Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-113249 EXPLOITDB text VERIFIED
webcaf 1.4 - Local File Inclusion / Remote Code Execution
by dun
EIP-2026-113022 EXPLOITDB text VERIFIED
vBulletin Secure Downloads 2.0.0r - SQL Injection
by Cnaph
EIP-2026-112196 EXPLOITDB text VERIFIED
siu guarani - Multiple Vulnerabilities
by Ubik & proudhon
EIP-2026-112085 EXPLOITDB text VERIFIED
Simple Directory Listing 2 - Cross-Site Arbitrary File Upload
by Michael Brooks
CVE-2008-6503 EXPLOITDB text VERIFIED
PrestaShop 1.1.0.3 - Cross-Site Scripting via PATH_INFO to admin/login.php and order.php
Multiple cross-site scripting (XSS) vulnerabilities in PrestaShop 1.1.0.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/login.php and (2) order.php.
by th3.r00k.ieatpork
CVE-2008-6503 EXPLOITDB text VERIFIED
PrestaShop 1.1.0.3 - Cross-Site Scripting via PATH_INFO to admin/login.php and order.php
Multiple cross-site scripting (XSS) vulnerabilities in PrestaShop 1.1.0.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/login.php and (2) order.php.
by th3.r00k.ieatpork
CVE-2008-5621 EXPLOITDB text VERIFIED
phpMyAdmin 2.11.x-2.11.9.3 and 3.x-3.1.0.9 - Cross-Site Request Forgery via tbl_structure.php
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: other unspecified pages are also reachable, but they have the same root cause. NOTE: this can be leveraged to conduct SQL injection attacks and execute arbitrary code.
by Michael Brooks
CVE-2008-5569 EXPLOITDB text VERIFIED
PHPepperShop 1.4 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in PHPepperShop 1.4 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php or (2) shop/kontakt.php, or (3) shop_kunden_mgmt.php or (4) SHOP_KONFIGURATION.php in shop/Admin/.
by th3.r00k.ieatpork
CVE-2008-5569 EXPLOITDB text VERIFIED
PHPepperShop 1.4 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in PHPepperShop 1.4 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php or (2) shop/kontakt.php, or (3) shop_kunden_mgmt.php or (4) SHOP_KONFIGURATION.php in shop/Admin/.
by th3.r00k.ieatpork
CVE-2008-5569 EXPLOITDB text VERIFIED
PHPepperShop 1.4 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in PHPepperShop 1.4 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php or (2) shop/kontakt.php, or (3) shop_kunden_mgmt.php or (4) SHOP_KONFIGURATION.php in shop/Admin/.
by th3.r00k.ieatpork
CVE-2008-5569 EXPLOITDB text VERIFIED
PHPepperShop 1.4 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in PHPepperShop 1.4 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php or (2) shop/kontakt.php, or (3) shop_kunden_mgmt.php or (4) SHOP_KONFIGURATION.php in shop/Admin/.
by th3.r00k.ieatpork
EIP-2026-109437 EXPLOITDB text VERIFIED
MG2 0.5.1 - 'filename' Remote Code Execution
by Alfons Luja
CVE-2008-5590 EXPLOITDB text VERIFIED
Kalptaru Infotech Product Sale Framework 0.1 - SQL Injection
SQL injection vulnerability in customer.forumtopic.php in Kalptaru Infotech Product Sale Framework 0.1 beta allows remote attackers to execute arbitrary SQL commands via the forum_topic_id parameter.
by b3hz4d
CVE-2008-5598 EXPLOITDB text VERIFIED
PHPmyGallery 1.51 gold - Path Traversal
Directory traversal vulnerability in index.php in PHPmyGallery 1.51 gold allows remote attackers to list arbitrary directories via a .. (dot dot) in the group parameter.
by zAx
CVE-2008-5593 EXPLOITDB text VERIFIED
Mini CMS 1.0.1 - Remote File Inclusion via Page and Admin Parameters
Multiple directory traversal vulnerabilities in index.php in Mini CMS 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page and (2) admin parameters.
by cOndemned
CVE-2008-5594 EXPLOITDB text VERIFIED
Mini Blog 1.0.1 - Path Traversal via Page and Admin Parameters
Multiple directory traversal vulnerabilities in index.php in Mini Blog 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page and (2) admin parameters.
by cOndemned
CVE-2008-5606 EXPLOITDB text VERIFIED
Gazatem QMail Mailing List Manager 1.2 - Info Disclosure
Gazatem QMail Mailing List Manager 1.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for qmail.mdb.
by Ghost Hacker
CVE-2008-5572 EXPLOITDB text VERIFIED
Professional Download Assistant 0.1 - Info Disclosure
Professional Download Assistant 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for database/downloads.mdb.
by Ghost Hacker
CVE-2008-5602 EXPLOITDB text VERIFIED
natterchat 1.12 - Unauthenticated Sensitive Information Exposure via Direct Database File Request
Natterchat 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for natterchat112.mdb.
by AlpHaNiX
CVE-2008-5596 EXPLOITDB text VERIFIED
Ikon AdManager <2.1 - Info Disclosure
Ikon AdManager 2.1 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for ikonBAnner_AdManager.mdb.
by Ghost Hacker
EIP-2026-100134 EXPLOITDB text VERIFIED
aspmanage banners - Arbitrary File Upload / File Disclosure
by ZoRLu
EIP-2026-100122 EXPLOITDB text VERIFIED
asp talk - SQL Injection / Cross-Site Scripting
by Bl@ckbe@rD
CVE-2008-5304 EXPLOITDB text VERIFIED
TWiki < 4.2.4 - Cross-Site Scripting via %URLPARAM{}% Variable
Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via the %URLPARAM{}% variable.
by Marc Schoenefeld
CVE-2008-5305 EXPLOITDB text VERIFIED
TWiki < 4.2.4 - Remote Code Execution via SEARCH Variable
Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable.
by Troy Bollinge
CVE-2008-5587 EXPLOITDB text VERIFIED
phppgadmin <= 4.2.1 - Path Traversal via _language Parameter
Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php.
by dun