Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-6281 EXPLOITDB text VERIFIED
bluo_cms 1.2 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in Bluo CMS 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by The_5p3ctrum
EIP-2026-105407 EXPLOITDB text VERIFIED
Basic-CMS - Remote Database Disclosure
by Stack
EIP-2026-105406 EXPLOITDB text VERIFIED
Basic-CMS - Blind SQL Injection
by CWH Underground
CVE-2008-5629 EXPLOITDB text VERIFIED
Turnkey Arcade Script - SQL Injection
SQL injection vulnerability in index.php in Turnkey Arcade Script allows remote attackers to execute arbitrary SQL commands via the id parameter in a play action.
by The_5p3ctrum
CVE-2008-6371 EXPLOITDB text VERIFIED
Membership Manager Pro - SQL Injection via Username Parameter
SQL injection vulnerability in login.asp in Ocean12 Membership Manager Pro allows remote attackers to execute arbitrary SQL commands via the username (Username parameter).
by Cyber-Zone
CVE-2008-6369 EXPLOITDB text VERIFIED
Ocean12 Contact Manager Pro 1.02 - SQL Injection via Sort Parameter
SQL injection vulnerability in default.asp in Ocean12 Contact Manager Pro 1.02 allows remote attackers to execute arbitrary SQL commands via the Sort parameter.
by Pouya_Server
CVE-2008-5127 EXPLOITDB text VERIFIED
Ocean12 Contact Manager Pro 1.02 - Unprotected Sensitive Information Exposure via Direct Request
Ocean12 Contact Manager Pro 1.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12con.mdb.
by Pouya_Server
CVE-2004-1552 EXPLOITDB text VERIFIED
aspWebCalendar - SQL Injection via Username Field or EventID Parameter
SQL injection vulnerability in aspWebCalendar allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the eventid parameter to calendar.asp.
by Bl@ckbe@rD
EIP-2026-113210 EXPLOITDB text VERIFIED
Web Calendar 4.1 - Authentication Bypass
by Cyber-Zone
CVE-2008-5639 EXPLOITDB text VERIFIED
TxtBlog 1.0 Alpha - Path Traversal via m Parameter
Directory traversal vulnerability in index.php in TxtBlog 1.0 Alpha allows remote attackers to read arbitrary files via a .. (dot dot) in the m parameter.
by CWH Underground
CVE-2009-3973 EXPLOITDB text VERIFIED
Turnkey Arcade Script - SQL Injection
SQL injection vulnerability in index.php in Turnkey Arcade Script allows remote attackers to execute arbitrary SQL commands via the id parameter in a browse action, a different vector than CVE-2008-5629.
by The_5p3ctrum
CVE-2008-7076 EXPLOITDB text VERIFIED
Kalptaru Infotech Stararticles - Access Control
Unrestricted file upload vulnerability in user.modify.profile.php in Kalptaru Infotech Ltd. Star Articles 6.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile photo, then accessing it via a direct request to the file in authorphoto/.
by ZoRLu
CVE-2008-6277 EXPLOITDB text VERIFIED
RakhiSoftware Shopping Cart - SQL Injection via product.php subcategory_id Parameter
SQL injection vulnerability in product.php in RakhiSoftware Price Comparison Script (aka Shopping Cart) allows remote attackers to execute arbitrary SQL commands via the subcategory_id parameter.
by XaDoS
CVE-2008-7067 EXPLOITDB text VERIFIED
PageTree CMS 0.0.2 BETA 00001 - Remote Code Execution via GLOBALS[PT_Config][dir][data] Parameter
PHP remote file inclusion vulnerability in admin/plugins/Online_Users/main.php in PageTree CMS 0.0.2 BETA 0001 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[PT_Config][dir][data] parameter.
by NoGe
EIP-2026-110011 EXPLOITDB text VERIFIED
Ocean12 Poll Manager Pro - Database Disclosure
by Pouya_Server
EIP-2026-110010 EXPLOITDB text VERIFIED
Ocean12 Membership Manager Pro - Database Disclosure
by Pouya_Server
CVE-2008-6390 EXPLOITDB text VERIFIED
Membership Manager Pro - SQL Injection via Login Password Parameter
SQL injection vulnerability in login.asp in Ocean12 Membership Manager Pro allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Cyber-Zone
CVE-2008-7063 EXPLOITDB text VERIFIED
Ocean12 FAQ Manager Pro - Unauthenticated Sensitive Data Exposure via Direct Database Request
Ocean12 FAQ Manager Pro stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for admin/o12faq.mdb.
by Stack
CVE-2008-6370 EXPLOITDB text VERIFIED
Ocean12 Contact Manager Pro 1.02 - Cross-Site Scripting via DisplayFormat Parameter
Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Contact Manager Pro 1.02 allows remote attackers to inject arbitrary web script or HTML via the DisplayFormat parameter.
by Pouya_Server
EIP-2026-110009 EXPLOITDB text VERIFIED
Ocean12 Calendar Manager Gold - Database Disclosure
by Pouya_Server
CVE-2008-6274 EXPLOITDB text VERIFIED
FamilyProject 2.0 - SQL Injection via Login or Password Parameter
Multiple SQL injection vulnerabilities in index.php in FamilyProject 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the logmbr parameter (aka login field) or (2) the mdpmbr parameter (aka pass or "Mot de passe" field). NOTE: some of these details are obtained from third party information.
by The_5p3ctrum
CVE-2008-6809 EXPLOITDB text VERIFIED
Venalsur Booking Centre Booking System for Hotels Group 2.01 - SQL Injection via HotelID Parameter
SQL injection vulnerability in hotel_habitaciones.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allows remote attackers to execute arbitrary SQL commands via the HotelID parameter.
by R3d-D3V!L
CVE-2006-3151 EXPLOITDB text VERIFIED
AssoCIateD <= 1.2.0 - Cross-Site Scripting via Menu Parameter
Cross-site scripting (XSS) vulnerability in index.php in AssoCIateD (aka ACID) 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the menu parameter.
by CWH Underground
CVE-2008-6280 EXPLOITDB text VERIFIED
Cisco WRT160N - Cross-Site Scripting via DHCP_Static Action Parameter
Cross-site scripting (XSS) vulnerability in apply.cgi on the Linksys WRT160N allows remote attackers to inject arbitrary web script or HTML via the action parameter in a DHCP_Static operation.
by David Gil
EIP-2026-100218 EXPLOITDB text VERIFIED
Comersus ASP Shopping Cart - File Disclosure / Cross-Site Scripting
by Bl@ckbe@rD