Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-0291 EXPLOITDB text VERIFIED
OpenX 2.6.3 - Remote File Inclusion via MAX_type Parameter
Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the MAX_type parameter.
by Charlie Briggs
CVE-2009-0291 EXPLOITDB text VERIFIED
OpenX 2.6.3 - Remote File Inclusion via MAX_type Parameter
Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the MAX_type parameter.
by Sarid Harper
CVE-2009-0373 EXPLOITDB text VERIFIED
ElearningForce Flash Magazine Deluxe - SQL Injection via mag_id Parameter
SQL injection vulnerability in the ElearningForce Flash Magazine Deluxe (com_flashmagazinedeluxe) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mag_id parameter in a magazine action to index.php.
by TurkGuvenligi
CVE-2009-0299 EXPLOITDB text VERIFIED
Groone GLinks 2.1 - SQL Injection via Cat Parameter
SQL injection vulnerability in index.php in Groone GLinks 2.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
by nuclear
EIP-2026-106134 EXPLOITDB text VERIFIED
ConPresso CMS 4.07 - Multiple Remote Vulnerabilities
by David Vieira-Kurz
CVE-2009-0297 EXPLOITDB text VERIFIED
ClickAuction - SQL Injection via txtEmail or txtPassword Parameter
SQL injection vulnerability in login_check.asp in ClickAuction allows remote attackers to execute arbitrary SQL commands via the (1) txtEmail and (2) txtPassword parameters. NOTE: some of these details are obtained from third party information.
by R3d-D3V!L
CVE-2008-2955 EXPLOITDB text VERIFIED
Pidgin 2.4.1 - Denial of Service via Long Filename in MSN Message
Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function.
by Juan Pablo Lopez Yacubian
EIP-2026-100397 EXPLOITDB text VERIFIED
Lootan - 'login.asp' SQL Injection
by Arash Setayeshi
EIP-2026-100392 EXPLOITDB text VERIFIED
LDF - 'login.asp' SQL Injection
by Arash Setayeshi
EIP-2026-100290 EXPLOITDB text VERIFIED
E-ShopSystem - Authentication Bypass / SQL Injection
by InjEctOr5
CVE-2009-0286 EXPLOITDB text VERIFIED
OpenGoo 1.1 - Path Traversal via form_data[script_class] Parameter
Directory traversal vulnerability in upgrade/index.php in OpenGoo 1.1, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the form_data[script_class] parameter.
by fuzion
CVE-2009-0284 EXPLOITDB text VERIFIED
Flax Article Manager 1.1 - SQL Injection
SQL injection vulnerability in category.php in Flax Article Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
by JIKO
EIP-2026-102954 EXPLOITDB text VERIFIED
PostgreSQL 8.2/8.3/8.4 - UDF for Command Execution
by Bernardo Damele
EIP-2026-102931 EXPLOITDB text VERIFIED
MySQL 4/5/6 - UDF for Command Execution
by Bernardo Damele
EIP-2026-100626 EXPLOITDB text VERIFIED
Web-Calendar Lite 1.0 - Authentication Bypass
by ByALBAYX
CVE-2009-0302 EXPLOITDB text VERIFIED
PHP-Nuke <8.1.0.3.5b - SQL Injection
SQL injection vulnerability in the Downloads module for PHP-Nuke 8.0 8.1.0.3.5b and earlier allows remote authenticated users to execute arbitrary SQL commands via the url parameter in the Add operation to modules.php.
by Sina Yazdanmehr
CVE-2009-0283 EXPLOITDB text VERIFIED
Oblog - Cross-Site Scripting via err.asp Message Parameter
Cross-site scripting (XSS) vulnerability in err.asp in Oblog allows remote attackers to inject arbitrary web script or HTML via the message parameter.
by arash.setayeshi
CVE-2009-0285 EXPLOITDB text VERIFIED
BBSXP < 5.13 - Cross-Site Scripting via Error Page Message Parameter
Cross-site scripting (XSS) vulnerability in error.asp in BBSXP 5.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter.
by arashps0
CVE-2009-0384 EXPLOITDB text VERIFIED
OwnRS CMS 1.2 - SQL Injection via autor.php id Parameter
SQL injection vulnerability in autor.php in OwnRS CMS 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by nuclear
CVE-2009-0280 EXPLOITDB text VERIFIED
Asp Project Management 1.0 - Auth Bypass
Asp Project Management 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the crypt cookie to 1.
by Khashayar Fereidani
CVE-2009-0377 EXPLOITDB text VERIFIED
Joomla! beamospetition <1.0.12 - SQL Injection
SQL injection vulnerability in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mpid parameter in a sign action to index.php, a different vector than CVE-2008-3132.
by vds_s
CVE-2009-0380 EXPLOITDB text VERIFIED
Sigsiu Online Business Index 2 <RC 2.8.2 - SQL Injection
SQL injection vulnerability in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) RC 2.8.2 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the bid parameter in a showbiz action to index.php, a different vector than CVE-2008-0607. NOTE: CVE disputes this issue, since neither "showbiz" nor "bid" appears in the source code for SOBI2
by Br1ght D@rk
CVE-2009-0378 EXPLOITDB text VERIFIED
Joomla! com_beamospetition 1.0.12 - XSS
Cross-site scripting (XSS) vulnerability in index.php in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the pet parameter in a sign action.
by vds_s
EIP-2026-101169 EXPLOITDB text VERIFIED
AXIS 70U - Network Document Server Privilege Escalation / Cross-Site Scripting
by DSecRG
EIP-2026-106498 EXPLOITDB text VERIFIED
Dodo's Quiz Script 1.1 - Local File Inclusion
by Stack