Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-6906 EXPLOITDB text VERIFIED
BabbleBoard 1.1.6 - Cross-Site Scripting via Username Parameter
Cross-site scripting (XSS) vulnerability in index.php in BabbleBoard 1.1.6 allows remote attackers to inject arbitrary web script or HTML via the username.
by SirGod
CVE-2008-5776 EXPLOITDB text VERIFIED
Aperto Blog 0.1.1 - Path Traversal
Multiple directory traversal vulnerabilities in Aperto Blog 0.1.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) action parameter to admin.php and the (2) get parameter to index.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
by NoGe
EIP-2026-103400 EXPLOITDB text VERIFIED
Amaya Web Browser 10.0.1/10.1-pre5 - HTML Tag Buffer Overflow (PoC)
by webDEViL
CVE-2008-5780 EXPLOITDB text VERIFIED
Forest Blog 1.3.2 - Info Disclosure
Forest Blog 1.3.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing passwords via a direct request for blog.mdb.
by Cold Zero
CVE-2008-5896 EXPLOITDB text VERIFIED
CodeAvalanche RateMySite - Info Disclosure
CodeAvalanche RateMySite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CARateMySite.mdb. NOTE: some of these details are obtained from third party information.
by Pouya_Server
CVE-2008-5897 EXPLOITDB text VERIFIED
CodeAvalanche FreeWallpaper - Info Disclosure
CodeAvalanche FreeWallpaper stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFreeWallpaper.mdb. NOTE: some of these details are obtained from third party information.
by Pouya_Server
CVE-2008-5899 EXPLOITDB text VERIFIED
CodeAvalanche FreeForAll - Info Disclosure
CodeAvalanche FreeForAll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFFAPage.mdb. NOTE: some of these details are obtained from third party information.
by Pouya_Server
CVE-2008-5898 EXPLOITDB text VERIFIED
CodeAvalanche Directory - Info Disclosure
CodeAvalanche Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CADirectory.mdb. NOTE: some of these details are obtained from third party information.
by Pouya_Server
CVE-2008-5900 EXPLOITDB text VERIFIED
CodeAvalanche Articles - Info Disclosure
CodeAvalanche Articles stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAArticles.mdb. NOTE: some of these details are obtained from third party information.
by Pouya_Server
CVE-2008-5893 EXPLOITDB text VERIFIED
ClickAndEmail - Cross-Site Scripting via tablename Parameter in admin_dblayers.asp
Cross-site scripting (XSS) vulnerability in admin_dblayers.asp in ClickAndEmail allows remote attackers to inject arbitrary web script or HTML via the tablename parameter in an update action.
by AlpHaNiX
CVE-2008-5889 EXPLOITDB text VERIFIED
Click&Rank - Cross-Site Scripting via user.asp action parameter
Cross-site scripting (XSS) vulnerability in user.asp in Click&Rank allows remote attackers to inject arbitrary web script or HTML via the action parameter.
by AlpHaNiX
EIP-2026-100203 EXPLOITDB text VERIFIED
Click&BaneX - Multiple SQL Injections
by AlpHaNiX
CVE-2008-5770 EXPLOITDB text VERIFIED
phpweather 2.2.2 - Cross-Site Scripting via PATH_INFO
Cross-site scripting (XSS) vulnerability in config/make_config.php in PHP Weather 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
by ahmadbady
CVE-2008-5762 EXPLOITDB text VERIFIED
Simple Text-File Login Script 1.0.6 - Info Disclosure
Simple Text-File Login Script (SiTeFiLo) 1.0.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for slog_users.txt.
by Osirys
CVE-2008-5933 EXPLOITDB text VERIFIED
CMS ISWEB 3.0 - Cross-Site Scripting via strcerca or id_oggetto Parameter
Multiple cross-site scripting (XSS) vulnerabilities in index.php in CMS ISWEB 3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the strcerca parameter (aka the input field for the cerca action) or (2) the id_oggetto parameter. NOTE: some of these details are obtained from third party information.
by XaDoS
EIP-2026-112638 EXPLOITDB text VERIFIED
The Rat CMS Alpha 2 - 'download.php' Priviledge Escalation
by x0r
CVE-2008-5763 EXPLOITDB text VERIFIED
Simple Text-File Login Script <1.0.6 - RCE
PHP remote file inclusion vulnerability in slogin_lib.inc.php in Simple Text-File Login Script (SiTeFiLo) 1.0.6 allows remote attackers to execute arbitrary PHP code via a URL in the slogin_path parameter.
by Osirys
CVE-2008-5771 EXPLOITDB text VERIFIED
PHP Weather 2.2.2 - Path Traversal
Directory traversal vulnerability in test.php in PHP Weather 2.2.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.
by ahmadbady
CVE-2008-5894 EXPLOITDB text VERIFIED
Mediatheka 4.2 - Path Traversal via Lang Parameter
Directory traversal vulnerability in index.php in Mediatheka 4.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
by Osirys
CVE-2008-5901 EXPLOITDB text VERIFIED
iyzi Forum 1.0 beta 3 - Info Disclosure
iyzi Forum 1.0 beta 3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for db/iyziforum.mdb. NOTE: some of these details are obtained from third party information.
by Ghost Hacker
CVE-2008-5934 EXPLOITDB text VERIFIED
CMS ISWEB 3.0 - SQL Injection via id_sezione Parameter
SQL injection vulnerability in index.php in CMS ISWEB 3.0 allows remote attackers to execute arbitrary SQL commands via the id_sezione parameter.
by XaDoS
CVE-2008-5927 EXPLOITDB text VERIFIED
FlexPHPNews 0.0.6 - SQL Injection via User Check Parameters
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPNews 0.0.6 allow remote attackers to execute arbitrary SQL commands via the (1) checkuser parameter (aka username field) or (2) checkpass parameter (aka password field) to admin/index.php. NOTE: some of these details are obtained from third party information.
by Osirys
CVE-2008-5928 EXPLOITDB text VERIFIED
Free Links Directory Script 1.2a - SQL Injection
SQL injection vulnerability in redir.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the id parameter.
by nuclear
CVE-2008-5761 EXPLOITDB text VERIFIED
FlatnuX CMS 2008-12-11 - Cross-Site Scripting via mod foto or name Parameter
Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter to the default URI; (2) the foto parameter to photo.php in the 05_Foto module; or (3) the name parameter in an insertrecord action to index.php in the 08_Files module, as demonstrated by injection within a SRC attribute of an IFRAME element.
by gmda
CVE-2008-5922 EXPLOITDB text VERIFIED
CFAGCMS 1 - Remote Code Execution via Main or Right Parameter Injection
Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Cant Find A Gaming CMS (CFAGCMS) 1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) main and (2) right parameters.
by BeyazKurt