Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-113246 EXPLOITDB text VERIFIED
Webbler CMS 3.1.3 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
by Adrian Pastor
CVE-2007-4022 EXPLOITDB text VERIFIED
cPanel 10.9.1 - Cross-Site Scripting via resname Parameter
Cross-site scripting (XSS) vulnerability in frontend/x/htaccess/changepro.html in cPanel 10.9.1 allows remote attackers to inject arbitrary web script or HTML via the resname parameter.
by Aria-Security Team
CVE-2007-4009 EXPLOITDB text VERIFIED
Parallels Confixx 2.0.12-3.3.1 - Remote Code Execution via thisdir Parameter
PHP remote file inclusion vulnerability in admin/business_inc/saveserver.php in SWSoft Confixx Pro 2.0.12 through 3.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the thisdir parameter.
by H4 / XPK
CVE-2007-4007 EXPLOITDB text VERIFIED
Article Directory - Remote File Inclusion via Page Parameter
PHP remote file inclusion vulnerability in index.php in Article Directory (Article Site Directory) allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
by mozi
EIP-2026-110588 EXPLOITDB text VERIFIED
PHMe 0.0.2 - 'Function_List.php' Local File Inclusion
by You_You
EIP-2026-105138 EXPLOITDB text VERIFIED
Alstrasoft Video Share Enterprise 4.x - Multiple Input Validation Vulnerabilities
by Lostmon
CVE-2007-4079 EXPLOITDB text VERIFIED
AlstraSoft SMS Text Messaging Enterprise - XSS
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft SMS Text Messaging Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) q parameter to (a) admin/membersearch.php, or (3) the userid parameter to (b) admin/edituser.php.
by Lostmon
CVE-2007-4079 EXPLOITDB text VERIFIED
AlstraSoft SMS Text Messaging Enterprise - XSS
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft SMS Text Messaging Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) q parameter to (a) admin/membersearch.php, or (3) the userid parameter to (b) admin/edituser.php.
by Lostmon
CVE-2007-4081 EXPLOITDB text VERIFIED
AlstraSoft Affiliate Network Pro - XSS
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to inject arbitrary web script or HTML via vectors in (a) merchants/index.php, including the (1) id or (2) msg parameter in a programedit action; the (3) pgmid parameter in an uploadProducts action; the (4) d, (5) m, or (6) y parameter in a daily action; the (7) err parameter in a ProgramReport action; the (8) i, (9) txtto, (10) txtfrom, or (11) programs parameter in a LinkReport action; or the (12) msg parameter in an add_money action; and one vector in (b) merchants/temp.php using (13) the rowid parameter. NOTE: vector 7 might overlap CVE-2005-3795.1.
by Lostmon
CVE-2007-4084 EXPLOITDB text VERIFIED
AlstraSoft Affiliate Network Pro - SQL Injection
Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to execute arbitrary SQL commands via (1) the pgmid parameter in an uploadProducts action to merchants/index.php and possibly (2) the rowid parameter to merchants/temp.php.
by Lostmon
CVE-2007-4081 EXPLOITDB text VERIFIED
AlstraSoft Affiliate Network Pro - XSS
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to inject arbitrary web script or HTML via vectors in (a) merchants/index.php, including the (1) id or (2) msg parameter in a programedit action; the (3) pgmid parameter in an uploadProducts action; the (4) d, (5) m, or (6) y parameter in a daily action; the (7) err parameter in a ProgramReport action; the (8) i, (9) txtto, (10) txtfrom, or (11) programs parameter in a LinkReport action; or the (12) msg parameter in an add_money action; and one vector in (b) merchants/temp.php using (13) the rowid parameter. NOTE: vector 7 might overlap CVE-2005-3795.1.
by Lostmon
CVE-2007-3987 EXPLOITDB text VERIFIED
ImageRacer 1.0 - SQL Injection via SearchWord Parameter
SQL injection vulnerability in SearchResults.asp in ImageRacer 1.0, when WordSearchCrit is enabled, allows remote attackers to execute arbitrary SQL commands via the SearchWord parameter.
by Aria-Security Team
CVE-2007-4076 EXPLOITDB text VERIFIED
Alisveris Sitesi Scripti - SQL Injection
Multiple SQL injection vulnerabilities in index.asp in Alisveris Sitesi Scripti allow remote attackers to execute arbitrary SQL commands via the (1) product_id or (2) cat_id parameter in a product mod action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by GeFORC3
CVE-2007-4075 EXPLOITDB text VERIFIED
Alisveris Sitesi Scripti - Cross-Site Scripting via Search q Parameter
Cross-site scripting (XSS) vulnerability in index.asp in Alisveris Sitesi Scripti allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search mod action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by GeFORC3
CVE-2007-3977 EXPLOITDB text VERIFIED
bwired - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in bwired allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by g00ns
CVE-2007-3976 EXPLOITDB text VERIFIED
bwired - SQL Injection via NewsID Parameter
SQL injection vulnerability in index.php in bwired allows remote attackers to execute arbitrary SQL commands via the newsID parameter.
by g00ns
EIP-2026-108170 EXPLOITDB text VERIFIED
Joomla! 1.5 Beta 2 - 'Search' Remote Code Execution
by Johannes Greil
CVE-2007-3978 EXPLOITDB text VERIFIED
bwired - Session Fixation via PHPSESSID Parameter
Session fixation vulnerability in bwired allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
by g00ns
CVE-2007-3981 EXPLOITDB text VERIFIED
WSN Links Basic Edition - SQL Injection via catid Parameter
SQL injection vulnerability in index.php in WSN Links Basic Edition allows remote attackers to execute arbitrary SQL commands via the catid parameter in a displaycat action.
by t0pP8uZz
CVE-2007-3980 EXPLOITDB text VERIFIED
RCMS Pro RGameScript Pro - Remote File Inclusion via Page.php ID Parameter
PHP remote file inclusion vulnerability in page.php in RCMS Pro RGameScript Pro allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.
by Warpboy
CVE-2007-4463 EXPLOITDB text VERIFIED
Fileinfo Plugin 2.0.9 - Denial of Service via Invalid RVA Address Function Pointer
The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to cause a denial of service (unhandled exception) via an invalid RVA address function pointer in (1) an IMAGE_THUNK_DATA structure, involving the (a) OriginalFirstThunk and (b) FirstThunk IMAGE_IMPORT_DESCRIPTOR fields, or (2) the AddressOfNames IMAGE_EXPORT_DIRECTORY field in a PE file.
by Gynvael Coldwind
CVE-2007-3963 EXPLOITDB text VERIFIED
UseBB 1.0.7 - Cross-Site Scripting via PATH_INFO in Install Upgrade Scripts
Multiple cross-site scripting (XSS) vulnerabilities in UseBB 1.0.7, and possibly other 1.0.x versions, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) upgrade-0-2-3.php, (2) upgrade-0-3.php, or (3) upgrade-0-4.php in install/, a different vulnerability than CVE-2005-4193.
by s4mi
CVE-2007-3963 EXPLOITDB text VERIFIED
UseBB 1.0.7 - Cross-Site Scripting via PATH_INFO in Install Upgrade Scripts
Multiple cross-site scripting (XSS) vulnerabilities in UseBB 1.0.7, and possibly other 1.0.x versions, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) upgrade-0-2-3.php, (2) upgrade-0-3.php, or (3) upgrade-0-4.php in install/, a different vulnerability than CVE-2005-4193.
by s4mi
CVE-2007-3979 EXPLOITDB text VERIFIED
BlogSite Professional < 1.2 - SQL Injection via news_id Parameter
SQL injection vulnerability in index.php in BlogSite Professional (aka Blog System) 1.x allows remote attackers to execute arbitrary SQL commands via the news_id parameter.
by t0pP8uZz
CVE-2008-4302 EXPLOITDB MEDIUM text VERIFIED
Linux Kernel < 2.6.22.2 - Denial of Service via Splice Subsystem Page Unlock
fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a denial of service (kernel BUG and system crash), as demonstrated by the fio I/O tool.
by Jens Axboe
CVSS 5.5