Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-6080 EXPLOITDB text VERIFIED
com_ionfiles 4.4.2 - Path Traversal via File Parameter
Directory traversal vulnerability in download.php in the ionFiles (com_ionfiles) 4.4.2 component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
by Vrs-hCk
CVE-2008-6076 EXPLOITDB text VERIFIED
Joomla! com_dailymessage 1.0.3 - SQL Injection
SQL injection vulnerability in the Daily Message (com_dailymessage) 1.0.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by H!tm@N
CVE-2008-6084 EXPLOITDB text VERIFIED
Iamma Simple Gallery <=2.0 - Unauthenticated Arbitrary File Upload RCE via pages/download.php
Unrestricted file upload vulnerability in pages/download.php in Iamma Simple Gallery 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory.
by x0r
CVE-2008-2469 EXPLOITDB text VERIFIED
libspf2 < 1.2.8 - Remote Code Execution via DNS TXT Record Length Field
Heap-based buffer overflow in the SPF_dns_resolv_lookup function in Spf_dns_resolv.c in libspf2 before 1.2.8 allows remote attackers to execute arbitrary code via a long DNS TXT record with a modified length field.
by Dan Kaminsky
EIP-2026-100276 EXPLOITDB text VERIFIED
DorsaCMS - 'ShowPage.aspx' SQL Injection
by syst3m_f4ult
EIP-2026-112026 EXPLOITDB text VERIFIED
ShopMaker CMS 1.0 - 'id' SQL Injection
by Hussin X
CVE-2008-6802 EXPLOITDB text VERIFIED
phPhotoGallery 0.92 - SQL Injection via Username and Password Fields
Multiple SQL injection vulnerabilities in index.php in phPhotoGallery 0.92 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by KnocKout
CVE-2008-6078 EXPLOITDB text VERIFIED
Limbo CMS com_privmsg - SQL Injection via id Parameter
SQL injection vulnerability in open.php in the Private Messaging (com_privmsg) component for Limbo CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a pms action to index.php.
by StAkeR
CVE-2008-6177 EXPLOITDB text VERIFIED
LightBlog 9.8 - Path Traversal and Arbitrary File Execution via Username Parameter
Multiple directory traversal vulnerabilities in LightBlog 9.8, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) username parameter to view_member.php, (2) username_post parameter to login.php, and the (3) Lightblog_username cookie parameter to check_user.php.
by JosS
EIP-2026-103790 EXPLOITDB text VERIFIED
NXP Semiconductors MIFARE Classic Smartcard - Multiple Vulnerabilities
by Flavio D. Garcia
CVE-2008-6803 EXPLOITDB text VERIFIED
Yigit Aybuga Dizi Portali - SQL Injection via diziler.asp id Parameter
SQL injection vulnerability in diziler.asp in Yigit Aybuga Dizi Portali allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by CyberGrup Lojistik
CVE-2008-6075 EXPLOITDB text VERIFIED
Bahar Download Script 2.0 - SQL Injection
SQL injection vulnerability in aspkat.asp in Bahar Download Script 2.0 allows remote attackers to execute arbitrary SQL commands via the kid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by CyberGrup Lojistik
CVE-2008-3205 EXPLOITDB text VERIFIED
Easy-Script Wysi Wiki Wyg 1.0 - Path Traversal
Directory traversal vulnerability in index.php in Easy-Script Wysi Wiki Wyg 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the c parameter.
by StAkeR
CVE-2008-5322 EXPLOITDB text VERIFIED
Wysi Wiki Wyg 1.0 - Info Disclosure
Wysi Wiki Wyg 1.0 allows remote attackers to obtain system information via an invalid categup parameter to index.php, which calls the phpinfo function.
by StAkeR
CVE-2008-4653 EXPLOITDB text VERIFIED
Makale 0.26 - SQL Injection via id Parameter
SQL injection vulnerability in makale.php in Makale 0.26 and possibly other versions, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
by EcHoLL
CVE-2008-5323 EXPLOITDB text VERIFIED
Wysi Wiki Wyg 1.0 - Cross-Site Scripting via Index.php s Parameter
Cross-site scripting (XSS) vulnerability in index.php in Wysi Wiki Wyg 1.0 allows remote attackers to inject arbitrary web script or HTML via the s parameter.
by StAkeR
CVE-2008-6779 EXPLOITDB text VERIFIED
PHP-Nuke Sarkilar Module - SQL Injection via id Parameter
SQL injection vulnerability in the Sarkilar module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a showcontent action to modules.php.
by r45c4l
CVE-2008-4623 EXPLOITDB text VERIFIED
DS-Syndicate 1.1.1 - SQL Injection via feed_id Parameter
SQL injection vulnerability in the DS-Syndicate (com_ds-syndicate) component 1.1.1 for Joomla allows remote attackers to execute arbitrary SQL commands via the feed_id parameter to index2.php.
by boom3rang
CVE-2008-4651 EXPLOITDB text VERIFIED
Jetbox CMS 2.1 - Authenticated SQL Injection via orderby Parameter or nav_id Parameter
Multiple SQL injection vulnerabilities in Jetbox CMS 2.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby parameter to admin/cms/images.php and the (2) nav_id parameter in an editrecord action to admin/cms/nav.php.
by Omer Singer
CVE-2008-4651 EXPLOITDB text VERIFIED
Jetbox CMS 2.1 - Authenticated SQL Injection via orderby Parameter or nav_id Parameter
Multiple SQL injection vulnerabilities in Jetbox CMS 2.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby parameter to admin/cms/images.php and the (2) nav_id parameter in an editrecord action to admin/cms/nav.php.
by Omer Singer
CVE-2008-4626 EXPLOITDB text VERIFIED
yappa-ng 2.3.2-2.3.3-beta0 - Path Traversal via Album Parameter
Directory traversal vulnerability in index.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 and possibly other versions through 2.3.3-beta0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the album parameter.
by Vrs-hCk
CVE-2008-4624 EXPLOITDB text VERIFIED
Fast Click SQL Lite 1.1.7 - Remote Code Execution via CFG[CDIR] Parameter
PHP remote file inclusion vulnerability in init.php in Fast Click SQL Lite 1.1.7, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CFG[CDIR] parameter.
by NoGe
CVE-2008-4621 EXPLOITDB text VERIFIED
ZeeScripts Zeeproperty - SQL Injection via bannerclick.php adid Parameter
SQL injection vulnerability in bannerclick.php in ZeeScripts Zeeproperty allows remote attackers to execute arbitrary SQL commands via the adid parameter.
by Hussin X
CVE-2008-4622 EXPLOITDB text VERIFIED
phpfastnews 1.0.0 - Unauthenticated Authentication Bypass via Cookie Manipulation
The isLoggedIn function in fastnews-code.php in phpFastNews 1.0.0 allows remote attackers to bypass authentication and gain administrative access by setting the fn-loggedin cookie to 1.
by Qabandi
CVE-2008-4625 EXPLOITDB text VERIFIED
ShiftThis Newsletter - SQL Injection via Newsletter Parameter
SQL injection vulnerability in stnl_iframe.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the newsletter parameter, a different vector than CVE-2008-0683.
by r45c4l