Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-119110 EXPLOITDB text VERIFIED
SAP GUI VSFlexGrid.VSFlexGridL sp 14 - Remote Buffer Overflow
by Elazar Broad
CVE-2008-7075 EXPLOITDB text VERIFIED
Kalptaru Infotech Stararticles - SQL Injection
Multiple SQL injection vulnerabilities in Kalptaru Infotech Ltd. Star Articles 6.0 allow remote attackers to inject arbitrary SQL commands via (1) the subcatid parameter to article.list.php; or the artid parameter to (2) article.print.php, (3) article.comments.php, (4) article.publisher.php, or (5) article.download.php; and (6) the PATH_INFO to article.download.php. NOTE: some of these details are obtained from third party information.
by b3hz4d
CVE-2008-5630 EXPLOITDB text VERIFIED
Post Affiliate Pro <3,3.1.4 - SQL Injection
SQL injection vulnerability in merchants/index.php in Post Affiliate Pro 3 and 3.1.4 allows remote attackers to execute arbitrary SQL commands via the umprof_status parameter.
by XaDoS
CVE-2008-5637 EXPLOITDB text VERIFIED
ParsBlogger - SQL Injection via blog.asp wr Parameter
SQL injection vulnerability in blog.asp in ParsBlogger (Pb) allows remote attackers to execute arbitrary SQL commands via the wr parameter.
by h4ck3r
CVE-2008-6282 EXPLOITDB text VERIFIED
CMS Ortus < 1.13 - Authenticated SQL Injection via City Parameter
SQL injection vulnerability in engine/users/users_edit_pub.inc in CMS Ortus 1.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the city parameter in a users_edit_pub action to index.php.
by otmorozok428
CVE-2008-7071 EXPLOITDB text VERIFIED
Chipmunk Topsites - SQL Injection via Username Parameter
SQL injection vulnerability in authenticate.php in Chipmunk Topsites allows remote attackers to execute arbitrary SQL commands via the username parameter, related to login.php. NOTE: some of these details are obtained from third party information.
by ZoRLu
CVE-2008-5289 EXPLOITDB text VERIFIED
Clean CMS 1.5 - SQL Injection via full_txt.php id Parameter
SQL injection vulnerability in full_txt.php in Werner Hilversum Clean CMS 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by ZoRLu
CVE-2008-5293 EXPLOITDB text VERIFIED
WebStudio eHotel - SQL Injection via PageID Parameter
SQL injection vulnerability in index.php in WebStudio eHotel allows remote attackers to execute arbitrary SQL commands via the pageid parameter.
by Hussin X
CVE-2008-5294 EXPLOITDB text VERIFIED
WebStudio eCatalogue - SQL Injection
SQL injection vulnerability in index.php in WebStudio eCatalogue allows remote attackers to execute arbitrary SQL commands via the pageid parameter.
by Hussin X
CVE-2008-5292 EXPLOITDB text VERIFIED
VideoGirls BiZ - SQL Injection via view_snaps.php type Parameter
SQL injection vulnerability in view_snaps.php in VideoGirls BiZ allows remote attackers to execute arbitrary SQL commands via the type parameter.
by Cyber-Zone
EIP-2026-112149 EXPLOITDB text VERIFIED
SimpleBlog 3.0 - Database Disclosure
by EL_MuHaMMeD
CVE-2008-7073 EXPLOITDB text VERIFIED
RSS module 0.1 - Remote Code Execution via lib Parameter
PHP remote file inclusion vulnerability in lib/action/rss.php in RSS module 0.1 for Pie Web M{a,e}sher, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lib parameter.
by ZoRLu
CVE-2008-7062 EXPLOITDB text VERIFIED
LoveCMS 1.6.2 Final - Unauthenticated Arbitrary File Upload via Download Manager
Unrestricted file upload vulnerability in admin/index.php in Download Manager module 1.0 for LoveCMS 1.6.2 Final allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/.
by cOndemned
CVE-2008-5295 EXPLOITDB text VERIFIED
Jamit Job Board 3.4.10 - SQL Injection
SQL injection vulnerability in index.php in Jamit Job Board 3.4.10 allows remote attackers to execute arbitrary SQL commands via the show_emp parameter.
by XaDoS
CVE-2008-5291 EXPLOITDB text VERIFIED
fuzzylime_cms 3.03 - Remote File Inclusion via Track.php p Parameter
Directory traversal vulnerability in code/track.php in FuzzyLime 3.03 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter, a different vector than CVE-2007-4805 and CVE-2008-3165.
by Alfons Luja
CVE-2008-5288 EXPLOITDB text VERIFIED
Werner Hilversum FAQ Manager 1.2 - RCE
PHP remote file inclusion vulnerability in include/header.php in Werner Hilversum FAQ Manager 1.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the config_path parameter.
by ZoRLu
CVE-2008-5287 EXPLOITDB text VERIFIED
Werner Hilversum FAQ Manager 1.2 - SQL Injection
SQL injection vulnerability in catagorie.php in Werner Hilversum FAQ Manager 1.2 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
by cOndemned
CVE-2008-5290 EXPLOITDB text VERIFIED
Clean CMS 1.5 - Cross-Site Scripting via full_txt.php id Parameter
Cross-site scripting (XSS) vulnerability in full_txt.php in Werner Hilversum Clean CMS 1.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
by ZoRLu
CVE-2008-7072 EXPLOITDB text VERIFIED
Chipmunk Topsites - Cross-Site Scripting via Start Parameter
Cross-site scripting (XSS) vulnerability in index.php in Chipmunk Topsites allows remote attackers to inject arbitrary web script or HTML via the start parameter.
by ZoRLu
CVE-2008-5337 EXPLOITDB text VERIFIED
Bandwebsite 1.5 - SQL Injection
SQL injection vulnerability in lyrics.php in Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by ZoRLu
CVE-2008-5333 EXPLOITDB text VERIFIED
NitroTech 0.0.3a - SQL Injection via members.php id Parameter
SQL injection vulnerability in members.php in NitroTech 0.0.3a allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Osirys
CVE-2008-5336 EXPLOITDB text VERIFIED
WebStudio CMS - SQL Injection via pageid Parameter
SQL injection vulnerability in index.php in WebStudio CMS allows remote attackers to execute arbitrary SQL commands via the pageid parameter.
by Glafkos Charalambous
CVE-2008-5332 EXPLOITDB text VERIFIED
Pie 0.5.3 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in Pie 0.5.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lib parameter to files in lib/action/ including (a) alias.php, (b) cancel.php, (c) context.php, (d) deadlinks.php, (e) delete.php, and others; and the (2) GLOBALS[pie][library_path] parameter to files in lib/share/ including (f) diff.php, (g) file.php, (h) locale.php, (i) mapfile.php, (j) page.php, and others.
by NoGe
CVE-2008-5334 EXPLOITDB text VERIFIED
NitroTech 0.0.3a - Remote Code Execution via Root Parameter
PHP remote file inclusion vulnerability in includes/common.php in NitroTech 0.0.3a allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
by Osirys
CVE-2008-5309 EXPLOITDB text VERIFIED
NetArt Media Real Estate Portal 1.2 - SQL Injection
SQL injection vulnerability in NetArt Media Real Estate Portal 1.2 allows remote attackers to execute arbitrary SQL commands via the ad_id parameter in the re_send_email module to index.php.
by Hussin X