Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-5955 EXPLOITDB text VERIFIED
PHPSTREET Webboard 1.0 - SQL Injection via show.php id Parameter
SQL injection vulnerability in show.php in Wbstreet (aka PHPSTREET Webboard) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by CWH Underground
EIP-2026-109969 EXPLOITDB text VERIFIED
NPDS < 08.06 - Multiple Input Validation Vulnerabilities
by Jean-François Leclerc
CVE-2008-5604 EXPLOITDB text VERIFIED
My Simple Forum <4.1 - Path Traversal
Directory traversal vulnerability in index.php in My Simple Forum 3.0 and 4.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter.
by cOndemned
CVE-2008-5585 EXPLOITDB text VERIFIED
lcxBBportal 0.1 Alpha 2 - Remote Code Execution via phpbb_root_path Parameter
Multiple PHP remote file inclusion vulnerabilities in lcxBBportal 0.1 Alpha 2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) portal/includes/portal_block.php and (2) includes/acp/acp_lcxbbportal.php.
by NoGe
CVE-2008-5957 EXPLOITDB text VERIFIED
Joomla! com_mydyngallery 1.4.2 - SQL Injection
SQL injection vulnerability in the Mydyngallery (com_mydyngallery) component 1.4.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the directory parameter to index.php.
by Khashayar Fereidani
CVE-2008-5963 EXPLOITDB text VERIFIED
Gravity GTD <0.4.5 - Code Injection
Eval injection vulnerability in library/setup/rpc.php in Gravity Getting Things Done (GTD) 0.4.5 and earlier allows remote attackers to execute arbitrary PHP code via the objectname parameter.
by dun
CVE-2008-5949 EXPLOITDB text VERIFIED
cctiddly 1.7.4 and 1.7.6 - Remote Code Execution via cct_base Parameter
Multiple PHP remote file inclusion vulnerabilities in ccTiddly 1.7.4 and 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the cct_base parameter to (1) index.php; (2) handle/proxy.php; (3) header.php, (4) include.php, and (5) workspace.php in includes/; and (6) plugins/RSS/files/rss.php.
by cOndemned
CVE-2008-5948 EXPLOITDB text VERIFIED
BNCwi < 1.04 - Remote File Inclusion via Newlanguage Parameter
Directory traversal vulnerability in index.php in BNCwi 1.04 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newlanguage parameter.
by dun
CVE-2008-6493 EXPLOITDB text VERIFIED
Easy Content Management Publishing - Unauthenticated Database Download via Direct Request
Easy Content Management Publishing stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Database/News.mdb.
by BeyazKurt
CVE-2008-6515 EXPLOITDB text VERIFIED
yappa-ng - Cross-Site Scripting via Query String
Cross-site scripting (XSS) vulnerability in Fritz Berger yet another php photo album - next generation (yappa-ng) allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI.
by Pouya_Server
CVE-2008-6495 EXPLOITDB text VERIFIED
yappa-ng 2.3.2 - Cross-Site Scripting via Album Parameter
Cross-site scripting (XSS) vulnerability in index.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 allows remote attackers to inject arbitrary web script or HTML via the album parameter.
by Pouya_Server
CVE-2008-6389 EXPLOITDB text VERIFIED
Rae Media Contact Management Software - SQL Injection via Password Parameter
SQL injection vulnerability in asadmin/default.asp in Rae Media Contact Management Software SOHO, Standard, and Enterprise allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: some of these details are obtained from third party information.
by b3hz4d
CVE-2008-6377 EXPLOITDB text VERIFIED
Multi SEO phpBB 1.1.0 - Remote Code Execution via pfad Parameter
PHP remote file inclusion vulnerability in include/global.php in Multi SEO phpBB 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the pfad parameter.
by NoGe
CVE-2008-6494 EXPLOITDB text VERIFIED
ASP User Engine.NET - Unauthenticated Sensitive Information Exposure via Direct Database Download
ASP User Engine.NET stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for users.mdb.
by AlpHaNiX
CVE-2008-6379 EXPLOITDB text VERIFIED
Gallery MX 2.0.0 - SQL Injection via ID Parameter
SQL injection vulnerability in pics_pre.asp in Gallery MX 2.0.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by R3d-D3V!L
CVE-2008-6378 EXPLOITDB text VERIFIED
Calendar Mx Professional 2.0.0 - SQL Injection via ID Parameter
SQL injection vulnerability in calendar_Eventupdate.asp in Calendar Mx Professional 2.0.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by R3d-D3V!L
CVE-2008-5979 EXPLOITDB text VERIFIED
Ocean12 Mailing List Manager Gold - XSS
Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Mailing List Manager Gold allows remote attackers to inject arbitrary web script or HTML via the Email parameter.
by Pouya_Server
CVE-2008-5978 EXPLOITDB text VERIFIED
Ocean12 Mailing List Manager Gold - SQL Injection
Multiple SQL injection vulnerabilities in Ocean12 Mailing List Manager Gold allow remote attackers to execute arbitrary SQL commands via the Email parameter to (1) default.asp and (2) s_edit.asp.
by Pouya_Server
CVE-2008-6392 EXPLOITDB text VERIFIED
Z1Exchange - SQL Injection via showads.php id Parameter
SQL injection vulnerability in showads.php in Z1Exchange allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Pouya_Server
CVE-2008-6386 EXPLOITDB text VERIFIED
Z1Exchange 1.0 - Cross-Site Scripting via showads.php id Parameter
Cross-site scripting (XSS) vulnerability in showads.php in Z1Exchange 1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
by Pouya_Server
CVE-2008-5969 EXPLOITDB text VERIFIED
Sunbyte e-Flower - SQL Injection via popupproduct.php id Parameter
SQL injection vulnerability in popupproduct.php in Sunbyte e-Flower allows remote attackers to execute arbitrary SQL commands via the id parameter.
by w4rl0ck
CVE-2008-6388 EXPLOITDB text VERIFIED
Rapid Classified 3.1 and 3.15 - Unauthenticated Sensitive Information Exposure via Direct Database File Access
Rapid Classified 3.1 and 3.15 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to cldb.mdb.
by CoBRa_21
CVE-2008-5970 EXPLOITDB text VERIFIED
i-Net Solution Orkut Clone - SQL Injection
SQL injection vulnerability in profile_social.php in i-Net Solution Orkut Clone allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
by d3b4g
CVE-2008-5971 EXPLOITDB text VERIFIED
i-Net Solution Orkut Clone - Authenticated Cross-Site Scripting via Profile Social ID Parameter
Cross-site scripting (XSS) vulnerability in profile_social.php in i-Net Solution Orkut Clone allows remote authenticated users to inject arbitrary web script or HTML via the id parameter.
by d3b4g
CVE-2008-5980 EXPLOITDB text VERIFIED
Ocean12 Mailing List Manager Gold - Info Disclosure
Ocean12 Mailing List Manager Gold stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for o12mail.mdb.
by Pouya_Server