Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-5562 EXPLOITDB text VERIFIED
ASPPortal - Unauthenticated Sensitive Information Exposure via Direct Database File Access
ASPPortal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for xportal.mdb.
by ZoRLu
CVE-2008-5608 EXPLOITDB text VERIFIED
ASP AutoDealer - Unauthenticated Sensitive Information Exposure via Direct Database File Access
ASP AutoDealer stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for auto.mdb.
by ZoRLu
CVE-2008-6870 EXPLOITDB text VERIFIED
Merlix Educate Server - Information Disclosure via Direct Request to config.asp and users.asp
Merlix Educate Server allows remote attackers to bypass intended security restrictions and obtain sensitive information via a direct request to (1) config.asp and (2) users.asp.
by ZoRLu
CVE-2008-5599 EXPLOITDB text VERIFIED
Merlix Teamworx Server - SQL Injection
SQL injection vulnerability in default.asp in Merlix Teamworx Server allows remote attackers to execute arbitrary SQL commands via the password parameter (aka passwd field) in a login action. NOTE: some of these details are obtained from third party information.
by ZoRLu
CVE-2008-5595 EXPLOITDB text VERIFIED
ASP AutoDealer - SQL Injection via ID Parameter
SQL injection vulnerability in detail.asp in ASP AutoDealer allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by AlpHaNiX
CVE-2008-5591 EXPLOITDB text VERIFIED
Nightfall Personal Diary 1.0 - Cross-Site Scripting via login.asp Username Parameter
Cross-site scripting (XSS) vulnerability in login.asp in Nightfall Personal Diary 1.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter and possibly other "login fields." NOTE: some of these details are obtained from third party information.
by AlpHaNiX
CVE-2008-6534 EXPLOITDB text VERIFIED
NULL FTP Server Free and Pro 1.1.0.7 - Authenticated Command Injection via SITE Command
Incomplete blacklist vulnerability in NULL FTP Server Free and Pro 1.1.0.7 allows remote authenticated users to execute arbitrary commands via a custom SITE command containing shell metacharacters such as "&" (ampersand) in the middle of an argument.
by Tan Chew Keong
CVE-2008-6492 EXPLOITDB text VERIFIED
Tizag Countdown Creator 3 - Unauthenticated Arbitrary File Upload via index.php
Unrestricted file upload vulnerability in process.php in Tizag Countdown Creator 3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via index.php, then accessing the uploaded file via a direct request to the file in pics/. NOTE: some of these details are obtained from third party information.
by ahmadbady
CVE-2008-5592 EXPLOITDB text VERIFIED
Nightfall Personal Diary 1.0 - Info Disclosure
Nightfall Personal Diary 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for users-zza21.mdb.
by AlpHaNiX
CVE-2008-6362 EXPLOITDB text VERIFIED
Multiple Membership Script 2.5 - SQL Injection via id Parameter
SQL injection vulnerability in sitepage.php in Multiple Membership Script 2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by ViRuS_HaCkErS
CVE-2008-5600 EXPLOITDB text VERIFIED
Merlix Teamworx Server - Info Disclosure
Merlix Teamworx Server stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for teamworx.mdb.
by ZoRLu
CVE-2008-5589 EXPLOITDB text VERIFIED
Katy Whitton RankEm - SQL Injection
SQL injection vulnerability in processlogin.asp in Katy Whitton RankEm allows remote attackers to execute arbitrary SQL commands via the (1) txtusername parameter (aka username field) or the (2) txtpassword parameter (aka password field). NOTE: some of these details are obtained from third party information.
by AlpHaNiX
CVE-2008-5588 EXPLOITDB text VERIFIED
Katy Whitton RankEm - SQL Injection
SQL injection vulnerability in rankup.asp in Katy Whitton RankEm allows remote attackers to execute arbitrary SQL commands via the siteID parameter.
by AlpHaNiX
CVE-2008-6871 EXPLOITDB text VERIFIED
Merlix Educate Server - Unauthenticated Sensitive Information Exposure via Direct Request to db.mdb
Merlix Educate Server stores db.mdb under the web root with insufficient access control, which allows remote attackers to obtain unspecified sensitive information via a direct request.
by ZoRLu
CVE-2008-5597 EXPLOITDB text VERIFIED
Cold BBS - Unauthenticated Sensitive Information Exposure via Direct Database File Access
Cold BBS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for db/cforum.mdb.
by ahmadbady
CVE-2008-5603 EXPLOITDB text VERIFIED
ASPTicker 1.0 - Unauthenticated Sensitive Information Exposure via Direct Database File Access
ASPTicker 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for news.mdb.
by ZoRLu
CVE-2008-5605 EXPLOITDB text VERIFIED
ASP Portal - SQL Injection
Multiple SQL injection vulnerabilities in ASP Portal allow remote attackers to execute arbitrary SQL commands via the (1) ItemID parameter to classifieds.asp and the (2) ID parameter to Events.asp.
by AlpHaNiX
CVE-2008-5608 EXPLOITDB text VERIFIED
ASP AutoDealer - Unauthenticated Sensitive Information Exposure via Direct Database File Access
ASP AutoDealer stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for auto.mdb.
by AlpHaNiX
CVE-2008-5955 EXPLOITDB text VERIFIED
PHPSTREET Webboard 1.0 - SQL Injection via show.php id Parameter
SQL injection vulnerability in show.php in Wbstreet (aka PHPSTREET Webboard) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by CWH Underground
CVE-2008-5950 EXPLOITDB text VERIFIED
ASP Template Creature - Media Level < SQL Injection
SQL injection vulnerability in media/media_level.asp in ASP Template Creature allows remote attackers to execute arbitrary SQL commands via the mcatid parameter.
by ZoRLu
CVE-2008-5962 EXPLOITDB text VERIFIED
Gravity GTD <0.4.5 - Path Traversal
Directory traversal vulnerability in library/setup/rpc.php in Gravity Getting Things Done (GTD) 0.4.5 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the objectname parameter.
by dun
CVE-2008-5956 EXPLOITDB text VERIFIED
PHPSTREET Webboard 1.0 - Unauthenticated Sensitive Information Exposure via Direct Request
Wbstreet (aka PHPSTREET Webboard) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request to connect.inc.
by CWH Underground
CVE-2008-5601 EXPLOITDB text VERIFIED
User Engine Lite ASP - Info Disclosure
User Engine Lite ASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for users.mdb.
by AlpHaNiX
CVE-2008-5951 EXPLOITDB text VERIFIED
ASP Template Creature - Info Disclosure
ASP Template Creature stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for workDB/templatemonster.mdb.
by ZoRLu
CVE-2008-6385 EXPLOITDB text VERIFIED
W3matter RevSense 1.0 - Cross-Site Scripting via Section Parameter
Cross-site scripting (XSS) vulnerability in index.php in W3matter RevSense 1.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter.
by Pouya_Server