Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-106310 EXPLOITDB text VERIFIED
CuteNews aj-fork - 'path' Remote File Inclusion
by DeltahackingTEAM
CVE-2008-5787 EXPLOITDB text VERIFIED
Arab Portal 2.1 - Path Traversal via mod.php file Parameter
Directory traversal vulnerability in mod.php in Arab Portal 2.1 on Windows allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, in conjunction with a show action.
by Khashayar Fereidani
CVE-2008-6231 EXPLOITDB text VERIFIED
Pre Classified Listing PHP - Unauthenticated Authentication Bypass via Cookie Manipulation
Pre Classified Listing PHP allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
by G4N0K
CVE-2008-6227 EXPLOITDB text VERIFIED
Pre Multi-Vendor Shopping Malls - SQL Injection via buyer_detail.php sid/cid Parameters
SQL injection vulnerability in buyer_detail.php in Pre Multi-Vendor Shopping Malls allows remote attackers to execute arbitrary SQL commands via the (1) sid and (2) cid parameters.
by G4N0K
CVE-2008-2992 EXPLOITDB HIGH text VERIFIED
Adobe Acrobat and Reader < 8.1.2 - Remote Code Execution via util.printf Format String
Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.
by Debasis Mohanty
CVSS 7.8
CVE-2008-2992 EXPLOITDB HIGH text VERIFIED
Adobe Acrobat and Reader < 8.1.2 - Remote Code Execution via util.printf Format String
Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.
by Elazar
CVSS 7.8
CVE-2008-6228 EXPLOITDB text VERIFIED
Pre Multi-Vendor Shopping Malls - Unauthenticated Authentication Bypass via Cookie Manipulation
Pre Multi-Vendor Shopping Malls allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
by G4N0K
CVE-2008-5058 EXPLOITDB text VERIFIED
Pre Simple CMS - SQL Injection via User Parameter
SQL injection vulnerability in siteadmin/loginsucess.php in Pre Simple CMS allows remote attackers to execute arbitrary SQL commands via the user parameter, as reachable from siteadmin/adminlogin.php. NOTE: some of these details are obtained from third party information.
by Hussin X
CVE-2008-6232 EXPLOITDB text VERIFIED
Pre Shopping Mall - Unauthenticated Authentication Bypass via Cookie Manipulation
Pre Shopping Mall allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
by G4N0K
CVE-2008-6796 EXPLOITDB text VERIFIED
Pre Real Estate Listings - SQL Injection via Username Parameter
SQL injection vulnerability in manager/login.php in Pre Projects Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the username1 parameter (aka the Admin field or Username field).
by Cyber-Zone
CVE-2008-6230 EXPLOITDB text VERIFIED
Pre Podcast Portal - SQL Injection via Tour.php id Parameter
SQL injection vulnerability in Tour.php in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.
by G4N0K
CVE-2008-6232 EXPLOITDB text VERIFIED
Pre Shopping Mall - Unauthenticated Authentication Bypass via Cookie Manipulation
Pre Shopping Mall allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
by G4N0K
CVE-2008-6301 EXPLOITDB text VERIFIED
Small ShoutBox 1.4 - SQL Injection via id Parameter
SQL injection vulnerability in shoutbox_view.php in the Small ShoutBox module 1.4 for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter in a delete action.
by StAkeR
EIP-2026-110709 EXPLOITDB text VERIFIED
PHP JOBWEBSITE PRO - Authentication Bypass
by Cyber-Zone
CVE-2008-6226 EXPLOITDB text VERIFIED
Pre Projects PHP Auto Listings Script - SQL Injection via moreinfo.php itemno Parameter
SQL injection vulnerability in moreinfo.php in Pre Projects PHP Auto Listings Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the itemno parameter.
by G4N0K
CVE-2008-6484 EXPLOITDB text VERIFIED
Mole Group Taxi Calc Dist Script - SQL Injection via login.php User Field
SQL injection vulnerability in login.php in Mole Group Taxi Map Script (aka Taxi Calc Dist Script) allows remote attackers to execute arbitrary SQL commands via the user field.
by InjEctOr5
CVE-2008-6225 EXPLOITDB text VERIFIED
Mole Group Airline Ticket Sale Script - SQL Injection via info.php flight parameter
SQL injection vulnerability in info.php in Mole Group Airline Ticket Sale Script allows remote attackers to execute arbitrary SQL commands via the flight parameter. NOTE: the vendor has disputed this issue, stating "crazy hackers and so named Security companies [spread] out such false informations. Such scripts or versions [do not] exist.
by InjEctOr5
CVE-2008-6221 EXPLOITDB text VERIFIED
Dada Mail Manager 2.6 - Remote Code Execution via GLOBALS[mosConfig_absolute_path] Parameter
PHP remote file inclusion vulnerability in config.dadamail.php in the Dada Mail Manager (com_dadamail) component 2.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter.
by NoGe
CVE-2008-6233 EXPLOITDB text VERIFIED
Five Dollar Scripts Drinks - SQL Injection via recid Parameter
SQL injection vulnerability in index.php in Five Dollar Scripts Drinks script allows remote attackers to execute arbitrary SQL commands via the recid parameter.
by Ex Tacy
CVE-2008-6793 EXPLOITDB text VERIFIED
DFLabs PTK 0.1, 0.2, and 1.0 - Remote Command Execution via Filename Shell Metacharacters
The get_file_type function in lib/file_content.php in DFLabs PTK 0.1, 0.2, and 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters after an arg1= sequence in a filename within a forensic image.
by ikki
CVE-2008-6268 EXPLOITDB text VERIFIED
WEBBDOMAIN Multi Languages WebShop Online 1.02 - SQL Injection via detail.php id Parameter
SQL injection vulnerability in detail.php in WEBBDOMAIN Multi Languages WebShop Online 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by G4N0K
CVE-2008-6267 EXPLOITDB text VERIFIED
Multi Languages WebShop Online 1.02 - Cross-Site Scripting via detail.php name Parameter
Cross-site scripting (XSS) vulnerability in detail.php in Multi Languages WebShop Online 1.02 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
by G4N0K
CVE-2008-6223 EXPLOITDB text VERIFIED
Way Of The Warrior 5.0 - Remote Code Execution via plancia Parameter
PHP remote file inclusion vulnerability in visualizza.php in Way Of The Warrior (WOTW) 5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the plancia parameter to crea.php.
by dun
CVE-2008-6220 EXPLOITDB text VERIFIED
Simple Document Management System 1.1.4-1.1.5 - SQL Injection via Login Password Parameter
SQL injection vulnerability in login.php in Simple Document Management System (SDMS) 1.1.5 and 1.1.4, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the pass parameter.
by Yuri
CVE-2008-6224 EXPLOITDB text VERIFIED
Way Of The Warrior < 5.0 - Path Traversal via plancia Parameter
Directory traversal vulnerability in visualizza.php in Way Of The Warrior (WOTW) 5.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the plancia parameter.
by dun