Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-105490 EXPLOITDB text VERIFIED
Bitrix Site Manager 6/7 - Multiple Input Validation Vulnerabilities
by aGGreSSor
CVE-2009-0527 EXPLOITDB text VERIFIED
AdaptCMS Lite 1.4 - Remote Code Execution via RSS Importer Sitepath Parameter
PHP remote file inclusion vulnerability in plugins/rss_importer_functions.php in AdaptCMS Lite 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter.
by RoMaNcYxHaCkEr
CVE-2009-0531 EXPLOITDB text VERIFIED
A Better Member-Based ASP Photo Gallery <1.2 - SQL Injection
SQL injection vulnerability in gallery/view.asp in A Better Member-Based ASP Photo Gallery before 1.2 allows remote attackers to execute arbitrary SQL commands via the entry parameter.
by BackDoor
CVE-2009-0611 EXPLOITDB text VERIFIED
Novell Open Enterprise Server 1.x - XSS
Multiple cross-site scripting (XSS) vulnerabilities in qfsearch/AdminServlet in QuickFinder Server in Novell Open Enterprise Server 1.x allow remote attackers to inject arbitrary web script or HTML via (1) the siteloc parameter in a displayaddsite action, the site parameter in a (2) generalproperties or (3) clusterserviceproperties action, (4) the adminurl parameter in a global action, or (5) the print-list parameter.
by Ivan Sanchez
EIP-2026-104053 EXPLOITDB text VERIFIED
PyBlosxom 1.6.3 Atom Flavor - Multiple XML Injection Vulnerabilities
by Nam Nguyen
CVE-2009-0545 EXPLOITDB text VERIFIED
ZeroShell <1.0beta11 - Command Injection
cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action.
by ikki
EIP-2026-101145 EXPLOITDB text VERIFIED
3Com OfficeConnect Wireless Cable/DSL Router - Authentication Bypass
by ikki
EIP-2026-101054 EXPLOITDB text VERIFIED
Nokia N95-8 - '.jpg' Remote Crash (PoC)
by Juan Yacubian
CVE-2009-0680 EXPLOITDB text VERIFIED
Netgear SSL312 - Denial of Service via Crafted Query String
cgi-bin/welcome/VPN_only in the web interface in Netgear SSL312 allows remote attackers to cause a denial of service (device crash) via a crafted query string, as demonstrated using directory traversal sequences.
by Rembrandt
CVE-2009-0570 EXPLOITDB text VERIFIED
Ninja Designs Mailist 3.0 - Path Traversal
Directory traversal vulnerability in send.php in Ninja Designs Mailist 3.0, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the load parameter. NOTE: some of these details are obtained from third party information.
by SirGod
EIP-2026-114620 EXPLOITDB text VERIFIED
Zeroboard4 pl8 (07.12.17) - Multiple Vulnerabilities
by make0day
CVE-2009-0602 EXPLOITDB text VERIFIED
WikkiTikkiTavi 1.11 - Unauthenticated Arbitrary File Upload and Remote Code Execution via upload.php
Unrestricted file upload vulnerability in upload.php in WikkiTikkiTavi 1.11 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in img/.
by ByALBAYX
EIP-2026-112046 EXPLOITDB text VERIFIED
SilverNews 2.04 - Authentication Bypass / Local File Inclusion / Remote Code Execution
by x0r
CVE-2009-0639 EXPLOITDB text VERIFIED
phpyabs 0.1.2 - Remote Code Execution via Azione Parameter
PHP remote file inclusion vulnerability in moduli/libri/index.php in phpyabs 0.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the Azione parameter.
by Arka69
CVE-2009-0571 EXPLOITDB text VERIFIED
Ninja Designs Mailist <3.0 - Info Disclosure
admin.php in Ninja Designs Mailist 3.0 stores backup copies of maillist.php under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the backup directory.
by SirGod
EIP-2026-107779 EXPLOITDB text VERIFIED
Ilch CMS 1.1 - 'HTTP_X_FORWARDED_FOR' SQL Injection
by Gizmore
CVE-2009-0574 EXPLOITDB text VERIFIED
Easy CafeEngine - SQL Injection via catid Parameter
SQL injection vulnerability in index.php in Easy CafeEngine allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2008-4604.
by SuNHouSe2
CVE-2009-0765 EXPLOITDB text VERIFIED
Kipper 2.01 - Path Traversal via Configfile Parameter
Directory traversal vulnerability in index.php in Kipper 2.01 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the configfile parameter.
by RoMaNcYxHaCkEr
CVE-2009-0763 EXPLOITDB text VERIFIED
Kipper 2.01 - Cross-Site Scripting via Charm Parameter
Cross-site scripting (XSS) vulnerability in default.php in Kipper 2.01 allows remote attackers to inject arbitrary web script or HTML via the charm parameter.
by RoMaNcYxHaCkEr
CVE-2009-0767 EXPLOITDB text VERIFIED
bookelves kipper 2.01 - Unauthenticated Credential Exposure via Direct Request
Kipper 2.01 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing credentials via a direct request for job/config.data.
by RoMaNcYxHaCkEr
CVE-2009-0455 EXPLOITDB text VERIFIED
glFusion < 1.1.1 - Cross-Site Scripting via Anonymous Comments Username Parameter
Cross-site scripting (XSS) vulnerability in the anonymous comments feature in lib-comment.php in glFusion 1.1.0, 1.1.1, and earlier versions allows remote attackers to inject arbitrary web script or HTML via the username parameter to comment.php.
by Bjarne Mathiesen Schacht
EIP-2026-105900 EXPLOITDB text VERIFIED
ClearBudget 0.6.1 - Insecure Database Disclosure
by Room-Hacker
EIP-2026-105899 EXPLOITDB text VERIFIED
ClearBudget 0.6.1 - Insecure Cookie Handling / Local File Inclusion
by SirGod
EIP-2026-101175 EXPLOITDB text VERIFIED
Barracuda Load Balancer - 'realm' Cross-Site Scripting
by Jan Skovgren
CVE-2009-0760 EXPLOITDB text VERIFIED
Team Board 1.x and 2.x - Unauthenticated Sensitive Information Exposure via Direct Database Access
Team Board 1.x and 2.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for data/team.mdb.
by Pouya_Server