Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-5496 EXPLOITDB text VERIFIED
PozScripts Business Directory Script - SQL Injection
SQL injection vulnerability in showcategory.php in PozScripts Business Directory Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by Hussin X
CVE-2008-5053 EXPLOITDB text VERIFIED
Joomla com_rssreader 1.0 - Remote Code Execution via mosConfig_live_site Parameter
PHP remote file inclusion vulnerability in admin.rssreader.php in the Simple RSS Reader (com_rssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
by NoGe
CVE-2008-5494 EXPLOITDB text VERIFIED
Joomla! com_contactinfo 1.0 - SQL Injection
SQL injection vulnerability in the Contact Information Module (com_contactinfo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
by boom3rang
CVE-2008-0689 EXPLOITDB text VERIFIED
Joomla com_marketplace 1.1.1 and 1.1.1-pl1 - SQL Injection via catid Parameter
SQL injection vulnerability in index.php in the Marketplace (com_marketplace) 1.1.1 and 1.1.1-pl1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_category action.
by TR-ShaRk
CVE-2008-5643 EXPLOITDB text VERIFIED
Joomla com_books - SQL Injection via book_id Parameter
SQL injection vulnerability in the Books (com_books) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter in a book_details action to index.php.
by boom3rang
EIP-2026-108139 EXPLOITDB text VERIFIED
Joomla! / Mambo Component com_catalogproduction - 'id' SQL Injection
by boom3rang
CVE-2008-7041 EXPLOITDB text VERIFIED
ajsquare aj_classifieds - Unauthenticated Authentication Bypass via Direct Admin Page Access
AJ Classifieds allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin/home.php.
by G4N0K
CVE-2008-6252 EXPLOITDB text VERIFIED
smcFanControl 2.1.2 - Local Privilege Escalation via Long -k Option
Stack-based buffer overflow in the smc program in smcFanControl 2.1.2 allows local users to execute arbitrary code and gain privileges via a long -k option.
by xwings
CVE-2008-6965 EXPLOITDB text VERIFIED
AJ Square AJ Auction - Unauthenticated Authentication Bypass via Direct Script Request
AJ Square AJ Auction OOPD, Pro Platinum Skin #1, Pro Platinum Skin #2, and Web 2.0 send a redirect but do not exit when certain scripts are called directly, which allows remote attackers to bypass authentication via a direct request to (1) site.php, (2) auction.php, (3) mail.php, (4) fee_setting.php, (5) earnings.php, (6) insertion_fee_settings.php, (7) custom_category.php, (8) subcategory.php, (9) category.php, (10) report.php, (11) store_manager.php, and (12) choose_sell_format.php in admin/, and possibly other vectors.
by G4N0K
CVE-2008-6948 EXPLOITDB text VERIFIED
Collabtive 0.4.8 - Authenticated Remote Code Execution via Unrestricted File Upload
Unrestricted file upload vulnerability in Collabtive 0.4.8 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and using a text/plain MIME type, then accessing it via a direct request to the file in files/, related to (1) the showproject action in managefile.php or (2) the Messages feature.
by USH
CVE-2008-6947 EXPLOITDB text VERIFIED
Collabtive 0.4.8 - Unauthenticated Authentication Bypass and Privilege Escalation via Admin User Creation
Collabtive 0.4.8 allows remote attackers to bypass authentication and create new users, including administrators, via unspecified vectors associated with the added mode in a users action to admin.php.
by USH
CVE-2008-6946 EXPLOITDB text VERIFIED
Collabtive 0.4.8 - Stored Cross-Site Scripting in Project Name via manageproject.php
Cross-site scripting (XSS) vulnerability in manageproject.php in Collabtive 0.4.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via the project Name, which is not properly handled when the administrator performs an editform action, related to admin.php.
by USH
CVE-2008-7045 EXPLOITDB text VERIFIED
AJ Square Free Polling Script - Unauthenticated Authentication Bypass via Direct Request to admin/resetvote.php
AJ Square Free Polling Script (AJPoll) Database version allows remote attackers to bypass authentication and reset poll votes via a direct request to admin/resetvote.php.
by G4N0K
CVE-2008-7044 EXPLOITDB text VERIFIED
AJ Square Free Polling Script - SQL Injection via ques Parameter
SQL injection vulnerability in admin/include/newpoll.php in AJ Square Free Polling Script (AJPoll) Database version allows remote attackers to execute arbitrary SQL commands via the ques parameter.
by G4N0K
CVE-2008-7042 EXPLOITDB text VERIFIED
FreshScripts Fresh Email Script 1.0-1.11 - Remote Code Execution via tmp_sid Parameter
PHP remote file inclusion vulnerability in url.php in FreshScripts Fresh Email Script 1.0 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the tmp_sid parameter.
by Don
CVE-2008-6930 EXPLOITDB text VERIFIED
PHPStore Real Estate - Authenticated Arbitrary File Upload via Logo Image
Unrestricted file upload vulnerability in PHPStore Real Estate allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in realty/re_images/.
by ZoRLu
CVE-2008-6931 EXPLOITDB text VERIFIED
PHPStore Job Search - Authenticated Remote Code Execution via Resume Photo Upload
Unrestricted file upload vulnerability in PHPStore Job Search (aka PHPCareers) allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a resume photo, then accessing it via a direct request to the file in jobseekers/jobseeker_profile_images.
by ZoRLu
CVE-2008-6928 EXPLOITDB text VERIFIED
PHPStore Complete Classifieds - Authenticated Arbitrary File Upload and Remote Code Execution via Logo Upload
Unrestricted file upload vulnerability in PHPStore Complete Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in classifieds1/yellow_images/.
by ZoRLu
CVE-2008-6929 EXPLOITDB text VERIFIED
PHPStore Auto Classifieds - Authenticated Arbitrary File Upload via Logo Upload
Unrestricted file upload vulnerability in PHPStore Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in cars/cars_images/.
by ZoRLu
CVE-2008-5063 EXPLOITDB text VERIFIED
OTManager 2.4 - Remote Code Execution via Tipo Parameter
PHP remote file inclusion vulnerability in Admin/ADM_Pagina.php in OTManager 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the Tipo parameter.
by Colt7r
CVE-2008-5051 EXPLOITDB text VERIFIED
JooBlog 0.1.1 - SQL Injection via PostID Parameter
SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PostID parameter to index.php.
by boom3rang
CVE-2008-7043 EXPLOITDB text VERIFIED
FreshScripts Fresh Email Script 1.0-1.11 - Cross-Site Scripting via Email Parameter
Cross-site scripting (XSS) vulnerability in register.php in FreshScripts Fresh Email Script 1.0 through 1.11 allows remote attackers to inject arbitrary web script or HTML via the Email parameter. NOTE: this can be leveraged to modify cookies and conduct session fixation attacks.
by Don
CVE-2008-6934 EXPLOITDB text VERIFIED
Sanusart Free Simple Guestbook PHP Script - Remote Code Execution via Message Parameter
Static code injection vulnerability in Sanus|artificium (aka Sanusart) Free simple guestbook PHP script, when downloaded before 20081111, allows remote attackers to inject arbitrary PHP code into messages.txt via the message parameter to act.php, which is executed when guestbook/guestbook.php is accessed. NOTE: some of these details are obtained from third party information.
by GoLd_M
CVE-2008-6949 EXPLOITDB text VERIFIED
Collabtive - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in Collabtive 0.4.8 allow remote attackers to hijack the authentication of administrators for requests that (1) submit or edit a new project, or (2) upload files to a project, or (3) attach files to messages via unknown vectors. NOTE: these issues can be leveraged with other vulnerabilities to create remote attack vectors that do not require authentication.
by USH
CVE-2008-7046 EXPLOITDB text VERIFIED
AJ Square Free Polling Script - Unauthenticated Authentication Bypass via Direct Request to newpoll.php
AJ Square Free Polling Script (AJPoll) allows remote attackers to bypass authentication and create new polls via a direct request to admin/include/newpoll.php, a different vector than CVE-2008-7045. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by G4N0K