Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-118758 EXPLOITDB text VERIFIED
ManageEngine Firewall Analyzer 5 - Cross-Site Request Forgery / Cross-Site Scripting
by Michael Brooks
EIP-2026-112420 EXPLOITDB text VERIFIED
Star Articles 6.0 - Remote Contents Change
by ByALBAYX
EIP-2026-111344 EXPLOITDB text VERIFIED
Pligg CMS 9.9.5 - Cross-Site Request Forgery / Protection Bypass / Captcha Bypass
by Michael Brooks
CVE-2009-0395 EXPLOITDB text VERIFIED
NetArt Media Car Portal 1.0 - SQL Injection
SQL injection vulnerability in the login feature in NetArt Media Car Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
by Mehmet Ince
EIP-2026-107433 EXPLOITDB text VERIFIED
GLPI 0.71.3 - Multiple SQL Injections Vulnerabilities
by Zigma
EIP-2026-106164 EXPLOITDB text VERIFIED
Coppermine Photo Gallery 1.4.19 - Remote File Upload
by Michael Brooks
EIP-2026-101500 EXPLOITDB text VERIFIED
Zoom VoIP Phone Adapater ATA1+1 1.2.5 - Cross-Site Request Forgery
by Michael Brooks
CVE-2009-0393 EXPLOITDB text VERIFIED
Motorola CPEi300 - Authenticated Cross-Site Scripting via sysconf.cgi Page Parameter
Cross-site scripting (XSS) vulnerability in sysconf.cgi in Motorola Wimax modem CPEi300 allows remote authenticated users to inject arbitrary web script or HTML via the page parameter.
by Usman Saeed
EIP-2026-101248 EXPLOITDB text VERIFIED
D-Link VoIP Phone Adapter - Cross-Site Scripting / Cross-Site Request Forgery Remote Firmware Overwrite
by Michael Brooks
CVE-2009-0399 EXPLOITDB text VERIFIED
Chipmunk Blogger Script - Privilege Escalation
Chipmunk Blogger Script allows remote attackers to gain administrator privileges via a direct request to admin/reguser.php. NOTE: this is only a vulnerability when the administrator does not properly follow installation directions.
by x0r
CVE-2009-0323 EXPLOITDB text VERIFIED
W3C Amaya < 11.0 - Remote Code Execution via Long Input Tag Type Parameter
Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0 and 11.0 allow remote attackers to execute arbitrary code via (1) a long type parameter in an input tag, which is not properly handled by the EndOfXmlAttributeValue function; (2) an "HTML GI" in a start tag, which is not properly handled by the ProcessStartGI function; and unspecified vectors in (3) html2thot.c and (4) xml2thot.c, related to the msgBuffer variable. NOTE: these are different vectors than CVE-2008-6005.
by Core Security
CVE-2009-0400 EXPLOITDB text VERIFIED
SocialEngine 3.06 - SQL Injection via Blog Category ID Parameter
SQL injection vulnerability in blog.php in SocialEngine 3.06 trial allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
by snakespc
EIP-2026-109357 EXPLOITDB text VERIFIED
Max.Blog 1.0.6 - 'submit_post.php' SQL Injection
by Salvatore Fresta
CVE-2009-0409 EXPLOITDB text VERIFIED
Max.Blog <= 1.0.6 - SQL Injection via Username Parameter
SQL injection vulnerability in offline_auth.php in Max.Blog 1.0.6 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
by Salvatore Fresta
CVE-2009-3167 EXPLOITDB text VERIFIED
Anantasoft Gazelle CMS 1.0 - Path Traversal via Template Parameter
Directory traversal vulnerability in index.php in Anantasoft Gazelle CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
by fuzion
EIP-2026-107342 EXPLOITDB text VERIFIED
gamescript 4.6 - Cross-Site Scripting / SQL Injection / Local File Inclusion
by Encrypt3d.M!nd
CVE-2009-0403 EXPLOITDB text VERIFIED
Chipmunk Blogger Script - SQL Injection
SQL injection vulnerability in admin/authenticate.php in Chipmunk Blogger Script allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
by x0r
CVE-2009-0347 EXPLOITDB text VERIFIED
Autonomy Ultraseek - Open Redirect via cs.html url Parameter
Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.
by buzzy
EIP-2026-111307 EXPLOITDB text VERIFIED
Pixie CMS 1.0 - Multiple Local File Inclusions
by DSecRG
EIP-2026-109356 EXPLOITDB text VERIFIED
Max.Blog 1.0.6 - 'show_post.php' SQL Injection
by Salvatore Fresta
EIP-2026-107144 EXPLOITDB text VERIFIED
Flax Article Manager 1.1 - Remote PHP Script Upload
by S.W.A.T.
CVE-2009-0293 EXPLOITDB text VERIFIED
Wazzum Dating Software - SQL Injection
SQL injection vulnerability in profile_view.php in Wazzum Dating Software, possibly 2.0, allows remote attackers to execute arbitrary SQL commands via the userid parameter.
by nuclear
EIP-2026-112114 EXPLOITDB text VERIFIED
Simple Machines Forum (SMF) 1.1.7 - Cross-Site Request Forgery / Cross-Site Scripting / Package Upload
by Xianur0
CVE-2009-0292 EXPLOITDB text VERIFIED
SHOP-INET 4 - SQL Injection via show_cat2.php grid Parameter
SQL injection vulnerability in show_cat2.php in SHOP-INET 4 allows remote attackers to execute arbitrary SQL commands via the grid parameter.
by FeDeReR
CVE-2009-0296 EXPLOITDB text VERIFIED
Script Toko Online 5.01 - SQL Injection
SQL injection vulnerability in shop_display_products.php in Script Toko Online 5.01 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
by k1n9k0ng