Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-6891 EXPLOITDB text VERIFIED
ASP Forum Script - Cross-Site Scripting via forum_id Parameter
Multiple cross-site scripting (XSS) vulnerabilities in ASP Forum Script allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter to (a) new_message.asp and (b) messages.asp, and the (2) query string to default.asp.
by Pouya_Server
CVE-2008-6612 EXPLOITDB text VERIFIED
Minimal ABlog 0.4 - Unauthenticated Remote Code Execution via File Upload
Unrestricted file upload vulnerability in admin/uploader.php in Minimal ABlog 0.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in img/.
by NoGe
CVE-2008-6611 EXPLOITDB text VERIFIED
Minimal ABlog 0.4 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in Minimal ABlog 0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by NoGe
CVE-2008-5952 EXPLOITDB text VERIFIED
KTP Computer Customer Database - Authenticated SQL Injection via tid Parameter
SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the tid parameter in a vtech action to the default URI.
by CWH Underground
CVE-2008-5406 EXPLOITDB text VERIFIED
Apple QuickTime Player 7.5.5-8.0.2.20 - Buffer Overflow
Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a MOV file with "long arguments," related to an "off by one overflow."
by laurent gaffié
CVE-2008-6387 EXPLOITDB text VERIFIED
Quick Tree View .NET 3.1 - Unauthenticated Sensitive Information Exposure via Direct Database File Access
Quick Tree View .NET 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to qtv.mdb.
by Cyber-Zone
CVE-2008-6613 EXPLOITDB text VERIFIED
minimal-ablog 0.4 - Unauthenticated Privilege Escalation via uploader.php
uploader.php in minimal-ablog 0.4 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request.
by NoGe
CVE-2008-5954 EXPLOITDB text VERIFIED
KTP Computer Customer Database - SQL Injection via lname Parameter
SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the lname parameter in a login action to an unspecified component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by CWH Underground
EIP-2026-106225 EXPLOITDB text VERIFIED
CPCommerce 1.2.6 - URL Rewrite Input Variable Overwrite / Authentication Bypass
by girex
CVE-2008-6287 EXPLOITDB text VERIFIED
Broadcast Machine 0.1 - Remote Code Execution via baseDir Parameter
Multiple PHP remote file inclusion vulnerabilities in Broadcast Machine 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter to (1) MySQLController.php, (2) SQLController.php, (3) SetupController.php, (4) VideoController.php, and (5) ViewController.php in controllers/.
by NoGe
CVE-2008-6380 EXPLOITDB text VERIFIED
Active Web Helpdesk 2.0 - SQL Injection via CategoryID Parameter
SQL injection vulnerability in default.aspx in Active Web Helpdesk 2.0 allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter.
by Cyber-Zone
CVE-2008-5632 EXPLOITDB text VERIFIED
Active Time Billing 3.2 - SQL Injection
SQL injection vulnerability in Account.asp in Active Time Billing 3.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
by AlpHaNiX
CVE-2008-5975 EXPLOITDB text VERIFIED
Active Price Comparison 4.0 - SQL Injection
SQL injection vulnerability in links.asp in Active Price Comparison 4.0 allows remote attackers to execute arbitrary SQL commands via the linkid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by R3d-D3V!L
CVE-2008-5641 EXPLOITDB text VERIFIED
Active Photo Gallery 6.2 - SQL Injection
SQL injection vulnerability in account.asp in Active Photo Gallery 6.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
by R3d-D3V!L
CVE-2008-5972 EXPLOITDB text VERIFIED
Active Business Directory 2 - SQL Injection
SQL injection vulnerability in default.asp in Active Business Directory 2 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
by AlpHaNiX
CVE-2008-5973 EXPLOITDB text VERIFIED
Active Web Mail 4.0 - SQL Injection
SQL injection vulnerability in login.aspx in Active Web Mail 4.0 allows remote attackers to execute arbitrary SQL commands via the password parameter.
by R3d-D3V!L
EIP-2026-113053 EXPLOITDB text VERIFIED
Venalsur Booking Centre 2.01 - Multiple Cross-Site Scripting Vulnerabilities
by Pouya_Server
CVE-2008-6285 EXPLOITDB text VERIFIED
PHP TV Portal < 2.0 - SQL Injection via mid Parameter
SQL injection vulnerability in index.php in PHP TV Portal 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the mid parameter.
by Cyber-Zone
CVE-2008-6869 EXPLOITDB text VERIFIED
Oramon 2.0.1 - Unauthenticated Sensitive Information Exposure via Direct Request
Oramon Oracle Database Monitoring Tool 2.0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for config/oramon.ini.
by ahmadbady
CVE-2008-5642 EXPLOITDB text VERIFIED
CMS Made Simple 1.4.1 - Path Traversal
Directory traversal vulnerability in admin/login.php in CMS Made Simple 1.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a cms_language cookie.
by M4ck-h@cK
EIP-2026-105405 EXPLOITDB text VERIFIED
Basic-CMS - 'q' Cross-Site Scripting
by Pouya_Server
CVE-2008-5640 EXPLOITDB text VERIFIED
Active Bids 3.5 - SQL Injection via ItemID Parameter
SQL injection vulnerability in bidhistory.asp in Active Bids 3.5 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.
by Stack
EIP-2026-100473 EXPLOITDB text VERIFIED
ParsBlogger - 'blog.asp' Cross-Site Scripting
by Pouya_Server
CVE-2008-5978 EXPLOITDB text VERIFIED
Ocean12 Mailing List Manager Gold - SQL Injection
Multiple SQL injection vulnerabilities in Ocean12 Mailing List Manager Gold allow remote attackers to execute arbitrary SQL commands via the Email parameter to (1) default.asp and (2) s_edit.asp.
by Charalambous Glafkos
EIP-2026-100462 EXPLOITDB text VERIFIED
Ocean12 FAQ Manager Pro - 'Keyword' Cross-Site Scripting
by Charalambous Glafkos