Exploitdb Exploits

CVE-2008-5037 EXPLOITDB text VERIFIED

ElkaGroup Image Gallery 1.0 - SQL Injection via view.php cid Parameter

SQL injection vulnerability in view.php in ElkaGroup Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter.

by G4N0K

View

CVE-2008-6438 EXPLOITDB text VERIFIED

MacGuru BLOG Engine Plugin 2.1.4-2.2 - SQL Injection via uid Parameter

SQL injection vulnerability in macgurublog_menu/macgurublog.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2008-2455. NOTE: it was later reported that 2.1.4 is also affected.

by ZoRLu

View

CVE-2008-5066 EXPLOITDB text VERIFIED

Agares Media ThemeSiteScript 1.0 - Remote Code Execution via Frontpage Right PHP File Inclusion

PHP remote file inclusion vulnerability in upload/admin/frontpage_right.php in Agares Media ThemeSiteScript 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter.

by DaRkLiFe

View

CVE-2008-4773 EXPLOITDB text VERIFIED

QuestCMS - Path Traversal via Theme Parameter

Directory traversal vulnerability in main/main.php in QuestCMS allows remote attackers to read arbitrary local files via a .. (dot dot) in the theme parameter.

by d3b4g

View

CVE-2008-4772 EXPLOITDB text VERIFIED

QuestCMS - SQL Injection via obj Parameter

SQL injection vulnerability in main/main.php in QuestCMS allows remote attackers to execute arbitrary SQL commands via the obj parameter.

by d3b4g

View

CVE-2008-4783 EXPLOITDB text VERIFIED

tlAds 1.0 - Unauthenticated Authentication Bypass via tlAds_login Cookie

tlAds 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the tlAds_login cookie to "admin."

by x0r

View

EIP-2026-112556 EXPLOITDB text VERIFIED

Tandis CMS 2.5 - 'index.php' Multiple SQL Injections

by G4N0K

View

CVE-2008-4774 EXPLOITDB text VERIFIED

QuestCMS - Cross-Site Scripting via cx Parameter

Cross-site scripting (XSS) vulnerability in main/main.php in QuestCMS allows remote attackers to inject arbitrary web script or HTML via the cx parameter.

by d3b4g

View

CVE-2008-4775 EXPLOITDB text VERIFIED

phpMyAdmin 3.0.0 - Cross-Site Scripting via db Parameter

Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than CVE-2006-6942 and CVE-2007-5977.

by Hadi Kiamarsi

View

EIP-2026-110550 EXPLOITDB text VERIFIED

Persia BME E-Catalogue - SQL Injection

by BugReport.IR

View

CVE-2008-6815 EXPLOITDB text VERIFIED

myktools 2.4 - Unauthenticated Database Backup Exposure via mykdownload.php

mykdownload.php in MyKtools 2.4 does not require administrative authentication, which allows remote attackers to read a database backup by making a direct request, and then sending an unspecified request to the download page for the backup.

by Stack

View

CVE-2008-4781 EXPLOITDB text VERIFIED

MyKtools 2.4 - Remote File Inclusion via Language Parameter Path Traversal

Directory traversal vulnerability in update.php in MyKtools 2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langage parameter.

by x0r

View

CVE-2008-4780 EXPLOITDB text VERIFIED

MyForum 1.3 - Path Traversal via padmin Parameter

Directory traversal vulnerability in admin/centre.php in MyForum 1.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the padmin parameter.

by Vrs-hCk

View

EIP-2026-109688 EXPLOITDB text VERIFIED

MyBB 1.4.2 - 'moderation.php' Cross-Site Scripting

by Kellanved

View

CVE-2008-4785 EXPLOITDB text VERIFIED

e107 alternate_profiles_plugin - SQL Injection via newuser.php id Parameter

SQL injection vulnerability in newuser.php in the alternate_profiles plugin, possibly 0.2, for e107 allows remote attackers to execute arbitrary SQL commands via the id parameter.

by boom3rang

View

EIP-2026-105428 EXPLOITDB text VERIFIED

bcoos 1.0.13 - 'common.php' Remote File Inclusion

by Cru3l.b0y

View

CVE-2007-6080 EXPLOITDB text VERIFIED

bcoos 1.0.10 and 1.0.13 - SQL Injection via bid Parameter

SQL injection vulnerability in modules/banners/click.php in the banners module for bcoos 1.0.10 allows remote attackers to execute arbitrary SQL commands via the bid parameter. NOTE: it was later reported that 1.0.13 is also affected.

by DeltahackingTEAM

View

CVE-2008-4782 EXPLOITDB text VERIFIED

Aiocp - SQL Injection

SQL injection vulnerability in public/code/cp_polls_results.php in All In One Control Panel (AIOCP) 1.4 allows remote attackers to execute arbitrary SQL commands via the poll_id parameter.

by ExSploiters

View

CVE-2008-4782 EXPLOITDB text VERIFIED

Aiocp - SQL Injection

SQL injection vulnerability in public/code/cp_polls_results.php in All In One Control Panel (AIOCP) 1.4 allows remote attackers to execute arbitrary SQL commands via the poll_id parameter.

by ExSploiters

View

CVE-2008-4250 EXPLOITDB CRITICAL text VERIFIED

Microsoft Windows Server Service - Remote Code Execution via Crafted RPC Request

The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."

by EMM

CVSS 9.8

View

EIP-2026-113883 EXPLOITDB text VERIFIED

WordPress Plugin Media Holder - SQL Injection

by boom3rang

View

CVE-2008-4754 EXPLOITDB text VERIFIED

Scripts for Sites Ez Forum - SQL Injection via Forum Parameter

SQL injection vulnerability in forum.php in Scripts for Sites (SFS) Ez Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter.

by Hurley

View

CVE-2008-4755 EXPLOITDB text VERIFIED

PozScripts Classified Auctions Script - SQL Injection via gotourl.php id Parameter

SQL injection vulnerability in gotourl.php in PozScripts Classified Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

by Hussin X

View

CVE-2008-6826 EXPLOITDB text VERIFIED

MHF Media Pro - OS Command Injection via dhtml.pl page parameter

dhtml.pl in MHF Media Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter, as demonstrated using the (1) advert_top.htm or (2) advert_login.htm pages.

by S0l1D

View

CVE-2008-4752 EXPLOITDB text VERIFIED

TlNews 2.2 - Unauthenticated Authentication Bypass via tlNews_login Cookie

TlNews 2.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlNews_login cookie to admin.

by x0r

View