Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-5862 EXPLOITDB text VERIFIED
webcamXP <5.3.2.410 - Path Traversal
Directory traversal vulnerability in webcamXP 5.3.2.375 and 5.3.2.410 build 2132 allows remote attackers to read arbitrary files via a ..%2F (encoded dot dot slash) in the URI.
by nicx0
EIP-2026-110537 EXPLOITDB text VERIFIED
PECL Alternative PHP Cache Local 3 - HTML Injection
by Moritz Naumann
CVE-2008-6335 EXPLOITDB text VERIFIED
eMetrix Online Keyword Research Tool - Path Traversal via Download Filename Parameter
Directory traversal vulnerability in download.php in eMetrix Online Keyword Research Tool allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
by Cold Zero
CVE-2008-5855 EXPLOITDB text VERIFIED
myPHPscripts Login Session 2.0 - Info Disclosure
myPHPscripts Login Session 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover usernames, e-mail addresses, and password hashes via a direct request for users.txt.
by Osirys
CVE-2008-5861 EXPLOITDB text VERIFIED
FreeLyrics 1.0 - Path Traversal via p Parameter
Directory traversal vulnerability in source.php in FreeLyrics 1.0 allows remote attackers to read arbitrary files via directory traversal sequences in the p parameter. NOTE: some of these details are obtained from third party information.
by Piker
CVE-2008-6334 EXPLOITDB text VERIFIED
emetrix Extract Website - Path Traversal via Download Filename Parameter
Directory traversal vulnerability in download.php in eMetrix Extract Website allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
by Cold Zero
CVE-2008-5860 EXPLOITDB text VERIFIED
Constructr CMS <3.02.5 - Path Traversal
Directory traversal vulnerability in backend/template.php in Constructr CMS 3.02.5 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to create or read arbitrary files via directory traversal sequences in the edit_file parameter.
by fuzion
CVE-2008-6901 EXPLOITDB text VERIFIED
2532gigs 1.2.2 - Remote File Inclusion via Language Parameter
Multiple directory traversal vulnerabilities in 2532designs 2532|Gigs 1.2.2 Stable, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) settings.php, (2) deleteuser.php, (3) mini_calendar.php, (4) manage_venues.php, and (5) manage_gigs.php, a different vector than CVE-2007-4585.
by Osirys
CVE-2008-5878 EXPLOITDB text VERIFIED
Phpclanwebsite < Fix Pack 5 - Path Traversal
Multiple directory traversal vulnerabilities in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to include and execute arbitrary files via a .. (dot dot) in the (1) boxname parameter to theme/superchrome/box.php and the (2) theme parameter to phpclanwebsite/footer.php.
by s4avrd0w
CVE-2008-5877 EXPLOITDB text VERIFIED
Phpclanwebsite <1.23.3.5 - SQL Injection
Multiple SQL injection vulnerabilities in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php, (2) form_id parameter to pcw/processforms.php, (3) pcwlogin and (4) pcw_pass parameters to pcw/setlogin.php, (5) searchvalue parameter to pcw/downloads.php, and the (6) searchvalue and (7) whichfield parameter to pcw/downloads.php, a different vector than CVE-2006-0444.
by s4avrd0w
CVE-2008-5724 EXPLOITDB text VERIFIED
ESET Smart Security <3.0.672 - Privilege Escalation
The Personal Firewall driver (aka epfw.sys) 3.0.672.0 and earlier in ESET Smart Security 3.0.672 and earlier allows local users to gain privileges via a crafted IRP in a certain METHOD_NEITHER IOCTL request to \Device\Epfw that overwrites portions of memory.
by NT Internals
CVE-2008-5879 EXPLOITDB text VERIFIED
phpclanwebsite < 1.23.3 - Cross-Site Scripting via Page Parameter
Cross-site scripting (XSS) vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, allows remote attackers to inject arbitrary web script or HTML via the page parameter and other unspecified vectors.
by s4avrd0w
CVE-2008-6018 EXPLOITDB text VERIFIED
MyPHPSite - Path Traversal via Mod Parameter
Directory traversal vulnerability in index.php in MyPHPSite, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the mod parameter.
by Piker
CVE-2008-6785 EXPLOITDB text VERIFIED
Mini File Host 1.5 - Unauthenticated Arbitrary File Upload and Remote Code Execution via Executable File Extension
Unrestricted file upload vulnerability in Mini File Host 1.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as demonstrated by creating a name.php file.
by Pouya_Server
CVE-2008-5890 EXPLOITDB text VERIFIED
injader < 2.1.2 - SQL Injection via id Parameter
SQL injection vulnerability in feeds.php in Injader before 2.1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by fuzion
CVE-2008-6017 EXPLOITDB text VERIFIED
i-rater_basic - SQL Injection via idp Parameter
SQL injection vulnerability in messages.php in I-Rater Basic allows remote attackers to execute arbitrary SQL commands via the idp parameter.
by boom3rang
CVE-2008-5880 EXPLOITDB text VERIFIED
Gobbl CMS 1.0 - Unauthenticated Authentication Bypass via auth Cookie
admin/auth.php in Gobbl CMS 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "ok".
by x0r
CVE-2008-6880 EXPLOITDB text VERIFIED
EasySiteNetwork Free Jokes Website - SQL Injection via Joke ID Parameter
SQL injection vulnerability in joke.php in EasySiteNetwork Free Jokes Website allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Ehsan_Hp200
CVE-2008-6019 EXPLOITDB text VERIFIED
EACOMM DO-CMS 3.0 - SQL Injection via p Parameter
SQL injection vulnerability in index.php in EACOMM DO-CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by crash over
CVE-2008-5738 EXPLOITDB text VERIFIED
Nodstrum MySQL Calendar <1.3 - Auth Bypass
Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the nodstrumCalendarV2 cookie to 1. NOTE: some of these details are obtained from third party information.
by Osirys
CVE-2008-6907 EXPLOITDB text VERIFIED
2532gigs 1.2.2 - SQL Injection via Username and Password Parameters
Multiple SQL injection vulnerabilities in checkuser.php in 2532designs 2532|Gigs 1.2.2 Stable, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, as accessible from a form generated by index.php.
by StAkeR
CVE-2008-6902 EXPLOITDB text VERIFIED
2532gigs 1.2.2 - Remote Code Execution via Unrestricted File Upload
Unrestricted file upload vulnerability in upload_flyer.php in 2532designs 2532|Gigs 1.2.2 Stable allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in flyers/.
by Osirys
CVE-2005-0853 EXPLOITDB text VERIFIED
betaparticle blog <3.0 - Info Disclosure
betaparticle blog (bp blog) stores the database under the web root, which allows remote attackers to obtain sensitive information via a direct request to (1) dbBlogMX.mdb for versions before 3.0, or (2) Blog.mdb for versions 3.0 and later. NOTE: it was later reported that vector 2 also affects versions 6.0 through 9.0.
by Dxil
CVE-2008-6743 EXPLOITDB text VERIFIED
RSMScript 1.21 - Unauthenticated Authentication Bypass via Cookie Manipulation
RSMScript 1.21 allows remote attackers to bypass authentication and gain administrative privileges by setting the verified cookie to an arbitrary value and performing a direct request to (1) delete.php, (2) edit-submit.php, (3) edit.php, (4) submit.php, and (5) update.php, which bypasses the security check that is performed by verify.php.
by Osirys
EIP-2026-111658 EXPLOITDB text VERIFIED
r.cms 2.0 - Multiple SQL Injections
by Lidloses_Auge