Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-100460 EXPLOITDB text VERIFIED
Ocean12 (Multiple Products) - 'Admin_ID' SQL Injection
by Charalambous Glafkos
CVE-2008-5631 EXPLOITDB text VERIFIED
Active eWebquiz 8.0 - SQL Injection
SQL injection vulnerability in start.asp in Active eWebquiz 8.0 allows remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or the (2) password parameter. NOTE: some of these details are obtained from third party information.
by R3d-D3V!L
CVE-2008-6872 EXPLOITDB text VERIFIED
ASPThai.NET ASPThai Forums 8.5 - Unauthenticated Sensitive Information Exposure via Direct Database Download
ASPThai.NET ASPThai Forums 8.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/aspthaiForum.mdb.
by CWH Underground
CVE-2008-6889 EXPLOITDB text VERIFIED
ASPreferral 5.3 - SQL Injection via Merchantsadd.asp AccountID Parameter
SQL injection vulnerability in Merchantsadd.asp in ASPReferral 5.3 allows remote attackers to execute arbitrary SQL commands via the AccountID parameter.
by R3d-D3V!L
CVE-2008-5633 EXPLOITDB text VERIFIED
ActiveVotes 2.2 - SQL Injection via Username and Password Parameters
SQL injection vulnerability in register.asp in ActiveVotes 2.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
by R3d-D3V!L
CVE-2008-5365 EXPLOITDB text VERIFIED
ActiveWebSoftwares ActiveVotes <2.2 - SQL Injection
SQL injection vulnerability in VoteHistory.asp in ActiveWebSoftwares ActiveVotes 2.2 allows remote attackers to execute arbitrary SQL commands via the AccountID parameter.
by R3d-D3V!L
EIP-2026-100095 EXPLOITDB text VERIFIED
Active Websurvey 9.1 - Authentication Bypass
by R3d-D3V!L
CVE-2008-6873 EXPLOITDB text VERIFIED
Active Web Mail 4.0 - SQL Injection via TabOpenQuickTab1 Parameter
SQL injection vulnerability in Active Web Mail 4.0 allows remote attackers to execute arbitrary SQL commands via the TabOpenQuickTab1 parameter to (1) popaccounts.aspx, (2) addressbook.aspx, and (3) emails.aspx.
by R3d-D3V!L
CVE-2008-5974 EXPLOITDB text VERIFIED
Active Price Comparison 4.0 - SQL Injection
Multiple SQL injection vulnerabilities in login.aspx in Active Price Comparison 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) username fields.
by R3d-D3V!L
EIP-2026-100094 EXPLOITDB text VERIFIED
Active Web Helpdesk 2 - Authentication Bypass
by Cyber-Zone
CVE-2008-5627 EXPLOITDB text VERIFIED
Active Trade 2 - SQL Injection via Username or Password Parameter
SQL injection vulnerability in account.asp in Active Trade 2 allows remote attackers to execute arbitrary SQL commands via the (1) username parameter (aka Email field) or the (2) password parameter. NOTE: some of these details are obtained from third party information.
by R3d-D3V!L
CVE-2008-5959 EXPLOITDB text VERIFIED
Active Test 2.1 - SQL Injection via Useremail or Password Parameter
Multiple SQL injection vulnerabilities in start.asp in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or (2) password parameter (aka password field). NOTE: some of these details are obtained from third party information.
by R3d-D3V!L
CVE-2008-5958 EXPLOITDB text VERIFIED
Active Test 2.1 - SQL Injection via QuizID Parameter
Multiple SQL injection vulnerabilities in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the QuizID parameter to (1) questions.asp, (2) importquestions.asp, and (3) quiztakers.asp.
by R3d-D3V!L
CVE-2008-5974 EXPLOITDB text VERIFIED
Active Price Comparison 4.0 - SQL Injection
Multiple SQL injection vulnerabilities in login.aspx in Active Price Comparison 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) username fields.
by R3d-D3V!L
CVE-2008-6286 EXPLOITDB text VERIFIED
Active Newsletter 4.3 - SQL Injection via Email or Password Parameter
Multiple SQL injection vulnerabilities in SubscriberStart.asp in Active Newsletter 4.3 allow remote attackers to execute arbitrary SQL commands via (1) the email parameter (aka username or E-mail field), or (2) the password parameter (aka password field), to (a) Subscriber.asp or (b) start.asp. NOTE: some of these details are obtained from third party information.
by R3d-D3V!L
CVE-2008-5635 EXPLOITDB text VERIFIED
Active Membership 2.0 - SQL Injection
SQL injection vulnerability in account.asp in Active Membership 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
by R3d-D3V!L
CVE-2008-5634 EXPLOITDB text VERIFIED
Active Force Matrix 2.0 - SQL Injection
SQL injection vulnerability in account.asp in Active Force Matrix 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
by R3d-D3V!L
EIP-2026-116801 EXPLOITDB text VERIFIED
Apache Tomcat (Windows) - 'runtime.getRuntime().exec()' Local Privilege Escalation
by Abysssec
EIP-2026-113211 EXPLOITDB text VERIFIED
Web Calendar System 3.40 - Cross-Site Scripting / SQL Injection
by Bl@ckbe@rD
CVE-2008-7077 EXPLOITDB text VERIFIED
SailPlanner 0.3a - SQL Injection via Username and Password Fields
Multiple SQL injection vulnerabilities in SailPlanner 0.3a allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
by JIKO
CVE-2008-7083 EXPLOITDB text VERIFIED
ReVou Micro Blogging Twitter clone - SQL Injection via Username and Password Fields
Multiple SQL injection vulnerabilities in ReVou Micro Blogging Twitter clone allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
by R3d-D3V!L
CVE-2008-6279 EXPLOITDB text VERIFIED
RakhiSoftware Shopping Cart - Exposure of Sensitive Information via Invalid PHPSESSID Cookie
RakhiSoftware Price Comparison Script (aka Shopping Cart) allows remote attackers to obtain sensitive information via an invalid PHPSESSID cookie, which reveals the installation path in an error message.
by Charalambous Glafkos
CVE-2008-6278 EXPLOITDB text VERIFIED
RakhiSoftware Shopping Cart - Cross-Site Scripting via category_id and subcategory_id Parameters
Multiple cross-site scripting (XSS) vulnerabilities in product.php in RakhiSoftware Price Comparison Script (aka Shopping Cart) allow remote attackers to inject arbitrary web script or HTML via the (1) category_id and (2) subcategory_id parameters.
by Charalambous Glafkos
CVE-2008-6372 EXPLOITDB text VERIFIED
Ocean12 FAQ Manager Pro 1.0 - SQL Injection via ID Parameter in Cat Action
SQL injection vulnerability in default.asp in Ocean12 FAQ Manager Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a Cat action. NOTE: some of these details are obtained from third party information.
by Stack
CVE-2008-6810 EXPLOITDB text VERIFIED
Venalsur Booking Centre Booking System for Hotels Group 2.01 - SQL Injection via Username or Password Parameter
Multiple SQL injection vulnerabilities in admin/checklogin.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allow remote attackers to execute arbitrary SQL commands via the (1) myusername (username) and (2) password parameters. NOTE: some of these details are obtained from third party information.
by MrDoug