Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-6609 EXPLOITDB text VERIFIED
phpcksec 0.2 - Cross-Site Scripting via Path Parameter
Cross-site scripting (XSS) vulnerability in phpcksec.php in Stefan Ott phpcksec 0.2 allows remote attackers to inject arbitrary web script or HTML via the path parameter.
by ahmadbady
CVE-2008-6768 EXPLOITDB text VERIFIED
K&S Shopsoftware - Unauthenticated Arbitrary File Upload via Admin Image Editor
Unrestricted file upload vulnerability in admin/editor/images.php in K&S Shopsoftware allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/upload/.
by mNt
CVE-2008-6050 EXPLOITDB text VERIFIED
Joomla! com_tech_article 1.0 - SQL Injection
SQL injection vulnerability in the Tech Articles (com_tech_article) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the item parameter to index.php.
by InjEctOr5
EIP-2026-103805 EXPLOITDB text VERIFIED
PHP 'python' Extension - 'safe_mode' Local Bypass
by Amir Salmani
EIP-2026-100509 EXPLOITDB text VERIFIED
QuickerSite Easy CMS - Database Disclosure
by AlpHaNiX
CVE-2006-6161 EXPLOITDB text VERIFIED
Liberum Help Desk <= 0.97.3 - SQL Injection via id or uid Parameter
Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk 0.97.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) uid parameter to (a) inout/status.asp, (b) inout/update.asp, and (c) forgotpass.asp. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
by Cold Zero
EIP-2026-114593 EXPLOITDB text VERIFIED
Zelta E Store - Arbitrary File Upload / Bypass / SQL Injection / Blind SQL Injection
by ZoRLu
CVE-2008-6057 EXPLOITDB text VERIFIED
Liberum Help Desk 0.97.3 - Info Disclosure
Doug Luxem Liberum Help Desk 0.97.3 stores db/helpdesk2000.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
by Cold Zero
CVE-2008-5766 EXPLOITDB text VERIFIED
Farsi Script Faupload - SQL Injection
SQL injection vulnerability in download.php in Farsi Script Faupload allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Aria-Security Team
CVE-2008-1094 EXPLOITDB text VERIFIED
Barracuda Spam Firewall <3.5.12.007 - SQL Injection
SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the pattern_0 parameter.
by Marian Ventuneac
CVE-2003-1571 EXPLOITDB text VERIFIED
Web Wiz Guestbook 6.0 and 8.21 - Unauthenticated Sensitive Information Exposure via Direct Database Request
Web Wiz Guestbook 6.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for database/WWGguestbook.mdb. NOTE: it was later reported that 8.21 is also affected.
by Cold Zero
CVE-2008-5773 EXPLOITDB text VERIFIED
Nukedit 4.9.8 - Unauthenticated Sensitive Information Exposure via Direct Database File Access
Nukedit 4.9.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for database/dbsite.mdb.
by Cyber.Zer0
CVE-2008-5767 EXPLOITDB text VERIFIED
gNews Publisher - SQL Injection via authorID Parameter
SQL injection vulnerability in authors.asp in gNews Publisher allows remote attackers to execute arbitrary SQL commands via the authorID parameter.
by AlpHaNiX
CVE-2008-6905 EXPLOITDB text VERIFIED
BabbleBoard 1.1.6 - Authenticated Cross-Site Request Forgery
Cross-site request forgery (CSRF) vulnerability in index.php in BabbleBoard 1.1.6 allows remote authenticated users to hijack the authentication of administrators for requests that delete (1) categories or (2) groups; (3) ban users; or (4) delete users via the admin page.
by SirGod
CVE-2008-5775 EXPLOITDB text VERIFIED
Aperto Blog 0.1.1 - SQL Injection
SQL injection vulnerability in categories.php in Aperto Blog 0.1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by NoGe
CVE-2008-5764 EXPLOITDB text VERIFIED
WorkSimple 1.2.1 - Remote Code Execution via Lang Parameter
PHP remote file inclusion vulnerability in calendar.php in WorkSimple 1.2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter.
by Osirys
CVE-2008-5892 EXPLOITDB text VERIFIED
ClickAndEmail - SQL Injection via ID Parameter or Admin Credentials
Multiple SQL injection vulnerabilities in ClickAndEmail allow remote attackers to execute arbitrary SQL commands via (1) the ID parameter to admin_dblayers.asp in an update action, (2) the adminid parameter to admin_loginCheck.asp (aka the USERNAME field in admin_main.asp), and (3) the PassWord parameter to admin_loginCheck.asp (aka the PASSWORD field in admin_main.asp). NOTE: some of these details are obtained from third party information.
by AlpHaNiX
CVE-2008-5888 EXPLOITDB text VERIFIED
Click&Rank - SQL Injection via id or userid or PassWord Parameter
Multiple SQL injection vulnerabilities in Click&Rank allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) hitcounter.asp, (2) user_delete.asp, and (3) user_update.asp; (4) the userid parameter to admin_login.asp (aka the USERNAME field in admin.asp); and (5) the PassWord parameter to admin_login.asp (aka the PASSWORD field in admin.asp). NOTE: some of these details are obtained from third party information.
by AlpHaNiX
CVE-2008-5768 EXPLOITDB text VERIFIED
XOOPS 0.22 - Print Module - SQL Injection
SQL injection vulnerability in print.php in the AM Events (aka Amevents) module 0.22 for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter.
by nétRoot
CVE-2008-5765 EXPLOITDB text VERIFIED
WorkSimple 1.2.1 - Unauthenticated Sensitive Information Exposure via Direct Request
WorkSimple 1.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for data/usr.txt.
by Osirys
CVE-2008-7003 EXPLOITDB text VERIFIED
The Rat CMS Alpha 2 - SQL Injection via login.php user_id and password Parameters
Multiple SQL injection vulnerabilities in login.php in The Rat CMS Alpha 2 allow remote attackers to execute arbitrary SQL commands via the (1) user_id and (2) password parameter.
by x0r
CVE-2008-5891 EXPLOITDB text VERIFIED
injader < 2.1.1 - Cross-Site Scripting in Profile Editing Functionality
Cross-site scripting (XSS) vulnerability in the profile editing functionality in Injader before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information.
by anonymous
CVE-2008-5779 EXPLOITDB text VERIFIED
Free Links Directory Script <1.2a - SQL Injection
SQL injection vulnerability in lpro.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the id parameter.
by nuclear
CVE-2008-5781 EXPLOITDB text VERIFIED
Cant Find A Gaming CMS (CFAGCMS) 1.0 Beta 1 - SQL Injection
SQL injection vulnerability in right.php in Cant Find A Gaming CMS (CFAGCMS) 1.0 Beta 1 allows remote attackers to execute arbitrary SQL commands via the title parameter.
by ZoRLu
CVE-2008-5777 EXPLOITDB text VERIFIED
CadeNix - SQL Injection via cid Parameter
SQL injection vulnerability in index.php in CadeNix allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by HaCkeR_EgY