Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-6629 EXPLOITDB text VERIFIED
WEBBDOMAIN Multi Languages WebShop Online 1.02 - Cross-Site Scripting via detail.php name Parameter
Cross-site scripting (XSS) vulnerability in detail.php in WEBBDOMAIN Multi Languages WebShop Online 1.02 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
by G4N0K
CVE-2008-6627 EXPLOITDB text VERIFIED
WEBDOMAIN WebShop <= 1.2 - SQL Injection via getin.php Username Parameter
SQL injection vulnerability in getin.php in WEBBDOMAIN WebShop 1.2, 1.1, 1.02, and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
by Hakxer
CVE-2008-6626 EXPLOITDB text VERIFIED
WEBBDOMAIN Quiz <= 1.02 - SQL Injection via Username Parameter
SQL injection vulnerability in getin.php in WEBBDOMAIN Quiz 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
by Hakxer
CVE-2008-6623 EXPLOITDB text VERIFIED
webbdomain post_card < 1.02 - SQL Injection via Username Parameter
SQL injection vulnerability in getin.php in WEBBDOMAIN Post Card (aka Web Postcards) 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
by x0r
CVE-2008-6622 EXPLOITDB text VERIFIED
webbdomian post_card < 1.02 - SQL Injection via choosecard.php catid Parameter
SQL injection vulnerability in choosecard.php in WEBBDOMAIN Post Card (aka Web Postcards) 1.02, 1.01, and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
by Hussin X
CVE-2008-6625 EXPLOITDB text VERIFIED
WEBBDOMAIN Polls 1.0 and 1.01 - SQL Injection via Username Parameter
SQL injection vulnerability in getin.php in WEBBDOMAIN Polls (aka Poll) 1.0 and 1.01 allows remote attackers to execute arbitrary SQL commands via the username parameter.
by Hakxer
CVE-2008-6624 EXPLOITDB text VERIFIED
WEBBDOMAIN Petition 1.02, 2.0, 3.0 - SQL Injection via Username Parameter
SQL injection vulnerability in getin.php in WEBBDOMAIN Petition 1.02, 2.0, and 3.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.
by Hakxer
CVE-2008-6795 EXPLOITDB text VERIFIED
nicLOR Vibro-School-CMS - SQL Injection via nID Parameter
SQL injection vulnerability in view_news.php in nicLOR Vibro-School-CMS allows remote attackers to execute arbitrary SQL commands via the nID parameter.
by Cyber-Zone
CVE-2008-6795 EXPLOITDB text VERIFIED
nicLOR Vibro-School-CMS - SQL Injection via nID Parameter
SQL injection vulnerability in view_news.php in nicLOR Vibro-School-CMS allows remote attackers to execute arbitrary SQL commands via the nID parameter.
by StAkeR
EIP-2026-112765 EXPLOITDB text VERIFIED
TR News 2.1 - 'login.php' Remote Authentication Bypass
by StAkeR
CVE-2008-6289 EXPLOITDB text VERIFIED
Tours Manager 1.0 - SQL Injection via cityid Parameter
SQL injection vulnerability in cityview.php in Tours Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the cityid parameter.
by G4N0K
CVE-2008-6271 EXPLOITDB text VERIFIED
tbmnetcms 1.0 - Path Traversal via Index.php Content Parameter
Directory traversal vulnerability in index.php in TBmnetCMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the content parameter.
by d3v1l
CVE-2008-6236 EXPLOITDB text VERIFIED
Simple Document Management System 1.1.4-1.1.5 - SQL Injection via Login Parameter
SQL injection vulnerability in login.php in Simple Document Management System (SDMS) 1.1.5 and 1.1.4, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the login parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Yuri
CVE-2008-6290 EXPLOITDB text VERIFIED
nicLOR Sito - Path Traversal via Page File Parameter
Directory traversal vulnerability in includefile.php in nicLOR Sito, when register_globals is enabled or magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the page_file parameter.
by StAkeR
CVE-2007-6586 EXPLOITDB text VERIFIED
nicLOR-CMS - SQL Injection via sezione_news.php id Parameter
SQL injection vulnerability in sezione_news.php in nicLOR-CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a sezione page action to index.php.
by StAkeR
CVE-2008-6483 EXPLOITDB text VERIFIED
VirtueMart Google Base 1.1 - Remote Code Execution via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in admin.googlebase.php in the Ecom Solutions VirtueMart Google Base (aka com_googlebase or Froogle) component 1.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
by NoGe
CVE-2008-6222 EXPLOITDB text VERIFIED
Pro Desk Support Center 1.0 and 1.2 - Path Traversal via Include File Parameter
Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
by d3v1l
CVE-2008-6347 EXPLOITDB text VERIFIED
Onguma Time Sheet 2.0 4b - Remote Code Execution via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in lib/onguma.class.php in the Onguma Time Sheet (com_ongumatimesheet20) 2.0 4b component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
by NoGe
CVE-2008-4931 EXPLOITDB text VERIFIED
firmCHANNEL Digital Signage 3.24 - Cross-Site Scripting via Account Module Action Parameter
Cross-site scripting (XSS) vulnerability in the account module in firmCHANNEL Digital Signage 3.24, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php.
by Brad Antoniewicz
CVE-2008-6297 EXPLOITDB text VERIFIED
dhcart - Cross-Site Scripting via order.php domain and d1 Parameters
Cross-site scripting (XSS) vulnerability in order.php in DHCart allows remote attackers to inject arbitrary web script or HTML via the (1) domain and (2) d1 parameters.
by Lostmon
EIP-2026-106005 EXPLOITDB text VERIFIED
CMS-School 2005 - 'showarticle.php' SQL Injection
by Cyber-Zone
CVE-2008-6504 EXPLOITDB text VERIFIED
OpenSymphony XWork 2.0.x < 2.0.6 and 2.1.x < 2.1.2 - Remote Code Execution via OGNL Context Object Reference
ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
by Meder Kydyraliev
CVE-2008-6505 EXPLOITDB text VERIFIED
Apache Struts 2.0.0-2.0.11 and 2.1.0-2.1.2 - Path Traversal via Encoded Dot-Dot-Slash in URI
Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
by Csaba Barta
CVE-2008-6606 EXPLOITDB text VERIFIED
MatPo Link 1.2 Beta - SQL Injection via id Parameter
SQL injection vulnerability in view.php in MatPo Link 1.2 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Hakxer
CVE-2008-6293 EXPLOITDB text VERIFIED
Acc Real Estate 4.0 - Unauthenticated Authentication Bypass via username_cookie
admin/Index.php in Acc Real Estate 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the username_cookie to "admin."
by Hakxer