Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-5789 EXPLOITDB text VERIFIED
Joomla! Recly Interactive Feederator 1.0.5 - RCE
Multiple PHP remote file inclusion vulnerabilities in the Recly Interactive Feederator (com_feederator) component 1.0.5 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) mosConfig_absolute_path parameter to (a) add_tmsp.php, (b) edit_tmsp.php and (c) tmsp.php in includes/tmsp/; and the (2) GLOBALS[mosConfig_absolute_path] parameter to (d) includes/tmsp/subscription.php.
by NoGe
CVE-2008-5793 EXPLOITDB text VERIFIED
recly clickheat-heatmap 1.0.1 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in the Clickheat - Heatmap stats (com_clickheat) component 1.0.1 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) install.clickheat.php, (b) Cache.php and (c) Clickheat_Heatmap.php in Recly/Clickheat/, and (d) Recly/common/GlobalVariables.php; and the (2) mosConfig_absolute_path parameter to (e) _main.php and (f) main.php in includes/heatmap, and (g) includes/overview/main.php.
by NoGe
CVE-2008-5803 EXPLOITDB text VERIFIED
E-topbiz Online Store 1.0 - SQL Injection
SQL injection vulnerability in admin/login.php in E-topbiz Online Store 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka username field). NOTE: some of these details are obtained from third party information.
by ZoRLu
CVE-2008-5802 EXPLOITDB text VERIFIED
E-topbiz Online Store 1.0 - SQL Injection
SQL injection vulnerability in index.php in E-topbiz Online Store 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
by Stack
CVE-2008-5804 EXPLOITDB text VERIFIED
e-topbiz Number Links 1 - SQL Injection
SQL injection vulnerability in admin/admin_catalog.php in e-topbiz Number Links 1 Php Script allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action.
by Hussin X
CVE-2008-5788 EXPLOITDB text VERIFIED
Domain Seller Pro 1.5 - SQL Injection
SQL injection vulnerability in index.php in Domain Seller Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by TR-ShaRk
CVE-2008-5805 EXPLOITDB text VERIFIED
DeltaScripts PHP Classifieds <7.5 - SQL Injection
SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the siteid parameter, a different vector than CVE-2006-5828.
by ZoRLu
CVE-2008-6916 EXPLOITDB text VERIFIED
Siemens SpeedStream 5200 with NetPort Software 1.1 - Authentication Bypass via Invalid Host Header
Siemens SpeedStream 5200 with NetPort Software 1.1 allows remote attackers to bypass authentication via an invalid Host header, possibly involving a trailing dot in the hostname.
by hkm
CVE-2008-6715 EXPLOITDB text VERIFIED
Pre ADS Portal < 2.0 - Cross-Site Scripting via msg Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Pre ADS Portal 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) homeadmin/adminhome.php and (2) homeadmin/signinform.php.
by G4N0K
CVE-2008-6485 EXPLOITDB text VERIFIED
SoftComplex PHP Image Gallery - SQL Injection via ctg Parameter
SQL injection vulnerability in index.php in SoftComplex PHP Image Gallery allows remote attackers to execute arbitrary SQL commands via the ctg parameter.
by Hussin X
CVE-2008-6488 EXPLOITDB text VERIFIED
SoftComplex PHP Image Gallery 1.0 - SQL Injection via Admin Field in Login Action
SQL injection vulnerability in index.php in SoftComplex PHP Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the Admin field in a login action.
by Cyber-Zone
CVE-2008-6488 EXPLOITDB text VERIFIED
SoftComplex PHP Image Gallery 1.0 - SQL Injection via Admin Field in Login Action
SQL injection vulnerability in index.php in SoftComplex PHP Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the Admin field in a login action.
by Hussin X
EIP-2026-111559 EXPLOITDB text VERIFIED
Prozilla Software Directory - Cross-Site Scripting / SQL Injection
by G4N0K
CVE-2008-6716 EXPLOITDB text VERIFIED
Pre ADS Portal < 2.0 - Unauthenticated Improper Authentication in Admin Home Page
homeadmin/adminhome.php in Pre ADS Portal 2.0 and earlier does not require administrative authentication, which allows remote attackers to have an unspecified impact via a direct request.
by G4N0K
CVE-2008-6525 EXPLOITDB text VERIFIED
Nice PHP FAQ Script - SQL Injection via Admin Panel Password Parameter
SQL injection vulnerability in the Admin Panel in Nice PHP FAQ Script (Knowledge base Script) allows remote attackers to execute arbitrary SQL commands via the Password parameter (aka the pass field).
by r45c4l
CVE-2008-4454 EXPLOITDB text VERIFIED
MySQL Quick Admin 1.5.5 - Path Traversal via Lang Parameter
Directory traversal vulnerability in EKINdesigns MySQL Quick Admin 1.5.5 allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the lang parameter to actions.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Vinod Sharma
CVE-2008-5794 EXPLOITDB text VERIFIED
LoveCMS 1.6.2 Final - Path Traversal
Directory traversal vulnerability in system/admin/images.php in LoveCMS 1.6.2 Final allows remote attackers to delete arbitrary files via a .. (dot dot) in the delete parameter.
by cOndemned
EIP-2026-107601 EXPLOITDB text VERIFIED
hMAilServer 4.4.2 - 'PHPWebAdmin' File Inclusion
by Nine:Situations:Group
CVE-2008-6348 EXPLOITDB text VERIFIED
DevelopItEasy Photo Gallery 1.2 - SQL Injection via cat_id, photo_id, user_name, or user_pass Parameter
Multiple SQL injection vulnerabilities in DevelopItEasy Photo Gallery 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to gallery_category.php, (2) photo_id parameter to gallery_photo.php, and the (3) user_name and (4) user_pass parameters to admin/index.php. NOTE: some of these details are obtained from third party information.
by InjEctOr5
CVE-2008-5131 EXPLOITDB text VERIFIED
Develop It Easy News And Article System 1.4 - SQL Injection via aid Parameter and Admin Panel Credentials
Multiple SQL injection vulnerabilities in Develop It Easy News And Article System 1.4 allow remote attackers to execute arbitrary SQL commands via (1) the aid parameter to article_details.php, and the (2) username and (3) password to the admin panel (admin/index.php).
by InjEctOr5
CVE-2008-5054 EXPLOITDB text VERIFIED
Develop It Easy Membership System 1.3 - SQL Injection via Email or Password Parameter
Multiple SQL injection vulnerabilities in Develop It Easy Membership System 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameters to customer_login.php and the (3) user_name and (4) user_pass parameters to admin/index.php. NOTE: some of these details are obtained from third party information.
by InjEctOr5
CVE-2008-6608 EXPLOITDB text VERIFIED
DevelopItEasy Events Calendar 1.2 - SQL Injection via User Name, User Pass, or ID Parameter
Multiple SQL injection vulnerabilities in DevelopItEasy Events Calendar 1.2 allow remote attackers to execute arbitrary SQL commands via (1) the user_name parameter (aka user field) to admin/index.php, (2) the user_pass parameter (aka pass field) to admin/index.php, or (3) the id parameter to calendar_details.php. NOTE: some of these details are obtained from third party information.
by InjEctOr5
CVE-2008-5648 EXPLOITDB text VERIFIED
DeltaScripts PHP Shop 1.0 - SQL Injection
SQL injection vulnerability in admin/login.php in DeltaScripts PHP Shop 1.0 allows remote attackers to execute arbitrary SQL commands via the admin_username parameter. NOTE: some of these details are obtained from third party information.
by ZoRLu
CVE-2008-6720 EXPLOITDB text VERIFIED
DeltaScripts PHP Links < 1.3 - SQL Injection via admin_username Parameter
SQL injection vulnerability in admin/adm_login.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the admin_username parameter (aka the admin field).
by ZoRLu
CVE-2008-5806 EXPLOITDB text VERIFIED
DeltaScripts PHP Classifieds <7.5 - SQL Injection
SQL injection vulnerability in login.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the admin_username parameter (aka admin field). NOTE: some of these details are obtained from third party information.
by ZoRLu