Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-110550 EXPLOITDB text VERIFIED
Persia BME E-Catalogue - SQL Injection
by BugReport.IR
CVE-2008-6815 EXPLOITDB text VERIFIED
myktools 2.4 - Unauthenticated Database Backup Exposure via mykdownload.php
mykdownload.php in MyKtools 2.4 does not require administrative authentication, which allows remote attackers to read a database backup by making a direct request, and then sending an unspecified request to the download page for the backup.
by Stack
CVE-2008-4781 EXPLOITDB text VERIFIED
MyKtools 2.4 - Remote File Inclusion via Language Parameter Path Traversal
Directory traversal vulnerability in update.php in MyKtools 2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langage parameter.
by x0r
CVE-2008-4780 EXPLOITDB text VERIFIED
MyForum 1.3 - Path Traversal via padmin Parameter
Directory traversal vulnerability in admin/centre.php in MyForum 1.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the padmin parameter.
by Vrs-hCk
EIP-2026-109688 EXPLOITDB text VERIFIED
MyBB 1.4.2 - 'moderation.php' Cross-Site Scripting
by Kellanved
CVE-2008-4785 EXPLOITDB text VERIFIED
e107 alternate_profiles_plugin - SQL Injection via newuser.php id Parameter
SQL injection vulnerability in newuser.php in the alternate_profiles plugin, possibly 0.2, for e107 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by boom3rang
EIP-2026-105428 EXPLOITDB text VERIFIED
bcoos 1.0.13 - 'common.php' Remote File Inclusion
by Cru3l.b0y
CVE-2007-6080 EXPLOITDB text VERIFIED
bcoos 1.0.10 and 1.0.13 - SQL Injection via bid Parameter
SQL injection vulnerability in modules/banners/click.php in the banners module for bcoos 1.0.10 allows remote attackers to execute arbitrary SQL commands via the bid parameter. NOTE: it was later reported that 1.0.13 is also affected.
by DeltahackingTEAM
CVE-2008-4782 EXPLOITDB text VERIFIED
Aiocp - SQL Injection
SQL injection vulnerability in public/code/cp_polls_results.php in All In One Control Panel (AIOCP) 1.4 allows remote attackers to execute arbitrary SQL commands via the poll_id parameter.
by ExSploiters
CVE-2008-4782 EXPLOITDB text VERIFIED
Aiocp - SQL Injection
SQL injection vulnerability in public/code/cp_polls_results.php in All In One Control Panel (AIOCP) 1.4 allows remote attackers to execute arbitrary SQL commands via the poll_id parameter.
by ExSploiters
CVE-2008-4250 EXPLOITDB CRITICAL text VERIFIED
Microsoft Windows Server Service - Remote Code Execution via Crafted RPC Request
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
by EMM
CVSS 9.8
EIP-2026-113883 EXPLOITDB text VERIFIED
WordPress Plugin Media Holder - SQL Injection
by boom3rang
CVE-2008-4754 EXPLOITDB text VERIFIED
Scripts for Sites Ez Forum - SQL Injection via Forum Parameter
SQL injection vulnerability in forum.php in Scripts for Sites (SFS) Ez Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter.
by Hurley
CVE-2008-4755 EXPLOITDB text VERIFIED
PozScripts Classified Auctions Script - SQL Injection via gotourl.php id Parameter
SQL injection vulnerability in gotourl.php in PozScripts Classified Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Hussin X
CVE-2008-6826 EXPLOITDB text VERIFIED
MHF Media Pro - OS Command Injection via dhtml.pl page parameter
dhtml.pl in MHF Media Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter, as demonstrated using the (1) advert_top.htm or (2) advert_login.htm pages.
by S0l1D
CVE-2008-4752 EXPLOITDB text VERIFIED
TlNews 2.2 - Unauthenticated Authentication Bypass via tlNews_login Cookie
TlNews 2.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlNews_login cookie to admin.
by x0r
EIP-2026-108970 EXPLOITDB text VERIFIED
Kasra CMS - 'index.php' Multiple SQL Injections
by G4N0K
CVE-2008-4757 EXPLOITDB text VERIFIED
php-daily - SQL Injection via id or prev Parameter
Multiple SQL injection vulnerabilities in PHP-Daily allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) add_postit.php (b) delete.php, and (c) mod_prest_date.php; and the (2) prev parameter to (d) prest_detail.php.
by 0xFFFFFF
CVE-2008-4756 EXPLOITDB text VERIFIED
PHP-Daily - Cross-Site Scripting via Date Parameter
Cross-site scripting (XSS) vulnerability in add_prest_date.php in PHP-Daily allows remote attackers to inject arbitrary web script or HTML via the date parameter.
by 0xFFFFFF
CVE-2008-4758 EXPLOITDB text VERIFIED
php-daily - Path Traversal via Download File Parameter
Directory traversal vulnerability in download_file.php in PHP-Daily allows remote attackers to read arbitrary local files via a .. (dot dot) in the fichier parameter.
by 0xFFFFFF
CVE-2008-6822 EXPLOITDB text VERIFIED
New Earth Programming Team imgupload 1.0 - Unauthenticated Arbitrary File Upload via uploadp.php
Unrestricted file upload vulnerability in uploadp.php in New Earth Programming Team (NEPT) imgupload (aka Image Uploader) 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and a modified content type, then accessing this file via a direct request, as demonstrated by an upload with an image/jpeg content type. NOTE: some of these details are obtained from third party information.
by Dentrasi
CVE-2008-6166 EXPLOITDB text VERIFIED
jmds com_kbase 1.2 - SQL Injection via id Parameter
SQL injection vulnerability in the KBase (com_kbase) 1.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php.
by H!tm@N
EIP-2026-108210 EXPLOITDB text VERIFIED
Joomla! Component archaic binary Gallery 0.2 - Directory Traversal
by H!tm@N
CVE-2008-4751 EXPLOITDB text VERIFIED
iPei Guestbook 2.0 - Cross-Site Scripting via pg Parameter
Cross-site scripting (XSS) vulnerability in index.php in iPei Guestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the pg parameter, a different vector than CVE-2005-4597.
by Ghost Hacker
CVE-2008-4759 EXPLOITDB text VERIFIED
buzzywall 1.3.1 - Path Traversal via Download ID Parameter
Directory traversal vulnerability in download.php in BuzzyWall 1.3.1 allows remote attackers to read arbitrary local files via a .. (dot dot) in the id parameter.
by b3hz4d