Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-6799 EXPLOITDB text VERIFIED
FlashChat 5.0.8 - Unauthenticated Privilege Escalation via Role Filter Bypass
connection.php in FlashChat 5.0.8 allows remote attackers to bypass the role filter mechanism and gain administrative privileges by setting the s parameter to "7."
by eLiSiA
CVE-2008-4604 EXPLOITDB text VERIFIED
Easy CafeEngine 1.1 - SQL Injection via itemid Parameter
SQL injection vulnerability in index.php in Easy CafeEngine 1.1 allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
by 0xFFFFFF
CVE-2008-4602 EXPLOITDB text VERIFIED
Post Affiliate Pro 2.0 - Authenticated Path Traversal via md Parameter
Directory traversal vulnerability in index.php in Post Affiliate Pro 2.0 allows remote authenticated users to read and possibly execute arbitrary local files via a .. (dot dot) in the md parameter.
by ZeN
CVE-2008-4600 EXPLOITDB text VERIFIED
PokerMax Poker League Tournament Script 0.13 - Unauthenticated Authentication Bypass via ValidUserAdmin Cookie
configure.php in PokerMax Poker League Tournament Script 0.13 allows remote attackers to bypass authentication and gain administrative access by setting the ValidUserAdmin cookie.
by DaRkLiFe
EIP-2026-110688 EXPLOITDB text VERIFIED
PHP Easy Downloader 1.5 - 'file' File Disclosure
by LMaster
CVE-2008-4599 EXPLOITDB text VERIFIED
Mosaic Commerce - SQL Injection via category.php cid Parameter
SQL injection vulnerability in category.php in Mosaic Commerce allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by Ali Abbasi
CVE-2008-4687 EXPLOITDB text VERIFIED
Mantis < 1.1.4 - Authenticated Remote Code Execution via Sort Parameter
manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php.
by EgiX
CVE-2008-4632 EXPLOITDB text VERIFIED
Kure 0.6.3 - Path Traversal via Post and Doc Parameters
Multiple directory traversal vulnerabilities in index.php in Kure 0.6.3, when magic_quotes_gpc is disabled, allow remote attackers to read and possibly execute arbitrary local files via a .. (dot dot) in the (1) post and (2) doc parameters.
by JosS
CVE-2008-4606 EXPLOITDB text VERIFIED
IP Reg <= 0.4 - SQL Injection via location_id or vlan_id Parameter
Multiple SQL injection vulnerabilities in IP Reg 0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) location_id parameter to locationdel.php and (2) vlan_id parameter to vlanedit.php. NOTE: the vlanview.php and vlandel.php vectors are already covered by CVE-2007-6579.
by JosS
CVE-2008-4601 EXPLOITDB text VERIFIED
Habari CMS 0.5.1 - Cross-Site Scripting via habari_username Parameter
Cross-site scripting (XSS) vulnerability in the login feature in Habari CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the habari_username parameter.
by faithlove
CVE-2008-4605 EXPLOITDB text VERIFIED
easycafeengine - SQL Injection via id Parameter
SQL injection vulnerability in CafeEngine allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) dish.php and (2) menu.php.
by 0xFFFFFF
EIP-2026-100766 EXPLOITDB text VERIFIED
Calendars for the Web 4.02 - Admin Authentication Bypass
by SecVuln
CVE-2008-4643 EXPLOITDB text VERIFIED
myWebland myStats - SQL Injection via hits.php sortby Parameter
SQL injection vulnerability in hits.php in myWebland myStats allows remote attackers to execute arbitrary SQL commands via the sortby parameter.
by JosS
CVE-2008-1547 EXPLOITDB text VERIFIED
Microsoft Outlook Web Access <6.5.7638 - Open Redirect
Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.
by Martin Suess
CVE-2008-3464 EXPLOITDB text VERIFIED
Windows XP SP2/SP3 and Windows Server 2003 SP1/SP2 - Local Privilege Escalation via AFD Kernel Input Validation
afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability."
by Ruben Santamarta
CVE-2008-4644 EXPLOITDB text VERIFIED
myWebland myStats - IP Address Restriction Bypass via X-Forwarded-For Header
hits.php in myWebland myStats allows remote attackers to bypass IP address restrictions via a modified X-Forwarded-For HTTP header.
by JosS
CVE-2008-4650 EXPLOITDB text VERIFIED
myEvent 1.6 - SQL Injection via viewevent.php eventdate Parameter
SQL injection vulnerability in viewevent.php in myEvent 1.6 allows remote attackers to execute arbitrary SQL commands via the eventdate parameter.
by JosS
CVE-2008-4642 EXPLOITDB text VERIFIED
AstroSPACES 1.1.1 - SQL Injection via Profile ID Parameter
SQL injection vulnerability in profile.php in AstroSPACES 1.1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action.
by TurkishWarriorr
CVE-2008-4558 EXPLOITDB text VERIFIED
VLC media player 0.9.2 - Remote Code Execution via XSPF Playlist Negative Identifier Tag
Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison.
by Core Security
CVE-2008-5665 EXPLOITDB text VERIFIED
XOOPS xhresim module - SQL Injection via index.php no Parameter
SQL injection vulnerability in index.php in the xhresim module in XOOPS allows remote attackers to execute arbitrary SQL commands via the no parameter.
by EcHoLL
EIP-2026-113346 EXPLOITDB text VERIFIED
Webscene eCommerce - 'productlist.php' SQL Injection
by Angela Chang
EIP-2026-112505 EXPLOITDB text VERIFIED
SweetCMS 1.5.2 - 'index.php' SQL Injection
by Dapirates
CVE-2008-4704 EXPLOITDB text VERIFIED
SezHoo 0.1 - Remote Code Execution via IP Parameter
PHP remote file inclusion vulnerability in SezHooTabsAndActions.php in SezHoo 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter.
by DaRkLiFe
CVE-2008-4705 EXPLOITDB text VERIFIED
MyPHPDating - SQL Injection via success_story.php id Parameter
SQL injection vulnerability in success_story.php in php Online Dating Software MyPHPDating allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Hakxer
CVE-2008-4649 EXPLOITDB text VERIFIED
Elxis CMS 2008.1 revision 2204 - Session Fixation via PHPSESSID Parameter
Session fixation vulnerability in Elxis CMS 2008.1 revision 2204 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
by faithlove