Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-6292 EXPLOITDB text VERIFIED
Acc Autos 4.0 - Unauthenticated Authentication Bypass via Cookie Manipulation
Acc Autos 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the (1) username_cookie to "admin," (2) right_cookie to "1," and (3) id_cookie to "1."
by x0r
CVE-2008-6270 EXPLOITDB text VERIFIED
Dragan Mitic Apoll 0.7 beta and 0.7.5 - SQL Injection via User Parameter
SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll 0.7 beta and 0.7.5 allows remote attackers to execute arbitrary SQL command via the user parameter.
by ZoRLu
CVE-2006-2770 EXPLOITDB text VERIFIED
pppblog < 0.3.8 - Directory Traversal via File Array Parameter
Directory traversal vulnerability in randompic.php in pppBLOG 0.3.8 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an index of the "file" array parameter, as demonstrated by file[0].
by JosS
CVE-2008-6606 EXPLOITDB text VERIFIED
MatPo Link 1.2 Beta - SQL Injection via id Parameter
SQL injection vulnerability in view.php in MatPo Link 1.2 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter.
by ZoRLu
CVE-2008-6607 EXPLOITDB text VERIFIED
MatPo Link 1.2 Beta - Cross-Site Scripting via Thema Parameter
Cross-site scripting (XSS) vulnerability in view.php in MatPo Link 1.2 Beta allows remote attackers to inject arbitrary web script or HTML via the thema parameter.
by Hakxer
CVE-2008-6526 EXPLOITDB text VERIFIED
BosDev BosClassifieds - SQL Injection via cat_id Parameter
SQL injection vulnerability in index.php in BosDev BosClassifieds allows remote attackers to execute arbitrary SQL commands via the cat_id parameter, a different vector than CVE-2008-1838.
by ZoRLu
CVE-2008-6272 EXPLOITDB text VERIFIED
Dragan Mitic Apoll 0.7 beta and 0.7.5 - SQL Injection via Admin Index Pass Parameter
SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll 0.7 beta and 0.7.5 allows remote attackers to execute arbitrary SQL command via the pass parameter.
by ZoRLu
CVE-2008-6294 EXPLOITDB text VERIFIED
Acc Statistics 1.1 - Unauthenticated Authentication Bypass via username_cookie
admin/Index.php in Acc Statistics 1.1 allows remote attackers to bypass authentication and gain administrative access by setting the username_cookie cookie to "admin."
by Hakxer
CVE-2008-6294 EXPLOITDB text VERIFIED
Acc Statistics 1.1 - Unauthenticated Authentication Bypass via username_cookie
admin/Index.php in Acc Statistics 1.1 allows remote attackers to bypass authentication and gain administrative access by setting the username_cookie cookie to "admin."
by Hakxer
CVE-2008-6291 EXPLOITDB text VERIFIED
Acc PHP eMail 1.1 - Unauthenticated Authentication Bypass via NEWSLETTERLOGIN Cookie
Acc PHP eMail 1.1 allows remote attackers to bypass authentication and gain administrative access by setting the NEWSLETTERLOGIN cookie to "admin".
by Hakxer
CVE-2008-6294 EXPLOITDB text VERIFIED
Acc Statistics 1.1 - Unauthenticated Authentication Bypass via username_cookie
admin/Index.php in Acc Statistics 1.1 allows remote attackers to bypass authentication and gain administrative access by setting the username_cookie cookie to "admin."
by x0r
CVE-2006-7234 EXPLOITDB text VERIFIED
lynx < 2.8.6rel.4 - Unauthenticated Remote Code Execution via Malicious .mailcap or mime.types Files
Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory.
by Piotr Engelking
CVE-2008-6684 EXPLOITDB text VERIFIED
Apartment Search Script - Unauthenticated Arbitrary File Upload via editimage.php GIF Header Bypass
Unrestricted file upload vulnerability in editimage.php in Apartment Search Script allows remote attackers to execute arbitrary code by uploading a file with an executable extension and a GIF header, then accessing this file via a direct request to a renamed file in Member_Admin/logo/.
by ZoRLu
CVE-2008-4887 EXPLOITDB text VERIFIED
NetRisk < 2.0 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in NetRisk 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) profile page (profile.php) or (2) game page (game.php). NOTE: some of these details are obtained from third party information.
by StAkeR
CVE-2008-4886 EXPLOITDB text VERIFIED
YourFreeWorld Shopping Cart Script - SQL Injection via index.php c Parameter
SQL injection vulnerability in index.php in YourFreeWorld Shopping Cart Script allows remote attackers to execute arbitrary SQL commands via the c parameter.
by Hussin X
CVE-2008-4895 EXPLOITDB text VERIFIED
YourFreeWorld Downline Builder - SQL Injection via tr.php id Parameter
SQL injection vulnerability in tr.php in YourFreeWorld Downline Builder allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Hussin X
CVE-2008-4888 EXPLOITDB text VERIFIED
netrisk < 2.0 - Cross-Site Scripting via Error Parameter
Cross-site scripting (XSS) vulnerability in error.php in NetRisk 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter to index.php. NOTE: some of these details are obtained from third party information.
by StAkeR
CVE-2008-4880 EXPLOITDB text VERIFIED
Maran PHP Shop - SQL Injection via prodshow.php id Parameter
SQL injection vulnerability in prodshow.php in Maran PHP Shop allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-4879.
by d3v1l
CVE-2008-4879 EXPLOITDB text VERIFIED
Maran PHP Shop - SQL Injection via prod.php cat Parameter
SQL injection vulnerability in prod.php in Maran PHP Shop allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2008-4880.
by JosS
CVE-2008-6296 EXPLOITDB text VERIFIED
Maran PHP Shop - Unauthenticated Authentication Bypass via User Cookie
admin.php in Maran PHP Shop allows remote attackers to bypass authentication and gain administrative access by setting the user cookie to "demo."
by JosS
CVE-2008-6269 EXPLOITDB text VERIFIED
Joovili 3.1.4 - Unauthenticated Authentication Bypass via Cookie Manipulation
Joovili 3.1.4 allows remote attackers to bypass authentication and gain privileges as other users, including the administrator, by setting the (1) session_id, session_logged_in, and session_username cookies for user privileges; (2) session_admin_id, session_admin_username, and session_admin cookies for admin privileges; and (3) session_staff_id, session_staff_username, and session_staff cookies for staff users.
by ZoRLu
CVE-2008-4178 EXPLOITDB text VERIFIED
Downline Goldmine Builder and Addons - SQL Injection via id Parameter
SQL injection vulnerability in tr.php in DownlineGoldmine Special Category Addon, Downline Builder Pro, New Addon, and Downline Goldmine Builder allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
by Hussin X
CVE-2008-4178 EXPLOITDB text VERIFIED
Downline Goldmine Builder and Addons - SQL Injection via id Parameter
SQL injection vulnerability in tr.php in DownlineGoldmine Special Category Addon, Downline Builder Pro, New Addon, and Downline Goldmine Builder allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
by Hussin X
CVE-2008-6683 EXPLOITDB text VERIFIED
Apartment Search Script - Cross-Site Scripting via r Parameter
Cross-site scripting (XSS) vulnerability in listtest.php in Apartment Search Script allows remote attackers to inject arbitrary web script or HTML via the r parameter.
by ZoRLu
CVE-2008-4890 EXPLOITDB text VERIFIED
1st News 4 Professional - SQL Injection via products.php id Parameter
SQL injection vulnerability in products.php in 1st News 4 Professional (PR 1) allows remote attackers to execute arbitrary SQL commands via the id parameter.
by TR-ShaRk