Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-4878 EXPLOITDB text VERIFIED
WebCards < 1.3 - Authenticated Arbitrary File Upload via Add Image Macro
Unrestricted file upload vulnerability in the "Add Image Macro" feature in WebCards 1.3 allows remote authenticated administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the uploaded file.
by t0pP8uZz
CVE-2008-6216 EXPLOITDB text VERIFIED
Venalsur Booking Centre Booking System for Hotels Group - SQL Injection via OfertaID Parameter
SQL injection vulnerability in cadena_ofertas_ext.php in Venalsur Booking Centre Booking System for Hotels Group allows remote attackers to execute arbitrary SQL commands via the OfertaID parameter.
by d3b4g
CVE-2008-6214 EXPLOITDB text VERIFIED
Harlandscripts Pro Traffic One - SQL Injection via poll_results.php id Parameter
SQL injection vulnerability in poll_results.php in Harlandscripts Pro Traffic One allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Hussin X
CVE-2008-5068 EXPLOITDB text VERIFIED
Kmita Gallery - Cross-Site Scripting via Begin and Searchtext Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Kmita Gallery allow remote attackers to inject arbitrary web script or HTML via the (1) begin parameter to index.php and the (2) searchtext parameter to search.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by cize0f
CVE-2008-6213 EXPLOITDB text VERIFIED
Harlandscripts Pro Traffic One - SQL Injection via trg Parameter in mypage.php
SQL injection vulnerability in mypage.php in Harlandscripts Pro Traffic One allows remote attackers to execute arbitrary SQL commands via the trg parameter.
by Beenu Arora
EIP-2026-107546 EXPLOITDB text VERIFIED
H2O-CMS 3.4 - Insecure Cookie Handling
by Stack
CVE-2008-6217 EXPLOITDB text VERIFIED
Extrakt Framework 0.7 - Cross-Site Scripting via plugins[file][id] Parameter
Cross-site scripting (XSS) vulnerability in index.php in Extrakt Framework 0.7 allows remote attackers to inject arbitrary web script or HTML via the plugins[file][id] parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ShockShadow
EIP-2026-106674 EXPLOITDB text VERIFIED
e107 plugin fm pro 1 - File Disclosure / Arbitrary File Upload / Directory Traversal
by GoLd_M
CVE-2008-4873 EXPLOITDB text VERIFIED
Sepal SPBOARD 4.5 - Remote Command Execution via board.cgi file Parameter
board.cgi in Sepal SPBOARD 4.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter during a down_file action.
by GoLd_M
EIP-2026-100275 EXPLOITDB text VERIFIED
Dorsa CMS - 'Default_.aspx' Cross-Site Scripting
by Pouya_Server
CVE-2008-5065 EXPLOITDB text VERIFIED
Easy-script Tlguesbook - Authentication Bypass
TlGuestBook 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlGuestBook_login cookie to admin.
by x0r
CVE-2008-5039 EXPLOITDB text VERIFIED
PHP-Nuke League module - Cross-Site Scripting via tid Parameter
Cross-site scripting (XSS) vulnerability in the League module for PHP-Nuke, possibly 2.4, allows remote attackers to inject arbitrary web script or HTML via the tid parameter in a team action to modules.php.
by Ehsan_Hp200
EIP-2026-110552 EXPLOITDB text VERIFIED
PersianBB - 'id' SQL Injection
by Hussin X
CVE-2008-5040 EXPLOITDB text VERIFIED
Graphiks MyForum 1.3 - Unauthenticated Authentication Bypass via Cookie Manipulation
Graphiks MyForum 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the (1) myforum_login and (2) myforum_pass cookies to 1.
by Stack
CVE-2008-5067 EXPLOITDB text VERIFIED
Kmita Catalogue 2.x - Cross-Site Scripting via Search Parameter
Cross-site scripting (XSS) vulnerability in search.php in Kmita Catalogue 2.x allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by cize0f
CVE-2008-5064 EXPLOITDB text VERIFIED
H&H WebSoccer 2.80 - SQL Injection via liga.php id Parameter
SQL injection vulnerability in liga.php in H&H WebSoccer 2.80 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by d3v1l
CVE-2008-5037 EXPLOITDB text VERIFIED
ElkaGroup Image Gallery 1.0 - SQL Injection via view.php cid Parameter
SQL injection vulnerability in view.php in ElkaGroup Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by G4N0K
CVE-2008-6438 EXPLOITDB text VERIFIED
MacGuru BLOG Engine Plugin 2.1.4-2.2 - SQL Injection via uid Parameter
SQL injection vulnerability in macgurublog_menu/macgurublog.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2008-2455. NOTE: it was later reported that 2.1.4 is also affected.
by ZoRLu
CVE-2008-5066 EXPLOITDB text VERIFIED
Agares Media ThemeSiteScript 1.0 - Remote Code Execution via Frontpage Right PHP File Inclusion
PHP remote file inclusion vulnerability in upload/admin/frontpage_right.php in Agares Media ThemeSiteScript 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter.
by DaRkLiFe
CVE-2008-4773 EXPLOITDB text VERIFIED
QuestCMS - Path Traversal via Theme Parameter
Directory traversal vulnerability in main/main.php in QuestCMS allows remote attackers to read arbitrary local files via a .. (dot dot) in the theme parameter.
by d3b4g
CVE-2008-4772 EXPLOITDB text VERIFIED
QuestCMS - SQL Injection via obj Parameter
SQL injection vulnerability in main/main.php in QuestCMS allows remote attackers to execute arbitrary SQL commands via the obj parameter.
by d3b4g
CVE-2008-4783 EXPLOITDB text VERIFIED
tlAds 1.0 - Unauthenticated Authentication Bypass via tlAds_login Cookie
tlAds 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the tlAds_login cookie to "admin."
by x0r
EIP-2026-112556 EXPLOITDB text VERIFIED
Tandis CMS 2.5 - 'index.php' Multiple SQL Injections
by G4N0K
CVE-2008-4774 EXPLOITDB text VERIFIED
QuestCMS - Cross-Site Scripting via cx Parameter
Cross-site scripting (XSS) vulnerability in main/main.php in QuestCMS allows remote attackers to inject arbitrary web script or HTML via the cx parameter.
by d3b4g
CVE-2008-4775 EXPLOITDB text VERIFIED
phpMyAdmin 3.0.0 - Cross-Site Scripting via db Parameter
Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than CVE-2006-6942 and CVE-2007-5977.
by Hadi Kiamarsi