Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-6265 EXPLOITDB text VERIFIED
cyberfolio <= 7.12.2 - Path Traversal via Theme Parameter
Directory traversal vulnerability in portfolio/css.php in Cyberfolio 7.12.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter.
by dun
CVE-2008-6605 EXPLOITDB text VERIFIED
2wire 1701HG 1800HW 2071HG 2700HG - Cross-Site Request Forgery via XSLT Script
Cross-site request forgery (CSRF) vulnerability in the xslt script in the web-based management interface on the 2wire 1701HG, 1800HW, 2071HG, and 2700HG with firmware 3.17.5, 3.7.1, 4.25.19, or 5.29.51 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that cause a denial of service (network outage) via a page parameter with a % (percent) character followed by a non-alphanumeric character.
by hkm
CVE-2008-6487 EXPLOITDB text VERIFIED
DigiAffiliate < 1.4 - SQL Injection via Login Admin and Password Fields
Multiple SQL injection vulnerabilities in login.asp in Digiappz DigiAffiliate 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) admin and (2) password fields.
by d3b4g
CVE-2008-5652 EXPLOITDB text VERIFIED
MyioSoft EasyBookMarker 4.0 - SQL Injection
SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft EasyBookMarker 4.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter. NOTE: some of these details are obtained from third party information.
by ZoRLu
CVE-2008-5651 EXPLOITDB text VERIFIED
MyioSoft EasyBookMarker 4.0 - SQL Injection
SQL injection vulnerability in plugins/bookmarker/bookmarker_backend.php in MyioSoft EasyBookMarker 4.0 allows remote attackers to execute arbitrary SQL commands via the Parent parameter.
by G4N0K
CVE-2008-5061 EXPLOITDB text VERIFIED
Mini Web Calendar 1.2 - Cross-Site Scripting via URL Parameter
Cross-site scripting (XSS) vulnerability in php/cal_default.php in Mini Web Calendar (mwcal) 1.2 allows remote attackers to inject arbitrary web script or HTML via the URL.
by ahmadbady
CVE-2008-6350 EXPLOITDB text VERIFIED
TurnkeyForms Local Classifieds - SQL Injection via listtest.php r Parameter
SQL injection vulnerability in listtest.php in TurnkeyForms Local Classifieds allows remote attackers to execute arbitrary SQL commands via the r parameter.
by TR-ShaRk
CVE-2008-5048 EXPLOITDB text VERIFIED
ISecSoft Anti-Trojan Elite <= 4.2.2 - Buffer Overflow via Atepmon.sys IOCTL
Buffer overflow in Atepmon.sys in ISecSoft Anti-Trojan Elite 4.2.1 and earlier, and possibly 4.2.2, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via long inputs to the 0x00222494 IOCTL.
by alex
CVE-2008-5049 EXPLOITDB text VERIFIED
ISecSoft Anti-Keylogger Elite < 3.3.0 - Local Privilege Escalation via AKEProtect.sys IOCTL Buffer Overflow
Buffer overflow in AKEProtect.sys 3.3.3.0 in ISecSoft Anti-Keylogger Elite 3.3.0 and earlier, and possibly other versions including 3.3.3, allows local users to gain privileges via long inputs to the (1) 0x002224A4, (2) 0x002224C0, and (3) 0x002224CC IOCTL.
by NT Internals
CVE-2008-6717 EXPLOITDB text VERIFIED
U&M Software Signup 1.0 and 1.1 - Unauthenticated Improper Authentication in Admin Directory
U&M Software Signup 1.0 and 1.1 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) adminstart.php, (2) admineventtype.php, (3) admineventdetails.php, (4) admineventlist.php, (5) adminuserslist.php, (6) adminleaderslist.php, (7) admindatabase.php, and possibly (8) index.php.
by G4N0K
CVE-2008-6718 EXPLOITDB text VERIFIED
U&M Software JustBookIt 1.0 - Unauthenticated Improper Authentication in Admin Scripts
U&M Software JustBookIt 1.0 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) user_manual.php, (2) user_config.php, (3) user_kundnamn.php, (4) user_kundlista.php, (5) user_aktiva_kunder.php, (6) database.php, and possibly (7) index.php.
by G4N0K
CVE-2008-6719 EXPLOITDB text VERIFIED
U&M Software Event Lister (JustListIt) 1.0 - Unauthenticated Access to Admin Scripts
U&M Software Event Lister (aka JustListIt) 1.0 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) start.php, (2) aktivitet.php, (3) prop_aktivitet.php, (4) kategorier.php, (5) konfig.php, (6) security.php, (7) manual.php, and possibly (8) index.php.
by G4N0K
EIP-2026-112810 EXPLOITDB text VERIFIED
TurnkeyForms Software Directory 1.0 - SQL Injection / Cross-Site Scripting
by G4N0K
CVE-2008-6351 EXPLOITDB text VERIFIED
TurnkeyForms Local Classifieds - Cross-Site Scripting via listtest.php r Parameter
Cross-site scripting (XSS) vulnerability in listtest.php in TurnkeyForms Local Classifieds allows remote attackers to inject arbitrary web script or HTML via the r parameter.
by TR-ShaRk
CVE-2008-6723 EXPLOITDB text VERIFIED
TurnkeyForms Entertainment Portal 2.0 - Unauthenticated Authentication Bypass via adminLogged Cookie
TurnkeyForms Entertainment Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLogged cookie to Administrator.
by G4N0K
CVE-2008-6349 EXPLOITDB text VERIFIED
TurnkeyForms Business Survey Pro 1.0 - SQL Injection via id Parameter
SQL injection vulnerability in survey_results_text.php in TurnkeyForms Business Survey Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by G4N0K
EIP-2026-110653 EXPLOITDB text VERIFIED
PHP Auto Listings Script - Authentication Bypass
by r45c4l
CVE-2008-5654 EXPLOITDB text VERIFIED
MyioSoft EasyCalendar 4.0 - SQL Injection
SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft EasyCalendar 4.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter, a different vector than CVE-2008-1344. NOTE: some of these details are obtained from third party information.
by ZoRLu
CVE-2008-5655 EXPLOITDB text VERIFIED
MyioSoft EasyBookMarker 4.0 - SQL Injection
Multiple SQL injection vulnerabilities in MyioSoft EasyBookMarker 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) delete_folder and (2) delete_link parameters to unspecified vectors, possibly to (a) plugins/bookmarker/bookmarker_backend.php or (b) ajaxp.php, different vectors than CVE-2008-5654. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
CVE-2008-5655 EXPLOITDB text VERIFIED
MyioSoft EasyBookMarker 4.0 - SQL Injection
Multiple SQL injection vulnerabilities in MyioSoft EasyBookMarker 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) delete_folder and (2) delete_link parameters to unspecified vectors, possibly to (a) plugins/bookmarker/bookmarker_backend.php or (b) ajaxp.php, different vectors than CVE-2008-5654. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by G4N0K
CVE-2008-5653 EXPLOITDB text VERIFIED
MyioSoft AjaxPortal 3.0 - SQL Injection
SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft AjaxPortal 3.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter. NOTE: some of these details are obtained from third party information.
by ZoRLu
CVE-2008-5047 EXPLOITDB text VERIFIED
Mole Group Rental Script - SQL Injection via Username Parameter
SQL injection vulnerability in admin/index.php in Mole Group Rental Script allows remote attackers to execute arbitrary SQL commands via the username parameter.
by Cyber-Zone
CVE-2008-5046 EXPLOITDB text VERIFIED
Mole Group Pizza Script - SQL Injection via manufacturers_id Parameter
SQL injection vulnerability in index.php in Mole Group Pizza Script allows remote attackers to execute arbitrary SQL commands via the manufacturers_id parameter.
by InjEctOr5
CVE-2008-5062 EXPLOITDB text VERIFIED
Mini Web Calendar 1.2 - Path Traversal via cal_pdf.php thefile Parameter
Directory traversal vulnerability in php/cal_pdf.php in Mini Web Calendar (mwcal) 1.2 allows remote attackers to read arbitrary files via directory traversal sequences in the thefile parameter.
by ahmadbady
CVE-2008-5790 EXPLOITDB text VERIFIED
Recly!Competitions 1.0 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in the Recly!Competitions (com_competitions) component 1.0 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) add.php and (b) competitions.php in includes/competitions/, and the (2) mosConfig_absolute_path parameter to (c) includes/settings/settings.php.
by NoGe