Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-105048 EXPLOITDB text VERIFIED
Aj Classifieds Real Estate 3.0 - Arbitrary File Upload
by ZoRLu
EIP-2026-105047 EXPLOITDB text VERIFIED
Aj Classifieds Personals 3.0 - Arbitrary File Upload
by ZoRLu
EIP-2026-105046 EXPLOITDB text VERIFIED
Aj Classifieds For Sale 3.0 - Arbitrary File Upload
by ZoRLu
EIP-2026-100842 EXPLOITDB text VERIFIED
LemonLDAP:NG 0.9.3.1 - User Enumeration / Cross-Site Scripting
by clément Oudot
CVE-2009-0281 EXPLOITDB text VERIFIED
WarHound Walking Club - SQL Injection
SQL injection vulnerability in login.aspx in WarHound Walking Club allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
by ByALBAYX
EIP-2026-100486 EXPLOITDB text VERIFIED
Ping IP - Authentication Bypass
by ByALBAYX
CVE-2009-0252 EXPLOITDB text VERIFIED
Enthrallweb eReservations - SQL Injection
Multiple SQL injection vulnerabilities in default.asp in Enthrallweb eReservations allow remote attackers to execute arbitrary SQL commands via the (1) Login parameter (aka username field) or the (2) Password parameter (aka password field). NOTE: some of these details are obtained from third party information.
by ByALBAYX
EIP-2026-100301 EXPLOITDB text VERIFIED
eFAQ - Authentication Bypass
by ByALBAYX
CVE-2009-0339 EXPLOITDB text VERIFIED
DMXReady Blog Manager - SQL Injection
SQL injection vulnerability in inc_webblogmanager.asp in DMXReady Blog Manager allows remote attackers to execute arbitrary SQL commands via the itemID parameter in a view action.
by Pouya_Server
CVE-2009-0338 EXPLOITDB text VERIFIED
DMXReady Blog Manager - Cross-Site Scripting via CategoryID Parameter
Cross-site scripting (XSS) vulnerability in inc_webblogmanager.asp in DMXReady Blog Manager allows remote attackers to inject arbitrary web script or HTML via the CategoryID parameter in a refer action.
by Pouya_Server
EIP-2026-100114 EXPLOITDB text VERIFIED
ASP ActionCalendar 1.3 - Authentication Bypass
by SuB-ZeRo
EIP-2026-113171 EXPLOITDB text VERIFIED
w3bcms - '/admin/index.php' SQL Injection
by Pouya_Server
EIP-2026-109505 EXPLOITDB text VERIFIED
MKPortal 1.2.1 - Multiple Vulnerabilities
by waraxe
EIP-2026-109504 EXPLOITDB text VERIFIED
MKPortal 1.2.1 - '/modules/rss/handler_image.php?i' Cross-Site Scripting
by waraxe
EIP-2026-109503 EXPLOITDB text VERIFIED
MKPortal 1.2.1 - '/modules/blog/index.php' Home Template Textarea SQL Injection
by waraxe
EIP-2026-109333 EXPLOITDB text VERIFIED
Masir Camp 3.0 - 'SearchKeywords' SQL Injection
by Pouya_Server
CVE-2009-0420 EXPLOITDB text VERIFIED
RD-Autos 1.5.5 Stable - SQL Injection via id Parameter
SQL injection vulnerability in the RD-Autos (com_rdautos) 1.5.5 Stable component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by H!tm@N
CVE-2009-0290 EXPLOITDB text VERIFIED
SIR GNUBoard 4.31.03 - Path Traversal
Directory traversal vulnerability in common.php in SIR GNUBoard 4.31.03 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the g4_path parameter. NOTE: in some environments, this can be leveraged for remote code execution via a data: URI or a UNC share pathname.
by flyh4t
CVE-2009-0327 EXPLOITDB text VERIFIED
Free Bible Search PHP Script 1.0 - SQL Injection
SQL injection vulnerability in readbible.php in Free Bible Search PHP Script 1.0 allows remote attackers to execute arbitrary SQL commands via the version parameter.
by nuclear
CVE-2009-0241 EXPLOITDB text VERIFIED
Ganglia 3.1.1 - Stack-based Buffer Overflow via Long Pathname in process_path
Stack-based buffer overflow in the process_path function in gmetad/server.c in Ganglia 3.1.1 allows remote attackers to cause a denial of service (crash) via a request to the gmetad service with a long pathname.
by Spike Spiegel
CVE-2009-0431 EXPLOITDB text VERIFIED
LinksPro Standard Edition - SQL Injection
SQL injection vulnerability in Default.asp in LinksPro Standard Edition allows remote attackers to execute arbitrary SQL commands via the OrderDirection parameter.
by Pouya_Server
EIP-2026-100253 EXPLOITDB text VERIFIED
DMXReady Billboard Manager 1.1 - Arbitrary File Upload
by ajann
CVE-2009-0429 EXPLOITDB text VERIFIED
Active Bids - SQL Injection via search.asp search Parameter
Multiple SQL injection vulnerabilities in Active Bids allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to search.asp, (2) SortDir parameter to auctionsended.asp, and the (3) catid parameter to wishlist.php.
by Pouya_Server
CVE-2009-0430 EXPLOITDB text VERIFIED
Active Bids - Cross-Site Scripting via Search Parameter or URL Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Active Bids allow remote attackers to inject arbitrary web script or HTML via the (1) search parameter to search.asp and the (2) URL parameter to tellafriend.asp.
by Pouya_Server
CVE-2009-5102 EXPLOITDB text VERIFIED
ATCOM Netvolution 1.0 ASP - SQL Injection via bpe_nid Parameter
SQL injection vulnerability in default.asp in ATCOM Netvolution 1.0 ASP allows remote attackers to execute arbitrary SQL commands via the bpe_nid parameter.
by Ellinas