOITDB text VERIFIED
Linksys WAG54G2 - Web Management Console Arbitrary Command Execution
by Securitum
CVE-2009-2602 EXPLOITDB text VERIFIED
R2 Newsletter Lite/Pro/Stats - Info Disclosure
R2 Newsletter Lite, Pro, and Stats stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for admin.mdb.
by TiGeR-Dz
EIP-2026-111139 EXPLOITDB text VERIFIED
phpMyAdmin 3.3.0 - 'db' Cross-Site Scripting
by r0t
CVE-2009-4938 EXPLOITDB text VERIFIED
com_jvideo 0.3.11c Beta and 0.3.x - SQL Injection via user_id Parameter
SQL injection vulnerability in the JVideo! (com_jvideo) component 0.3.11c Beta and 0.3.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a user action to index.php.
by Chip d3 bi0s
CVE-2009-4937 EXPLOITDB text VERIFIED
Small Pirate 2.1 - Stored Cross-Site Scripting via img BBCode Tag onmouseover Action
Cross-site scripting (XSS) vulnerability in Small Pirate (SPirate) 2.1 allows remote attackers to inject arbitrary web script or HTML via an onmouseover action in an img BBCode tag within a url BBCode tag.
by YEnH4ckEr
CVE-2009-2604 EXPLOITDB text VERIFIED
Zen Help Desk 2.1 - SQL Injection via Userid or Password Parameter
Multiple SQL injection vulnerabilities in adminlogin.asp in Zen Help Desk 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) userid (aka username) and (2) PassWord parameters to admin.asp.
by TiGeR-Dz
CVE-2009-2605 EXPLOITDB text VERIFIED
Traidnt Up 2.0 - SQL Injection via trupuser and truppassword Cookies
Multiple SQL injection vulnerabilities in adminquery.php in Traidnt Up 2.0 allow remote attackers to execute arbitrary SQL commands via (1) trupuser and (2) truppassword cookies to uploadcp/index.php.
by Qabandi
CVE-2009-4936 EXPLOITDB text VERIFIED
Small Pirate 2.1 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in Small Pirate (SPirate) 2.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to the default URI in an rss .xml action, or the id parameter to (2) pag1.php, (3) pag1-guest.php, (4) rss-comment_post.php (aka rss-coment_post.php), or (5) rss-pic-comment.php.
by YEnH4ckEr
CVE-2009-4206 EXPLOITDB text VERIFIED
Million Dollar Text Links <1.0 - SQL Injection
SQL injection vulnerability in admin.link.modify.php in Million Dollar Text Links 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Qabandi