Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-6391 EXPLOITDB text VERIFIED
nexusjnr jbook - SQL Injection via User Parameter
SQL injection vulnerability in main.asp in Jbook allows remote attackers to execute arbitrary SQL commands via the username (user parameter).
by Pouya_Server
CVE-2008-6374 EXPLOITDB text VERIFIED
MailingListPro Free Edition - Information Disclosure via Direct Request
CodefixerSoftware MailingListPro Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to db/MailingList.mdb.
by AlpHaNiX
CVE-2008-7078 EXPLOITDB text VERIFIED
Rumpus < 6.0 - Buffer Overflow via Long HTTP Verb and Authenticated Buffer Overflow via Long FTP Command Arguments
Multiple buffer overflows in Rumpus before 6.0.1 allow remote attackers to (1) cause a denial of service (segmentation fault) via a long HTTP verb in the HTTP component; and allow remote authenticated users to execute arbitrary code via a long argument to the (2) MKD, (3) XMKD, (4) RMD, and other unspecified commands in the FTP component.
by BLUE MOON
CVE-2008-6284 EXPLOITDB text VERIFIED
Z1Exchange 1.0 - SQL Injection via Edit.php Site Parameter
SQL injection vulnerability in edit.php in Z1Exchange 1.0 allows remote attackers to execute arbitrary SQL commands via the site parameter.
by JIKO
CVE-2008-6325 EXPLOITDB text VERIFIED
Softbiz Classifieds Script - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php, (4) msg parameter to lostpassword.php, (5) radio parameter to showcategory.php, (6) msg parameter to admin/adminhome.php, and (7) msg parameter to admin/index.php. NOTE: a different signinform.php file is already covered by CVE-2008-6306.
by Pouya_Server
CVE-2008-6325 EXPLOITDB text VERIFIED
Softbiz Classifieds Script - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php, (4) msg parameter to lostpassword.php, (5) radio parameter to showcategory.php, (6) msg parameter to admin/adminhome.php, and (7) msg parameter to admin/index.php. NOTE: a different signinform.php file is already covered by CVE-2008-6306.
by Pouya_Server
CVE-2008-6325 EXPLOITDB text VERIFIED
Softbiz Classifieds Script - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php, (4) msg parameter to lostpassword.php, (5) radio parameter to showcategory.php, (6) msg parameter to admin/adminhome.php, and (7) msg parameter to admin/index.php. NOTE: a different signinform.php file is already covered by CVE-2008-6306.
by Pouya_Server
CVE-2008-6325 EXPLOITDB text VERIFIED
Softbiz Classifieds Script - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php, (4) msg parameter to lostpassword.php, (5) radio parameter to showcategory.php, (6) msg parameter to admin/adminhome.php, and (7) msg parameter to admin/index.php. NOTE: a different signinform.php file is already covered by CVE-2008-6306.
by Pouya_Server
CVE-2008-6325 EXPLOITDB text VERIFIED
Softbiz Classifieds Script - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php, (4) msg parameter to lostpassword.php, (5) radio parameter to showcategory.php, (6) msg parameter to admin/adminhome.php, and (7) msg parameter to admin/index.php. NOTE: a different signinform.php file is already covered by CVE-2008-6306.
by Pouya_Server
CVE-2008-6325 EXPLOITDB text VERIFIED
Softbiz Classifieds Script - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php, (4) msg parameter to lostpassword.php, (5) radio parameter to showcategory.php, (6) msg parameter to admin/adminhome.php, and (7) msg parameter to admin/index.php. NOTE: a different signinform.php file is already covered by CVE-2008-6306.
by Pouya_Server
CVE-2008-5976 EXPLOITDB text VERIFIED
PHP JOBWEBSITE PRO - Stored Cross-Site Scripting via Adname Parameter or UserName Field
Multiple cross-site scripting (XSS) vulnerabilities in siteadmin/forgot.php in PHP JOBWEBSITE PRO allow remote attackers to inject arbitrary web script or HTML via (1) the adname parameter in a Submit action or (2) the UserName field.
by Pouya_Server
CVE-2008-5977 EXPLOITDB text VERIFIED
PHP JOBWEBSITE PRO - SQL Injection via adname Parameter
SQL injection vulnerability in siteadmin/forgot.php in PHP JOBWEBSITE PRO allows remote attackers to execute arbitrary SQL commands via the adname parameter in a Submit action.
by Pouya_Server
CVE-2008-5981 EXPLOITDB text VERIFIED
PacPoll 4.0 - Unauthenticated Sensitive Information Exposure via Direct Database Request
PacPoll 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) poll.mdb or (2) poll97.mdb.
by AlpHaNiX
CVE-2008-3058 EXPLOITDB text VERIFIED
Octeth Oempro 3.5.5.1 - SQL Injection via FormValue_Email or FormValue_SearchKeywords Parameter
Multiple SQL injection vulnerabilities in Octeth Oempro 3.5.5.1, and possibly other versions before 4, allow remote attackers to execute arbitrary SQL commands via the FormValue_Email parameter (aka Email field) to index.php in (1) member/, (2) client/, or (3) admin/; or (4) the FormValue_SearchKeywords parameter to client/campaign_track.php.
by security curmudgeon
CVE-2008-3590 EXPLOITDB text VERIFIED
E. Z. Poll 2 - SQL Injection via Username and Password Parameters
Multiple SQL injection vulnerabilities in admin/login.asp in E. Z. Poll 2 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by t0fx
CVE-2008-6891 EXPLOITDB text VERIFIED
ASP Forum Script - Cross-Site Scripting via forum_id Parameter
Multiple cross-site scripting (XSS) vulnerabilities in ASP Forum Script allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter to (a) new_message.asp and (b) messages.asp, and the (2) query string to default.asp.
by Pouya_Server
CVE-2008-6513 EXPLOITDB text VERIFIED
Aphpkb - Code Injection
Unrestricted file upload vulnerability in saa.php in Andy's PHP Knowledgebase (aphpkb) 0.92.9 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a link that is listed by authors.php.
by CWH Underground
CVE-2008-5330 EXPLOITDB text VERIFIED
IBM Rational ClearCase <7.0.0.4-7.0.1.3 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the web interface in ClearCase RWP server in IBM Rational ClearCase 7.0.0 before 7.0.0.4, and 7.0.1.1-RATL-RCC-IFIX02 and possibly other 7.0.1 versions before 7.0.1.3, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO of a URI associated with a VOB page.
by IBM
CVE-2008-6888 EXPLOITDB text VERIFIED
Pre Classified Listings 1.0 - Cross-Site Scripting via Signup Address Parameter
Cross-site scripting (XSS) vulnerability in signup.asp in Pre Classified Listings 1.0 allows remote attackers to inject arbitrary web script or HTML via the address parameter.
by Pouya_Server
CVE-2008-6887 EXPLOITDB text VERIFIED
Pre Classified Listings 1.0 - SQL Injection via detailad.asp siteid Parameter
SQL injection vulnerability in detailad.asp in Pre Classified Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the siteid parameter.
by Pouya_Server
CVE-2008-6847 EXPLOITDB text VERIFIED
Pre ASP Job Board - Cross-Site Scripting via Employee Login msg Parameter
Cross-site scripting (XSS) vulnerability in Employee/emp_login.asp in Pre ASP Job Board allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
by Pouya_Server
CVE-2008-6500 EXPLOITDB text VERIFIED
CodeToad ASP Shopping Cart Script - Cross-Site Scripting via Query String
Cross-site scripting (XSS) vulnerability in CodeToad ASP Shopping Cart Script allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI.
by Pouya_Server
CVE-2008-6382 EXPLOITDB text VERIFIED
Aspportal - Access Control
ASP Portal 3.2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to ASPPortal.mdb.
by CWH Underground
CVE-2008-6890 EXPLOITDB text VERIFIED
ASP Forum Script - SQL Injection via messages.asp message_id Parameter
SQL injection vulnerability in messages.asp in ASP Forum Script allows remote attackers to execute arbitrary SQL commands via the message_id parameter.
by Pouya_Server
CVE-2008-6891 EXPLOITDB text VERIFIED
ASP Forum Script - Cross-Site Scripting via forum_id Parameter
Multiple cross-site scripting (XSS) vulnerabilities in ASP Forum Script allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter to (a) new_message.asp and (b) messages.asp, and the (2) query string to default.asp.
by Pouya_Server