Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-105644 EXPLOITDB text VERIFIED
Built2Go PHP Link Portal 1.95.1 - Arbitrary File Upload
by ZoRLu
CVE-2008-5498 EXPLOITDB text VERIFIED
PHP < 5.2.8 - Exposure of Sensitive Information via imageRotate Function
Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.
by Hamid Ebadi
CVE-2009-0177 EXPLOITDB text VERIFIED
VMware Workstation/Player/ACE/Server/Fusion DoS via Long USER/PASS Command
vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130, 6.5.1 and earlier; VMware Player 2.5.1 build 126130, 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 2.0.x before 2.0.1 build 156745; and VMware Fusion before 2.0.2 build 147997 allows remote attackers to cause a denial of service (daemon crash) via a long (1) USER or (2) PASS command.
by laurent gaffié
EIP-2026-102626 EXPLOITDB text VERIFIED
KDE Konqueror 4.1 - Multiple Cross-Site Scripting / Denial of Service Vulnerabilities
by athos
CVE-2009-0597 EXPLOITDB text VERIFIED
w3b_cms < 3.3.0 - SQL Injection via Username Parameter
SQL injection vulnerability in admin/index.php in w3b>cms (aka w3blabor CMS) before 3.4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the benutzername parameter (aka Username field) in a login action.
by DNX
CVE-2008-6765 EXPLOITDB text VERIFIED
ViArt Shop 3.5 - Unauthenticated Arbitrary Shopping Cart Access via cart_name Parameter
ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to access the contents of an arbitrary shopping cart via a modified cart_name parameter.
by Xia Shing Zee
CVE-2009-0705 EXPLOITDB text VERIFIED
PowerScripts PowerNews <2.5.4 - SQL Injection
SQL injection vulnerability in news.php in PowerScripts PowerNews 2.5.4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
by Virangar Security
CVE-2009-0707 EXPLOITDB text VERIFIED
PowerClan 1.14a - SQL Injection via Login Email Parameter
SQL injection vulnerability in admin/index.php in PowerClan 1.14a allows remote attackers to execute arbitrary SQL commands via the loginemail parameter (aka login field). NOTE: some of these details are obtained from third party information.
by Virangar Security
EIP-2026-111194 EXPLOITDB text VERIFIED
phpScribe 0.9 - 'user.cfg' Remote Configuration Disclosure
by ahmadbady
EIP-2026-109401 EXPLOITDB text VERIFIED
Memberkit 1.0 - Arbitrary File Upload
by Lo$er
EIP-2026-106800 EXPLOITDB text VERIFIED
EggBlog 3.1.10 - Cross-Site Request Forgery (Change Admin Password)
by x0r
EIP-2026-106394 EXPLOITDB text VERIFIED
DDL-Speed Script - 'acp/backup' Admin Backup Bypass
by tmh
CVE-2009-0703 EXPLOITDB text VERIFIED
ASPThai.Net Webboard 6.0 - SQL Injection
SQL injection vulnerability in bview.asp in ASPThai.Net Webboard 6.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by DaiMon
EIP-2026-104816 EXPLOITDB text VERIFIED
2Capsule - SQL Injection
by Zenith
EIP-2026-103531 EXPLOITDB text VERIFIED
Konqueror 4.1 - Cross-Site Scripting / Remote Crash
by StAkeR
EIP-2026-101056 EXPLOITDB text VERIFIED
Nokia S60 SMS/MMS (Curse of Silence) - Denial of Service
by Tobias Engel
CVE-2008-6725 EXPLOITDB text VERIFIED
CMScout 2.06 - Authenticated SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in CMScout 2.06 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) index.php in a mythings page (mythings.php) and (2) the users page in admin.php.
by SirGod
EIP-2026-109550 EXPLOITDB text VERIFIED
Mole Group Vacation Estate Listing Script - Blind SQL Injection
by x0r
CVE-2008-6142 EXPLOITDB text VERIFIED
FlexPHPic <0.0.4 - FlexPHPic Pro <0.0.3 - SQL Injection
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPic 0.0.4 and FlexPHPic Pro 0.0.3, and other 0.0.x versions, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php.
by S.W.A.T.
CVE-2008-6726 EXPLOITDB text VERIFIED
CMScout 2.06 - Path Traversal via Bit Parameter
Multiple directory traversal vulnerabilities in CMScout 2.06, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the bit parameter to (1) admin.php and (2) index.php, different vectors than CVE-2008-3415.
by SirGod
CVE-2008-5824 EXPLOITDB text VERIFIED
audiofile 0.2.6 - Heap-Based Buffer Overflow via Crafted WAV File
Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile 0.2.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WAV file.
by Anton Khirnov
EIP-2026-101090 EXPLOITDB text VERIFIED
Symbian S60 - Malformed SMS/MMS Remote Denial of Service
by Tobias Engel
CVE-2008-6153 EXPLOITDB text VERIFIED
Jay Patel Pixel8 Web Photo Album 3.0 - SQL Injection via AlbumID Parameter
SQL injection vulnerability in Photo.asp in Jay Patel Pixel8 Web Photo Album 3.0 allows remote attackers to execute arbitrary SQL commands via the AlbumID parameter.
by AlpHaNiX
CVE-2008-6749 EXPLOITDB text VERIFIED
FlexPHPDirectory 0.0.1 - SQL Injection via checkuser or checkpass Parameters
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPDirectory 0.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) checkuser and (2) checkpass parameters.
by x0r
CVE-2008-6150 EXPLOITDB text VERIFIED
SepCity Classified Ads - SQL Injection via ID Parameter
SQL injection vulnerability in classdis.asp in SepCity Classified Ads allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by S.W.A.T.