Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-107514 EXPLOITDB text VERIFIED
GS Real Estate Portal US/International Module - Multiple Vulnerabilities
by ZoRLu
EIP-2026-107513 EXPLOITDB text VERIFIED
GS Real Estate Portal - Multiple SQL Injections
by InjEctOr5
CVE-2008-5650 EXPLOITDB text VERIFIED
AlstraSoft Web Host Directory - SQL Injection
SQL injection vulnerability in the login directory in AlstraSoft Web Host Directory allows remote attackers to execute arbitrary SQL commands via the pwd parameter.
by G4N0K
CVE-2008-6950 EXPLOITDB text VERIFIED
Bankoi WebHosting Control Panel 1.20 - SQL Injection via Login Username or Password Field
Multiple SQL injection vulnerabilities in login.asp in Bankoi WebHosting Control Panel 1.20 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field.
by R3d-D3V!L
CVE-2008-6943 EXPLOITDB text VERIFIED
ScriptsFeed Recipes Listing Portal - Authenticated Remote Code Execution via Recipe Photo Upload
Unrestricted file upload vulnerability in ScriptsFeed Recipes Listing Portal allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a recipe photo, then accessing it via a direct request to the file in pictures/.
by ZoRLu
CVE-2008-6942 EXPLOITDB text VERIFIED
ScriptsFeed Realtor Classifieds System - Authenticated Remote Code Execution via Profile Logo Upload
Unrestricted file upload vulnerability in ScriptsFeed Realtor Classifieds System (aka Real Estate Classifieds) allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in re_images/.
by ZoRLu
CVE-2008-6938 EXPLOITDB text VERIFIED
Pi3Web < 2.0.3_pl1 - Denial of Service via ISAPI Directory File Request
Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop application and without using the Pi3Web/Conf/Intenet.pi3, allows remote attackers to cause a denial of service (crash or hang) and obtain the full pathname of the server via a request to a file in the ISAPI directory that is not an executable DLL, which triggers the crash when the DLL load fails, as demonstrated using Isapi\users.txt.
by Hamid Ebadi
CVE-2008-6944 EXPLOITDB text VERIFIED
ScriptsFeed Auto Classifieds - Authenticated Arbitrary File Upload via Profile Logo
Unrestricted file upload vulnerability in ScriptsFeed Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in cars_images/.
by ZoRLu
CVE-2008-6944 EXPLOITDB text VERIFIED
ScriptsFeed Auto Classifieds - Authenticated Arbitrary File Upload via Profile Logo
Unrestricted file upload vulnerability in ScriptsFeed Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in cars_images/.
by ZoRLu
CVE-2008-6944 EXPLOITDB text VERIFIED
ScriptsFeed Auto Classifieds - Authenticated Arbitrary File Upload via Profile Logo
Unrestricted file upload vulnerability in ScriptsFeed Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in cars_images/.
by ZoRLu
CVE-2008-5497 EXPLOITDB text VERIFIED
BandSite CMS 1.1.4 - Unauthenticated Authentication Bypass via login_auth Cookie
BandSite CMS 1.1.4 allows remote attackers to bypass authentication and gain administrative access by setting the login_auth cookie to true.
by Stack
CVE-2008-6122 EXPLOITDB text VERIFIED
Netgear WGR614v9 - Denial of Service via Question Mark in Request
The web management interface in Netgear WGR614v9 allows remote attackers to cause a denial of service (crash) via a request that contains a question mark ("?").
by sr.
CVE-2008-6940 EXPLOITDB text VERIFIED
TurnkeyForms Web Hosting Directory - Unauthenticated Sensitive Information Exposure via Direct Database Backup Request
TurnkeyForms Web Hosting Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain a database backup via a direct request to admin/backup/db.
by G4N0K
CVE-2008-6939 EXPLOITDB text VERIFIED
TurnkeyForms Web Hosting Directory - Unauthenticated Authentication Bypass via Cookie Manipulation
TurnkeyForms Web Hosting Directory allows remote attackers to bypass authentication and (1) gain administrative privileges by setting the adm cookie to 1 or (2) gain privileges as another user by setting the logged cookie to the target username.
by G4N0K
CVE-2008-6941 EXPLOITDB text VERIFIED
TurnkeyForms Web Hosting Directory - SQL Injection via Login Password Field
SQL injection vulnerability in the login functionality in TurnkeyForms Web Hosting Directory allows remote attackers to execute arbitrary SQL commands via the password field.
by G4N0K
CVE-2008-6302 EXPLOITDB text VERIFIED
TurnkeyForms Local Classifieds - Unauthenticated Authentication Bypass via Direct Admin Page Access
TurnkeyForms Local Classifieds allows remote attackers to bypass authentication and gain administrative access via a direct request to Site_Admin/admin.php.
by G4N0K
CVE-2008-3765 EXPLOITDB text VERIFIED
Quick Poll Script - SQL Injection via id Parameter
SQL injection vulnerability in code.php in Quick Poll Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Hussin X
CVE-2008-5650 EXPLOITDB text VERIFIED
AlstraSoft Web Host Directory - SQL Injection
SQL injection vulnerability in the login directory in AlstraSoft Web Host Directory allows remote attackers to execute arbitrary SQL commands via the pwd parameter.
by ZoRLu
CVE-2008-6932 EXPLOITDB text VERIFIED
AlstraSoft SendIt Pro - Unauthenticated Arbitrary File Upload via submit_file.php
Unrestricted file upload vulnerability in submit_file.php in AlstraSoft SendIt Pro allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in send/files/.
by ZoRLu
CVE-2008-5649 EXPLOITDB text VERIFIED
AlstraSoft Article Manager Pro 1.6 - SQL Injection
SQL injection vulnerability in admin/admin.php in AlstraSoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via the username parameter.
by ZoRLu
CVE-2008-5102 EXPLOITDB text VERIFIED
Zope < 2.11.2 - Authenticated Denial of Service via PythonScript Raise or Import Statements
PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other products, allows remote authenticated users to cause a denial of service (resource consumption or application halt) via certain (1) raise or (2) import statements.
by Marc-Andre Lemburg
EIP-2026-101178 EXPLOITDB text VERIFIED
Belkin F5D8233-4 Wireless N Router (Multiple Scripts) - Authentication Bypass
by Craig Heffner
CVE-2008-6798 EXPLOITDB text VERIFIED
Pre Projects Pre Real Estate Listings - SQL Injection via Username or Password Parameter
Multiple SQL injection vulnerabilities in login.php in Pre Projects Pre Real Estate Listings allow remote attackers to execute arbitrary SQL commands via (1) the us parameter (aka the Username field) or (2) the ps parameter (aka the Password field).
by BackDoor
CVE-2008-6953 EXPLOITDB text VERIFIED
ooVoo 1.7.1.35 - Buffer Overflow via Long oovoo: URI
Buffer overflow in oovoo.exe in ooVoo 1.7.1.35, and possibly other versions before 1.7.1.59, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long oovoo: URI.
by Nine:Situations:Group
CVE-2008-7052 EXPLOITDB text VERIFIED
Pre Real Estate Listings - Authenticated Arbitrary File Upload via Profile Logo
Unrestricted file upload vulnerability in profile.php in Pre Projects Pre Real Estate Listings allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in re_images/.
by BackDoor