Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-114504 EXPLOITDB text VERIFIED
YACS CMS 8.11 - 'update_trailer.php' Remote File Inclusion
by ahmadbady
CVE-2009-0678 EXPLOITDB text VERIFIED
RavenNuke 2.30 - Exposure of Sensitive Information via Invalid aFonts Parameter
images/captcha.php in RavenNuke 2.30 allows remote attackers to obtain sensitive information via an aFonts array parameter value that does not correspond to a valid font file, which reveals the installation path in an error message.
by waraxe
EIP-2026-111452 EXPLOITDB text VERIFIED
powermovielist 0.14b - SQL Injection / Cross-Site Scripting
by brain[pillow]
EIP-2026-109963 EXPLOITDB text VERIFIED
Novaboard 1.0.0 - Multiple Vulnerabilities
by brain[pillow]
EIP-2026-107871 EXPLOITDB text VERIFIED
InselPhoto 1.1 - Cross-Site Scripting
by rAWjAW
EIP-2026-107499 EXPLOITDB text VERIFIED
Grestul 1.x - Cookie Authentication Bypass
by x0r
EIP-2026-105930 EXPLOITDB text VERIFIED
Clipbucket 1.7 - 'dwnld.php' Directory Traversal
by JIKO
CVE-2009-0390 EXPLOITDB text VERIFIED
Enomaly Elastic Computing Platform <2.1.1 - Command Injection
Argument injection vulnerability in Enomaly Elastic Computing Platform (ECP), formerly Enomalism, before 2.1.1 allows local users to send signals to arbitrary processes by populating the /tmp/enomalism2.pid file with command-line arguments for the kill program.
by Sam Johnston
CVE-2009-0746 EXPLOITDB text VERIFIED
Linux kernel <2.6.27.19-2.6.28.7 - DoS
The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate a certain rec_len field, which allows local users to cause a denial of service (OOPS) by attempting to mount a crafted ext4 filesystem.
by Sami Liedes
CVE-2009-0641 EXPLOITDB text VERIFIED
FreeBSD 7.x - Remote Code Execution
sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was valid only in older FreeBSD distributions, which might allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client, as demonstrated by an LD_PRELOAD value that references a malicious library.
by kingcope
EIP-2026-100537 EXPLOITDB text VERIFIED
SAS Hotel Management System - 'id' SQL Injection
by Darkb0x
CVE-2009-0819 EXPLOITDB text VERIFIED
MySQL < 5.1.32 and 6.0 < 6.0.10 - Authenticated Denial of Service via XPath FilterExpr in ExtractValue or UpdateXML
sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.
by Shane Bester
CVE-2009-5088 EXPLOITDB text VERIFIED
IdeaCart 0.02 - SQL Injection via cID Parameter
SQL injection vulnerability in secure/index.php in IdeaCart 0.02 allows remote attackers to execute arbitrary SQL commands via the cID parameter.
by nuclear
CVE-2009-5091 EXPLOITDB text VERIFIED
Vlinks 1.0.3 and 1.1.6 - SQL Injection via id Parameter
SQL injection vulnerability in page.php in Vlinks 1.0.3 and 1.1.6 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by JIKO
CVE-2009-5089 EXPLOITDB text VERIFIED
IdeaCart 0.02 and 0.02a - Path Traversal via Page Parameter
Directory traversal vulnerability in index.php in IdeaCart 0.02 and 0.02a allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter.
by nuclear
EIP-2026-110713 EXPLOITDB text VERIFIED
PHP Krazy Image Host Script 1.01 - 'id' SQL Injection
by x0r
EIP-2026-107215 EXPLOITDB text VERIFIED
Free Joke Script 1.0 - Authentication Bypass
by Muhacir
CVE-2009-0756 EXPLOITDB text VERIFIED
poppler < 0.10.4 - Denial of Service via JBIG2 Symbol Dictionary Parsing
The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file that triggers a parsing error, which is not properly handled by JBIG2SymbolDict::~JBIG2SymbolDict and triggers an invalid memory dereference.
by Romario
EIP-2026-100159 EXPLOITDB text VERIFIED
Baran CMS 1.0 - 'Arbitrary '.ASP' File Upload / File Disclosure / SQL Injection / Cross-Site Scripting / Cookie Manipulation
by Aria-Security Team
CVE-2009-5087 EXPLOITDB text VERIFIED
Geovision Digital Video Surveillance System 8.2 - Path Traversal via GET Request
Directory traversal vulnerability in geohttpserver in Geovision Digital Video Surveillance System 8.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET request.
by Dejan Levaja
EIP-2026-112203 EXPLOITDB text VERIFIED
SkaDate Online 7 - Arbitrary File Upload
by ZoRLu
EIP-2026-107482 EXPLOITDB text VERIFIED
Graugon Gallery 1.0 - Cross-Site Scripting / SQL Injection / Cookie Bypass
by x0r
EIP-2026-106415 EXPLOITDB text VERIFIED
Den Dating 9.01 - 'txtlookgender' SQL Injection
by nuclear
EIP-2026-106334 EXPLOITDB text VERIFIED
dacio's CMS 1.08 - Cross-Site Scripting / SQL Injection / File Disclosure
by Mehmet Ince
CVE-2009-0542 EXPLOITDB text VERIFIED
ProFTPD Server <1.3.2rc2 - SQL Injection
SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql.
by gat3way