Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-5706 EXPLOITDB text VERIFIED
Verlihub <0.9.8d-RC2 - Local File Overwrite
The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/trigger.tmp temporary file.
by v4lkyrius
CVE-2008-5409 EXPLOITDB text VERIFIED
BitDefender Antivirus - Denial of Service via Crafted PDF File
Unspecified vulnerability in the pdf.xmd module in (1) BitDefender Free Edition 10 and Antivirus Standard 10, (2) BullGuard Internet Security 8.5, and (3) Software602 Groupware Server 6.0.08.1118 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, possibly related to included compressed streams that were processed with the ASCIIHexDecode filter. NOTE: some of these details are obtained from third party information.
by ProTeuS
EIP-2026-113034 EXPLOITDB text VERIFIED
VCalendar - Remote Database Disclosure
by Swan
EIP-2026-112993 EXPLOITDB text VERIFIED
vBulletin 3.7.3 - Visitor Message Cross-Site Request Forgery / Worm
by Mx
CVE-2008-6303 EXPLOITDB text VERIFIED
ToursManager - SQL Injection via tourid Parameter
SQL injection vulnerability in tourview.php in ToursManager allows remote attackers to execute arbitrary SQL commands via the tourid parameter.
by XaDoS
CVE-2008-6306 EXPLOITDB text VERIFIED
Softbiz Classifieds Script - Cross-Site Scripting via signinform.php msg Parameter
Cross-site scripting (XSS) vulnerability in signinform.php in Softbiz Classifieds Script allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Vahid Ezraeil
CVE-2008-7049 EXPLOITDB text VERIFIED
NatterChat 1.1 and 1.12 - SQL Injection via Username and Password Parameters
Multiple SQL injection vulnerabilities in login.asp in NatterChat 1.1 and 1.12 allow remote attackers to execute arbitrary SQL commands via the (1) txtUsername parameter (aka Username) and (2) txtPassword parameter (aka Password) in a form generated by home.asp. NOTE: due to lack of details, it is not clear whether this is related to CVE-2004-2206.
by Stack
CVE-2008-7047 EXPLOITDB text VERIFIED
NatterChat 1.1 - Unauthenticated Authentication Bypass via Direct Admin Endpoint Access
NatterChat 1.1 allows remote attackers to bypass authentication and gain administrator privileges to read or delete rooms and messages via a direct request to admin/home.asp.
by Stack
CVE-2008-7049 EXPLOITDB text VERIFIED
NatterChat 1.1 and 1.12 - SQL Injection via Username and Password Parameters
Multiple SQL injection vulnerabilities in login.asp in NatterChat 1.1 and 1.12 allow remote attackers to execute arbitrary SQL commands via the (1) txtUsername parameter (aka Username) and (2) txtPassword parameter (aka Password) in a form generated by home.asp. NOTE: due to lack of details, it is not clear whether this is related to CVE-2004-2206.
by Bl@ckbe@rD
CVE-2008-5625 EXPLOITDB text VERIFIED
PHP < 5.2.7 - Arbitrary File Write via .htaccess error_log Directive
PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictions when safe_mode is enabled through a php_admin_flag setting in httpd.conf, which allows context-dependent attackers to write to arbitrary files by placing a "php_value error_log" entry in a .htaccess file.
by SecurityReason
CVE-2008-5185 EXPLOITDB text VERIFIED
GeSHi < 1.0.8 - Denial of Service via Unclosed XML Delimiter
The highlighting functionality in geshi.php in GeSHi before 1.0.8 allows remote attackers to cause a denial of service (infinite loop) via an XML sequence containing an opening delimiter without a closing delimiter, as demonstrated using "<".
by Christian Hoffmann
CVE-2008-6309 EXPLOITDB text VERIFIED
W3matter AskPert - SQL Injection via f[password] Parameter
SQL injection vulnerability in index.php in W3matter AskPert allows remote attackers to execute arbitrary SQL commands via the f[password] parameter. NOTE: some of these details are obtained from third party information.
by TR-ShaRk
CVE-2008-6310 EXPLOITDB text VERIFIED
W3matter RevSense 1.0 - SQL Injection via f[password] Parameter
SQL injection vulnerability in index.php in W3matter RevSense 1.0 allows remote attackers to execute arbitrary SQL commands via the f[password] parameter. NOTE: some of these details are obtained from third party information.
by d3b4g
CVE-2008-6329 EXPLOITDB text VERIFIED
Pre ASP Job Board - SQL Injection via Username or Password Parameter
SQL injection vulnerability in Employee/login.asp in Pre ASP Job Board allows remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password parameters, as reachable from Employee/emp_login.asp. NOTE: some of these details are obtained from third party information.
by R3d-D3V!L
EIP-2026-106713 EXPLOITDB text VERIFIED
Easyedit CMS - 'subcategory.php?intSubCategoryID' SQL Injection
by d3v1l
EIP-2026-106712 EXPLOITDB text VERIFIED
Easyedit CMS - 'page.php?intPageID' SQL Injection
by d3v1l
EIP-2026-106711 EXPLOITDB text VERIFIED
Easyedit CMS - 'news.php?intPageID' SQL Injection
by d3v1l
CVE-2008-6310 EXPLOITDB text VERIFIED
W3matter RevSense 1.0 - SQL Injection via f[password] Parameter
SQL injection vulnerability in index.php in W3matter RevSense 1.0 allows remote attackers to execute arbitrary SQL commands via the f[password] parameter. NOTE: some of these details are obtained from third party information.
by TR-ShaRk
EIP-2026-105077 EXPLOITDB text VERIFIED
Alex News-Engine 1.5.1 - Arbitrary File Upload
by Batter
EIP-2026-105074 EXPLOITDB text VERIFIED
Alex Article-Engine 1.3.0 - 'FCKeditor' Arbitrary File Upload
by Batter
EIP-2026-101147 EXPLOITDB text VERIFIED
3Com Wireless 8760 Dual-Radio 11a/b/g PoE - Multiple Vulnerabilities
by Adrian Pastor
CVE-2008-6253 EXPLOITDB text VERIFIED
Pluck 4.5.3 - Remote Code Execution via g_pcltar_lib_dir Parameter
Directory traversal vulnerability in data/inc/lib/pcltar.lib.php in Pluck 4.5.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the g_pcltar_lib_dir parameter.
by DSecRG
CVE-2008-2125 EXPLOITDB text VERIFIED
Musicbox 2.3.6-2.3.7 - SQL Injection via viewalbums.php artistId Parameter
SQL injection vulnerability in viewalbums.php in Musicbox 2.3.6 and 2.3.7 allows remote attackers to execute arbitrary SQL commands via the artistId parameter.
by snakespc
CVE-2008-6305 EXPLOITDB text VERIFIED
Free Directory Script 1.1.1 - Remote Code Execution via API_HOME_DIR Parameter
PHP remote file inclusion vulnerability in init.php in Free Directory Script 1.1.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the API_HOME_DIR parameter.
by Ghost Hacker
CVE-2008-6307 EXPLOITDB text VERIFIED
E-topbiz Link Back Checker 1 - Unauthenticated Authentication Bypass via Auth Cookie
E-topbiz Link Back Checker 1 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "admin."
by x0r