Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-4648 EXPLOITDB text VERIFIED
Elxis CMS 2008.1 revision 2204 - Cross-Site Scripting via PATH_INFO or Multiple Parameters
Cross-site scripting (XSS) vulnerability in index.php in Elxis CMS 2008.1 revision 2204 allows remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO or the (2) option, (3) Itemid, (4) id, (5) task, (6) bid, and (7) contact_id parameters. NOTE: the error might be located in modules/mod_language.php, and index.php might be the interaction point.
by faithlove
EIP-2026-101464 EXPLOITDB text VERIFIED
Telecom Italia Alice Pirelli routers - Backdoor from internal LAN/WAN
by saxdax & drpepperONE
EIP-2026-110485 EXPLOITDB text VERIFIED
ParsBlogger - 'links.asp' SQL Injection
by Hussin X
CVE-2008-4662 EXPLOITDB text VERIFIED
LokiCMS 0.3.4 - Unauthenticated Path Traversal via Language Parameter
Directory traversal vulnerability in admin.php in LokiCMS 0.3.4, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
by JosS
CVE-2008-6179 EXPLOITDB text VERIFIED
IndexScript 3.0 - SQL Injection via sug_cat.php parent_id Parameter
SQL injection vulnerability in sug_cat.php in IndexScript 3.0 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter, a different vector than CVE-2007-4069.
by d3v1l
CVE-2008-5707 EXPLOITDB text VERIFIED
Iltaweb Alisveris Sistemi - SQL Injection
SQL injection vulnerability in urunler.asp in Iltaweb Alisveris Sistemi allows remote attackers to execute arbitrary SQL commands via the catno parameter.
by tRoot
CVE-2008-5580 EXPLOITDB text VERIFIED
mini-pub 0.3 - Remote Command Execution via sFileName Argument
mini-pub.php/front-end/cat.php in mini-pub 0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the sFileName argument.
by muuratsalo
CVE-2008-5579 EXPLOITDB text VERIFIED
mini-pub 0.3 - Path Traversal via sFileName Parameter
Absolute path traversal vulnerability in mini-pub.php/front-end/cat.php in mini-pub 0.3 allows remote attackers to read arbitrary files via a full pathname in the sFileName parameter.
by muuratsalo
CVE-2008-5883 EXPLOITDB text VERIFIED
mini-pub < 0.3 - Unauthenticated Path Traversal via sDir Parameter
Absolute path traversal vulnerability in front-end/dir.php in mini-pub 0.3 and earlier allows remote attackers to list arbitrary directories via a full pathname in the sDir parameter.
by GoLd_M
CVE-2008-2245 EXPLOITDB text VERIFIED
Windows 2000/XP/Server 2003 - Remote Code Execution via Crafted Image File
Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.
by Ac!dDrop
CVE-2008-4570 EXPLOITDB text VERIFIED
Real Estate Classifieds - SQL Injection via cat Parameter
SQL injection vulnerability in index.php in Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter.
by Hakxer
CVE-2008-6180 EXPLOITDB text VERIFIED
NewLife Blogger < 3.0 - SQL Injection via nlb3 Cookie
SQL injection vulnerability in system/nlb_user.class.php in NewLife Blogger 3.0 and earlier, and possibly 3.3.1, allows remote attackers to execute arbitrary SQL commands via the nlb3 cookie.
by Pepelux
CVE-2008-6183 EXPLOITDB text VERIFIED
My PHP Indexer 1.0 - Path Traversal via d and f Parameters
Multiple directory traversal vulnerabilities in index.php in My PHP Indexer 1.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) d and (2) f parameters.
by JosS
CVE-2008-5936 EXPLOITDB text VERIFIED
mini-pub <= 0.3 - Unauthenticated Arbitrary File Read via sFileName Parameter
front-end/edit.php in mini-pub 0.3 and earlier allows remote attackers to read files and obtain PHP source code via a filename in the sFileName parameter.
by GoLd_M
CVE-2008-5581 EXPLOITDB text VERIFIED
mini-pub 0.3 - Remote File Inclusion via sFileName Parameter
PHP remote file inclusion vulnerability in mini-pub.php/front-end/img.php in mini-pub 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the sFileName parameter.
by muuratsalo
CVE-2008-5965 EXPLOITDB text VERIFIED
LokiCMS <= 0.3.4 - Path Traversal via Page Parameter
Directory traversal vulnerability in index.php in LokiCMS 0.3.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to check for the existence of arbitrary files via a .. (dot dot) in the page parameter.
by JosS
CVE-2008-6184 EXPLOITDB text VERIFIED
OwnBiblio 1.5.3 - SQL Injection via catid Parameter
SQL injection vulnerability in the OwnBiblio (com_ownbiblio) component 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a catalogue action to index.php.
by H!tm@N
EIP-2026-108395 EXPLOITDB text VERIFIED
Joomla! Component com_jeux - 'id' SQL Injection
by H!tm@N
EIP-2026-106779 EXPLOITDB text VERIFIED
EEB-CMS 0.95 - 'index.php' Cross-Site Scripting
by d3v1l
CVE-2008-4569 EXPLOITDB text VERIFIED
XIGLA Absolute Poll Manager XE 4.1 - SQL Injection via xlacomments.asp p Parameter
SQL injection vulnerability in xlacomments.asp in XIGLA Software Absolute Poll Manager XE 4.1 allows remote attackers to execute arbitrary SQL commands via the p parameter.
by Hakxer
CVE-2008-6181 EXPLOITDB text VERIFIED
com_mad4joomla < 1.1.8.2 - SQL Injection via jid Parameter
SQL injection vulnerability in the Mad4Joomla Mailforms (com_mad4joomla) component before 1.1.8.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the jid parameter to index.php.
by H!tm@N
CVE-2008-6182 EXPLOITDB text VERIFIED
Joomla Ignitegallery - SQL Injection
SQL injection vulnerability in the Ignite Gallery (com_ignitegallery) component 0.8.0 through 0.8.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gallery parameter in a view action to index.php.
by H!tm@N
EIP-2026-106728 EXPLOITDB text VERIFIED
Easynet4u Link Host - 'cat_id' SQL Injection
by BeyazKurt
EIP-2026-106726 EXPLOITDB text VERIFIED
Easynet4u Forum Host - 'forum.php' SQL Injection
by SuB-ZeRo
EIP-2026-106725 EXPLOITDB text VERIFIED
Easynet4u faq Host - 'faq.php' SQL Injection
by SuB-ZeRo