Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-105041 EXPLOITDB text VERIFIED
AJ Auction Pro OOPD 2.3 - 'id' SQL Injection
by snakespc
CVE-2009-0026 EXPLOITDB text VERIFIED
Apache Jackrabbit < 1.5.2 - Cross-Site Scripting via Search Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
by Red Hat
CVE-2009-0026 EXPLOITDB text VERIFIED
Apache Jackrabbit < 1.5.2 - Cross-Site Scripting via Search Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
by Red Hat
CVE-2009-0260 EXPLOITDB text VERIFIED
MoinMoin < 1.8.1 - Cross-Site Scripting via AttachFile Action Parameters
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable).
by SecureState
EIP-2026-114687 EXPLOITDB text VERIFIED
QNX 6.4.0 - bitflipped ELF Binary 'id' Kernel Panic (Denial of Service)
by kokanin
EIP-2026-111688 EXPLOITDB text VERIFIED
RCBlog 1.03 - Authentication Bypass
by Danny Moules
EIP-2026-110918 EXPLOITDB text VERIFIED
phpads 2.0 - Multiple Vulnerabilities
by Danny Moules
CVE-2009-0325 EXPLOITDB text VERIFIED
Ninja Blog 4.8 - Path Traversal via Cat Parameter
Directory traversal vulnerability in entries/index.php in Ninja Blog 4.8, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the cat parameter.
by Danny Moules
EIP-2026-109937 EXPLOITDB text VERIFIED
Ninja Blog 4.8 - Cross-Site Request Forgery/HTML Injection
by Danny Moules
EIP-2026-108454 EXPLOITDB text VERIFIED
Joomla! Component com_news - SQL Injection
by snakespc
EIP-2026-107336 EXPLOITDB text VERIFIED
Gallery Kys 1.0 - Admin Password Disclosure / Persistent Cross-Site Scripting
by Osirys
EIP-2026-102724 EXPLOITDB text VERIFIED
QNX RTOS 6.4 - '.ELF' Binary File Local Denial of Service
by kokanin
CVE-2009-0330 EXPLOITDB text VERIFIED
SCMS 1 - Path Traversal via Index.php P Parameter
Directory traversal vulnerability in index.php in Simple Content Management System (SCMS) 1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter.
by ahmadbady
CVE-2009-0730 EXPLOITDB text VERIFIED
GigCalendar (com_gigcal) 1.0 - SQL Injection via gigcal_venues_id or gigcal_bands_id Parameter
Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which is not properly handled by venuedetails.php, and (2) the gigcal_bands_id parameter in a details action to index.php, which is not properly handled by banddetails.php, different vectors than CVE-2009-0726.
by Lanti-Net
CVE-2009-0331 EXPLOITDB text VERIFIED
Enhanced Simple PHP Gallery <1.72 - Path Traversal
Directory traversal vulnerability in gallery/comment.php in Enhanced Simple PHP Gallery (ESPG) 1.72 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. NOTE: the vulnerability may be in my little homepage Comment script. If so, then this should not be treated as a vulnerability in ESPG.
by bd0rk
EIP-2026-105905 EXPLOITDB text VERIFIED
Click&Email - Authentication Bypass
by SuB-ZeRo
CVE-2009-0328 EXPLOITDB text VERIFIED
ROBS-PROJECTS Digital Sales IPN - Info Disclosure
ROBS-PROJECTS Digital Sales IPN (aka DS-IPN.NET or DS-IPN Paypal Shop) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request for Database/Sales.mdb.
by Moudi
CVE-2009-0248 EXPLOITDB text VERIFIED
Katy Whitton RankEm - Cross-Site Scripting via siteID Parameter
Cross-site scripting (XSS) vulnerability in rankup.asp in Katy Whitton RankEm allows remote attackers to inject arbitrary web script or HTML via the siteID parameter.
by Pouya_Server
CVE-2009-0336 EXPLOITDB text VERIFIED
Katy Whitton BlogIt! - Unauthenticated Sensitive Information Exposure via Direct Database File Access
Katy Whitton BlogIt! stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request for database/Blog.mdb. NOTE: some of these details are obtained from third party information.
by Pouya_Server
CVE-2009-0335 EXPLOITDB text VERIFIED
Katy Whitton BlogIt! - Cross-Site Scripting via Index.asp View Parameter
Cross-site scripting (XSS) vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to inject arbitrary web script or HTML via the view parameter.
by Pouya_Server
CVE-2009-0334 EXPLOITDB text VERIFIED
Katy Whitton BlogIt! - SQL Injection
SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the day parameter in an archive action.
by Pouya_Server
CVE-2009-0340 EXPLOITDB text VERIFIED
Simple PHP Newsletter <1.5 - Path Traversal
Multiple directory traversal vulnerabilities in Simple PHP Newsletter 1.5 allow remote attackers to read arbitrary files via a .. (dot dot) in the olang parameter to (1) mail.php and (2) mailbar.php.
by ahmadbady
CVE-2009-0249 EXPLOITDB text VERIFIED
Katy Whitton RankEm - Info Disclosure
Katy Whitton RankEm stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for database/topsites.mdb.
by Pouya_Server
CVE-2009-0337 EXPLOITDB text VERIFIED
Katy Whitton BlogIt! - SQL Injection
SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Pouya_Server
CVE-2009-0324 EXPLOITDB text VERIFIED
BibCiter 1.4 - SQL Injection via idp, idc, or idu Parameter
Multiple SQL injection vulnerabilities in BibCiter 1.4 allow remote attackers to execute arbitrary SQL commands via the (1) idp parameter to reports/projects.php, the (2) idc parameter to reports/contacts.php, and the (3) idu parameter to reports/users.php.
by nuclear