Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-6118 EXPLOITDB text VERIFIED
Goople CMS 1.7 - Unauthenticated Authentication Bypass via Loggedin Cookie
win/content/upload.php in Goople CMS 1.7 allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1.
by x0r
EIP-2026-107296 EXPLOITDB text VERIFIED
ftpzik - Cross-Site Scripting / Local File Inclusion
by JIKO
EIP-2026-106116 EXPLOITDB text VERIFIED
COms - 'dynamic.php' Cross-Site Scripting
by Pouya_Server
CVE-2008-5338 EXPLOITDB text VERIFIED
Bandwebsite 1.5 - XSS
Cross-site scripting (XSS) vulnerability in info.php in Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to inject arbitrary web script or HTML via the section parameter.
by ZoRLu
CVE-2008-7065 EXPLOITDB text VERIFIED
Siemens Gigaset C450 IP and C475 IP - Denial of Service via Crafted SIP Packet
Siemens C450 IP and C475 IP VoIP devices allow remote attackers to cause a denial of service (disconnected calls and device reboot) via a crafted SIP packet to UDP port 5060.
by sky & Any
CVE-2008-6118 EXPLOITDB text VERIFIED
Goople CMS 1.7 - Unauthenticated Authentication Bypass via Loggedin Cookie
win/content/upload.php in Goople CMS 1.7 allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1.
by BeyazKurt
CVE-2008-5938 EXPLOITDB text VERIFIED
MODx CMS <0.9.6.2 - Remote Code Execution
PHP remote file inclusion vulnerability in assets/snippets/reflect/snippet.reflect.php in MODx CMS 0.9.6.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the reflect_base parameter.
by RoMaNcYxHaCkEr
CVE-2008-6115 EXPLOITDB text VERIFIED
Prozilla Hosting Index - SQL Injection
SQL injection vulnerability in directory.php in Prozilla Hosting Index allows remote attackers to execute arbitrary SQL commands via the id parameter in a deadlink action, a different vector than CVE-2008-2083.
by snakespc
CVE-2008-5307 EXPLOITDB text VERIFIED
PG Roommate Finder Solution - SQL Injection
SQL injection vulnerability in admin/index.php in PG Roommate Finder Solution allows remote attackers to execute arbitrary SQL commands via the login_lg parameter. NOTE: some of these details are obtained from third party information.
by ZoRLu
CVE-2008-5307 EXPLOITDB text VERIFIED
PG Roommate Finder Solution - SQL Injection
SQL injection vulnerability in admin/index.php in PG Roommate Finder Solution allows remote attackers to execute arbitrary SQL commands via the login_lg parameter. NOTE: some of these details are obtained from third party information.
by ZoRLu
CVE-2008-7080 EXPLOITDB text VERIFIED
PHP Classifieds Script - Unauthenticated Sensitive Information Exposure via Direct Request
Team PHP PHP Classifieds Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for admin/backup/datadump.sql.
by InjEctOr5
CVE-2008-5306 EXPLOITDB text VERIFIED
PG Real Estate Solution - SQL Injection
SQL injection vulnerability in admin/index.php in PG Real Estate Solution allows remote attackers to execute arbitrary SQL commands via the login_lg parameter (username). NOTE: some of these details are obtained from third party information.
by ZoRLu
CVE-2008-6117 EXPLOITDB text VERIFIED
PG Job Site Pro - SQL Injection via poll_view_id Parameter
SQL injection vulnerability in homepage.php in PG Job Site Pro allows remote attackers to execute arbitrary SQL commands via the poll_view_id parameter in a results action.
by ZoRLu
CVE-2008-5310 EXPLOITDB text VERIFIED
NetArt Media Car Portal 2.0 - SQL Injection
SQL injection vulnerability in image.php in NetArt Media Car Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by snakespc
CVE-2008-5311 EXPLOITDB text VERIFIED
NetArt Media Blog System 1.5 - SQL Injection
SQL injection vulnerability in image.php in NetArt Media Blog System 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by snakespc
CVE-2008-5939 EXPLOITDB text VERIFIED
MODx CMS <0.9.6.2 - XSS
Cross-site scripting (XSS) vulnerability in index.php in MODx CMS 0.9.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in the username field, possibly related to snippet.ditto.php. NOTE: some sources list the id parameter as being affected, but this is probably incorrect based on the original disclosure.
by RoMaNcYxHaCkEr
CVE-2008-6119 EXPLOITDB text VERIFIED
Goople CMS 1.7 - Static Code Injection via Username and Password Parameters
Static code injection vulnerability in gooplecms/admin/account/action/editpass.php in Goople CMS 1.7 allows remote attackers to inject arbitrary PHP code into admin/userandpass.php via the (1) username and (2) password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by BeyazKurt
EIP-2026-107461 EXPLOITDB text VERIFIED
Goople CMS 1.7 - Arbitrary File Upload
by x0r
CVE-2008-6111 EXPLOITDB text VERIFIED
NetArt Media Vlog System 1.1 - SQL Injection
SQL injection vulnerability in blog.php in NetArt Media Vlog System 1.1 allows remote attackers to execute arbitrary SQL commands via the note parameter.
by Mr.SQL
EIP-2026-107388 EXPLOITDB text VERIFIED
getaphpsite Real Estate - Arbitrary File Upload
by ZoRLu
EIP-2026-107387 EXPLOITDB text VERIFIED
getaphpsite Auto Dealers - Arbitrary File Upload
by ZoRLu
CVE-2008-6112 EXPLOITDB text VERIFIED
Ez Ringtone Manager - Path Traversal
Multiple directory traversal vulnerabilities in Ez Ringtone Manager allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a detail action to (1) main.php and (2) template.php in ringtones/.
by b3hz4d
CVE-2008-6114 EXPLOITDB text VERIFIED
Mytipper Zogo-shop <1.15.4 - SQL Injection
SQL injection vulnerability in product_details.php in the Mytipper Zogo-shop 1.15.4 plugin for e107 allows remote attackers to execute arbitrary SQL commands via the product parameter.
by NoGe
CVE-2008-5705 EXPLOITDB text VERIFIED
Verlihub 0.9.8d-RC2 - Remote Command Execution via Trigger Argument Injection
The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier, when user triggers are enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in an argument.
by v4lkyrius
CVE-2008-6116 EXPLOITDB text VERIFIED
EXtrovert Software Thyme 1.0 - SQL Injection
SQL injection vulnerability in the EXtrovert Software Thyme (com_thyme) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event parameter to index.php.
by Ded MustD!e