Exploitdb Exploits

CVE-2008-6225 EXPLOITDB text VERIFIED

Mole Group Airline Ticket Sale Script - SQL Injection via info.php flight parameter

SQL injection vulnerability in info.php in Mole Group Airline Ticket Sale Script allows remote attackers to execute arbitrary SQL commands via the flight parameter. NOTE: the vendor has disputed this issue, stating "crazy hackers and so named Security companies [spread] out such false informations. Such scripts or versions [do not] exist.

by InjEctOr5

View

CVE-2008-6221 EXPLOITDB text VERIFIED

Dada Mail Manager 2.6 - Remote Code Execution via GLOBALS[mosConfig_absolute_path] Parameter

PHP remote file inclusion vulnerability in config.dadamail.php in the Dada Mail Manager (com_dadamail) component 2.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter.

by NoGe

View

CVE-2008-6233 EXPLOITDB text VERIFIED

Five Dollar Scripts Drinks - SQL Injection via recid Parameter

SQL injection vulnerability in index.php in Five Dollar Scripts Drinks script allows remote attackers to execute arbitrary SQL commands via the recid parameter.

by Ex Tacy

View

CVE-2008-6793 EXPLOITDB text VERIFIED

DFLabs PTK 0.1, 0.2, and 1.0 - Remote Command Execution via Filename Shell Metacharacters

The get_file_type function in lib/file_content.php in DFLabs PTK 0.1, 0.2, and 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters after an arg1= sequence in a filename within a forensic image.

by ikki

View

CVE-2008-6268 EXPLOITDB text VERIFIED

WEBBDOMAIN Multi Languages WebShop Online 1.02 - SQL Injection via detail.php id Parameter

SQL injection vulnerability in detail.php in WEBBDOMAIN Multi Languages WebShop Online 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.

by G4N0K

View

CVE-2008-6267 EXPLOITDB text VERIFIED

Multi Languages WebShop Online 1.02 - Cross-Site Scripting via detail.php name Parameter

Cross-site scripting (XSS) vulnerability in detail.php in Multi Languages WebShop Online 1.02 allows remote attackers to inject arbitrary web script or HTML via the name parameter.

by G4N0K

View

CVE-2008-6223 EXPLOITDB text VERIFIED

Way Of The Warrior 5.0 - Remote Code Execution via plancia Parameter

PHP remote file inclusion vulnerability in visualizza.php in Way Of The Warrior (WOTW) 5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the plancia parameter to crea.php.

by dun

View

CVE-2008-6220 EXPLOITDB text VERIFIED

Simple Document Management System 1.1.4-1.1.5 - SQL Injection via Login Password Parameter

SQL injection vulnerability in login.php in Simple Document Management System (SDMS) 1.1.5 and 1.1.4, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the pass parameter.

by Yuri

View

CVE-2008-6224 EXPLOITDB text VERIFIED

Way Of The Warrior < 5.0 - Path Traversal via plancia Parameter

Directory traversal vulnerability in visualizza.php in Way Of The Warrior (WOTW) 5.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the plancia parameter.

by dun

View

CVE-2008-6629 EXPLOITDB text VERIFIED

WEBBDOMAIN Multi Languages WebShop Online 1.02 - Cross-Site Scripting via detail.php name Parameter

Cross-site scripting (XSS) vulnerability in detail.php in WEBBDOMAIN Multi Languages WebShop Online 1.02 allows remote attackers to inject arbitrary web script or HTML via the name parameter.

by G4N0K

View

CVE-2008-6627 EXPLOITDB text VERIFIED

WEBDOMAIN WebShop <= 1.2 - SQL Injection via getin.php Username Parameter

SQL injection vulnerability in getin.php in WEBBDOMAIN WebShop 1.2, 1.1, 1.02, and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.

by Hakxer

View

CVE-2008-6626 EXPLOITDB text VERIFIED

WEBBDOMAIN Quiz <= 1.02 - SQL Injection via Username Parameter

SQL injection vulnerability in getin.php in WEBBDOMAIN Quiz 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.

by Hakxer

View

CVE-2008-6623 EXPLOITDB text VERIFIED

webbdomain post_card < 1.02 - SQL Injection via Username Parameter

SQL injection vulnerability in getin.php in WEBBDOMAIN Post Card (aka Web Postcards) 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.

by x0r

View

CVE-2008-6622 EXPLOITDB text VERIFIED

webbdomian post_card < 1.02 - SQL Injection via choosecard.php catid Parameter

SQL injection vulnerability in choosecard.php in WEBBDOMAIN Post Card (aka Web Postcards) 1.02, 1.01, and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.

by Hussin X

View

CVE-2008-6625 EXPLOITDB text VERIFIED

WEBBDOMAIN Polls 1.0 and 1.01 - SQL Injection via Username Parameter

SQL injection vulnerability in getin.php in WEBBDOMAIN Polls (aka Poll) 1.0 and 1.01 allows remote attackers to execute arbitrary SQL commands via the username parameter.

by Hakxer

View

CVE-2008-6624 EXPLOITDB text VERIFIED

WEBBDOMAIN Petition 1.02, 2.0, 3.0 - SQL Injection via Username Parameter

SQL injection vulnerability in getin.php in WEBBDOMAIN Petition 1.02, 2.0, and 3.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.

by Hakxer

View

CVE-2008-6795 EXPLOITDB text VERIFIED

nicLOR Vibro-School-CMS - SQL Injection via nID Parameter

SQL injection vulnerability in view_news.php in nicLOR Vibro-School-CMS allows remote attackers to execute arbitrary SQL commands via the nID parameter.

by Cyber-Zone

View

CVE-2008-6795 EXPLOITDB text VERIFIED

nicLOR Vibro-School-CMS - SQL Injection via nID Parameter

SQL injection vulnerability in view_news.php in nicLOR Vibro-School-CMS allows remote attackers to execute arbitrary SQL commands via the nID parameter.

by StAkeR

View

EIP-2026-112765 EXPLOITDB text VERIFIED

TR News 2.1 - 'login.php' Remote Authentication Bypass

by StAkeR

View

CVE-2008-6289 EXPLOITDB text VERIFIED

Tours Manager 1.0 - SQL Injection via cityid Parameter

SQL injection vulnerability in cityview.php in Tours Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the cityid parameter.

by G4N0K

View

CVE-2008-6271 EXPLOITDB text VERIFIED

tbmnetcms 1.0 - Path Traversal via Index.php Content Parameter

Directory traversal vulnerability in index.php in TBmnetCMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the content parameter.

by d3v1l

View

CVE-2008-6236 EXPLOITDB text VERIFIED

Simple Document Management System 1.1.4-1.1.5 - SQL Injection via Login Parameter

SQL injection vulnerability in login.php in Simple Document Management System (SDMS) 1.1.5 and 1.1.4, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the login parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

by Yuri

View

CVE-2008-6290 EXPLOITDB text VERIFIED

nicLOR Sito - Path Traversal via Page File Parameter

Directory traversal vulnerability in includefile.php in nicLOR Sito, when register_globals is enabled or magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the page_file parameter.

by StAkeR

View

CVE-2007-6586 EXPLOITDB text VERIFIED

nicLOR-CMS - SQL Injection via sezione_news.php id Parameter

SQL injection vulnerability in sezione_news.php in nicLOR-CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a sezione page action to index.php.

by StAkeR

View

CVE-2008-6483 EXPLOITDB text VERIFIED

VirtueMart Google Base 1.1 - Remote Code Execution via mosConfig_absolute_path Parameter

PHP remote file inclusion vulnerability in admin.googlebase.php in the Ecom Solutions VirtueMart Google Base (aka com_googlebase or Froogle) component 1.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

by NoGe

View