Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-105329 EXPLOITDB text VERIFIED
AvailScript Classmate Script - Arbitrary File Upload
by S.W.A.T.
CVE-2008-6900 EXPLOITDB text VERIFIED
AvailScript Article Script - Authenticated Remote Code Execution via Unrestricted File Upload in Add Pen Feature
Unrestricted file upload vulnerability in "Add Pen/Author Name" feature in addpen.php in AvailScript Article Script allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photos/.
by S.W.A.T.
EIP-2026-105323 EXPLOITDB text VERIFIED
autositephp 2.0.3 - Local File Inclusion / Cross-Site Request Forgery / Edit File
by SirGod
CVE-2008-6874 EXPLOITDB text VERIFIED
ASP SiteWare autoDealer 1 and 2 - SQL Injection via iType Parameter
Multiple SQL injection vulnerabilities in ASP SiteWare autoDealer 1 and 2 allow remote attackers to execute arbitrary SQL commands via the iType parameter in (1) Auto1/type.asp or (2) auto2/type.asp.
by AlpHaNiX
CVE-2008-5886 EXPLOITDB text VERIFIED
TAKempis Discussion Web 4.0 - Info Disclosure
TAKempis Discussion Web 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for _private/discussion.mdb. NOTE: some of these details are obtained from third party information.
by Pouya_Server
CVE-2008-5932 EXPLOITDB text VERIFIED
CodeAvalanche FreeForum - Info Disclosure
CodeAvalanche FreeForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for _private/CAForum.mdb. NOTE: some of these details are obtained from third party information.
by Ghost Hacker
CVE-2008-5772 EXPLOITDB text VERIFIED
ASPSiteWare RealtyListings <2.0 - SQL Injection
Multiple SQL injection vulnerabilities in ASPSiteWare RealtyListings 1.0 and 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) iType parameter to type.asp and the (2) iPro parameter to detail.asp.
by AlpHaNiX
CVE-2008-5774 EXPLOITDB text VERIFIED
ASPSiteWare HomeBuilder <2.0 - SQL Injection
Multiple SQL injection vulnerabilities in ASPSiteWare HomeBuilder 1.0 and 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) iType parameter to (a) type.asp and (b) type2.asp and the (2) iPro parameter to (c) detail.asp.
by AlpHaNiX
CVE-2008-5885 EXPLOITDB text VERIFIED
Net Guys ASPired2Quote - Info Disclosure
The Net Guys ASPired2Quote stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/quote.mdb. NOTE: some of these details are obtained from third party information.
by Pouya_Server
CVE-2008-5926 EXPLOITDB text VERIFIED
ASP-DEv Internal E-Mail System - SQL Injection
Multiple SQL injection vulnerabilities in login.asp in ASP-DEv Internal E-Mail System allow remote attackers to execute arbitrary SQL commands via the (1) login parameter (aka user field) or the (2) password parameter (aka pass field). NOTE: some of these details are obtained from third party information.
by Pouya_Server
CVE-2008-5923 EXPLOITDB text VERIFIED
ASP-DEv XM Events Diary - SQL Injection
SQL injection vulnerability in default.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands the cat parameter.
by Pouya_Server
CVE-2008-6882 EXPLOITDB text VERIFIED
com_livechat 1.0 - Server-Side Request Forgery via xmlhttp.php Proxy
Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to use the xmlhttp.php script as an open HTTP proxy to hide network scanning activities or scan internal networks via a GET request with a full URL in the query string.
by jdc
CVE-2008-6881 EXPLOITDB text VERIFIED
com_livechat 1.0 - SQL Injection via last Parameter
Multiple SQL injection vulnerabilities in the Live Chat (com_livechat) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the last parameter to (1) getChat.php, (2) getChatRoom.php, and (3) getSavedChatRooms.php.
by jdc
CVE-2008-5930 EXPLOITDB text VERIFIED
The Net Guys ASPired2Blog - SQL Injection
SQL injection vulnerability in admin/blog_comments.asp in The Net Guys ASPired2Blog allows remote attackers to execute arbitrary SQL commands via the BlogID parameter.
by Pouya_Server
CVE-2008-6528 EXPLOITDB text VERIFIED
TmaxSoft JEUS 5 - Unauthenticated Source Code Disclosure via NTFS Alternate Data Stream
NTFS TmaxSoft JEUS 5 before Fix 26 allows remote attackers to read the source code for scripts by appending ::$DATA to the URL, which accesses the alternate data stream.
by Simon Ryeo
CVE-2008-6352 EXPLOITDB text VERIFIED
Xpoze Pro 4.10 - SQL Injection via Menu Parameter
SQL injection vulnerability in home.html in Xpoze Pro 4.10 allows remote attackers to execute arbitrary SQL commands via the menu parameter.
by XaDoS
CVE-2008-5921 EXPLOITDB text VERIFIED
Umer Inc Songs Portal - SQL Injection
SQL injection vulnerability in albums.php in Umer Inc Songs Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.
by InjEctOr5
EIP-2026-112480 EXPLOITDB text VERIFIED
SUMON 0.7.0 - Command Execution
by dun
CVE-2008-6358 EXPLOITDB text VERIFIED
Social Groupie - SQL Injection via id Parameter
SQL injection vulnerability in group_index.php in Social Groupie allows remote attackers to execute arbitrary SQL commands via the id parameter.
by InjEctOr5
CVE-2008-6367 EXPLOITDB text VERIFIED
Social Groupie - Authenticated Arbitrary File Upload via Photos/create_album.php
Unrestricted file upload vulnerability in Photos/create_album.php in Social Groupie allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in Member_images/.
by InjEctOr5
EIP-2026-109576 EXPLOITDB text VERIFIED
Moodle 1.9.3 - Remote Code Execution
by USH
CVE-2008-6883 EXPLOITDB text VERIFIED
com_livechat 1.0 - SQL Injection via last parameter to getChatRoom.php
SQL injection vulnerability in the Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the last parameter to getChatRoom.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by jdc
CVE-2008-5929 EXPLOITDB text VERIFIED
VP-ASP Shopping Cart 6.50 - Info Disclosure
VP-ASP Shopping Cart 6.50 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database containing the password via a direct request for database/shopping650.mdb. NOTE: some of these details are obtained from third party information.
by Dxil
CVE-2008-6355 EXPLOITDB text VERIFIED
ASPired2Protect - Unauthenticated Sensitive Information Exposure via Direct Database Download
The Net Guys ASPired2Protect stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to ASPired2Protect.mdb.
by AlpHaNiX
CVE-2008-5931 EXPLOITDB text VERIFIED
Net Guys ASPired2Blog - Info Disclosure
The Net Guys ASPired2Blog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/blog.mdb. NOTE: some of these details are obtained from third party information.
by Pouya_Server