Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-102625 EXPLOITDB text VERIFIED
KDE Konqueror 3.5.9 - JavaScript 'load' Denial of Service
by Jeremy Brown
EIP-2026-101058 EXPLOITDB text VERIFIED
Nokia Web Browser for S60 - Infinite Array Sort Denial of Service
by Luca Carettoni
EIP-2026-101053 EXPLOITDB text VERIFIED
Nokia Mini Map Browser - 'Array Sort' Silent Crash
by ikki
CVE-2008-4573 EXPLOITDB text VERIFIED
MunzurSoft Web Portal W3 - SQL Injection via kategori.asp kat Parameter
SQL injection vulnerability in kategori.asp in MunzurSoft Wep Portal W3 allows remote attackers to execute arbitrary SQL commands via the kat parameter.
by LUPUS
CVE-2008-4574 EXPLOITDB text VERIFIED
Ayco Okul Portali - SQL Injection via default.asp linkid Parameter
SQL injection vulnerability in default.asp in Ayco Okul Portali allows remote attackers to execute arbitrary SQL commands via the linkid parameter.
by Crackers_Child
CVE-2008-6086 EXPLOITDB text VERIFIED
Camera Life 2.6.2b4 - SQL Injection
SQL injection vulnerability in album.php in Camera Life 2.6.2b4 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3355.
by BackDoor
CVE-2008-6187 EXPLOITDB text VERIFIED
Gforge < 4.5.19 - SQL Injection via release_id Parameter
SQL injection vulnerability in frs/shownotes.php in Gforge 4.5.19 and earlier allows remote attackers to execute arbitrary SQL commands via the release_id parameter.
by beford
CVE-2008-6090 EXPLOITDB text VERIFIED
ScriptsEz Mini Hosting Panel - Path Traversal
Directory traversal vulnerability in members.php in ScriptsEz Mini Hosting Panel allows remote attackers to read arbitrary local files via a .. (dot dot) in the dir parameter in a view action.
by JosS
CVE-2008-6089 EXPLOITDB text VERIFIED
ScriptsEz Easy Image Downloader - Path Traversal
Directory traversal vulnerability in main.php in ScriptsEz Easy Image Downloader allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a download action.
by JosS
CVE-2008-6088 EXPLOITDB text VERIFIED
com_joomtracker 1.01 - SQL Injection via id Parameter
SQL injection vulnerability in the Joomtracker (com_joomtracker) 1.01 module for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a tordetails action to index.php.
by rsauron
EIP-2026-107952 EXPLOITDB text VERIFIED
IranMC Arad Center - SQL Injection
by Hussin X
CVE-2008-6188 EXPLOITDB text VERIFIED
Gforge < 4.6rc1 - SQL Injection via skill_edit[] Parameter
SQL injection vulnerability in people/editprofile.php in Gforge 4.6 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_edit[] parameter.
by beford
CVE-2008-6189 EXPLOITDB text VERIFIED
GForge 4.5.19 - SQL Injection via Offset Parameter
SQL injection vulnerability in GForge 4.5.19 allows remote attackers to execute arbitrary SQL commands via the offset parameter to (1) new/index.php, (2) news/index.php, and (3) top/topusers.php, which is not properly handled in database-pgsql.php.
by beford
CVE-2008-6087 EXPLOITDB text VERIFIED
Camera Life 2.6.2b4 - Cross-Site Scripting via Topic Name Parameter
Cross-site scripting (XSS) vulnerability in topic.php in Camera Life 2.6.2b4 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
by BackDoor
CVE-2008-5869 EXPLOITDB text VERIFIED
Proxim Wireless Tsunami MP.11 2411 - XSS
Cross-site scripting (XSS) vulnerability in the Proxim Wireless Tsunami MP.11 2411 with firmware 3.0.3 allows remote authenticated users to inject arbitrary web script or HTML via the system.sysName.0 SNMP OID.
by Adrian Pastor
CVE-2008-6138 EXPLOITDB text VERIFIED
WebBiscuits Modules Controller <1.1 - RCE
PHP remote file inclusion vulnerability in adminhead.php in WebBiscuits Modules Controller 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter.
by GoLd_M
CVE-2008-6154 EXPLOITDB text VERIFIED
Hispah Text Links Ads 1.1 - SQL Injection via idcat Parameter
SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1 allows remote attackers to execute arbitrary SQL commands via the idcat parameter.
by InjEctOr5
CVE-2008-1436 EXPLOITDB text VERIFIED
Microsoft Windows XP-Vista-2003-2008 - Privilege Escalation
Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.
by Cesar Cerrudo
CVE-2008-6139 EXPLOITDB text VERIFIED
WebBiscuits Modules Controller 1.1 - Path Traversal
Directory traversal vulnerability in faqsupport/wce.download.php in WebBiscuits Modules Controller 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the download parameter.
by GoLd_M
CVE-2008-4694 EXPLOITDB text VERIFIED
Opera < 9.60 - Remote Code Execution via Crafted Redirect URL
Unspecified vulnerability in Opera before 9.60 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a redirect that specifies a crafted URL.
by MATASANOS
CVE-2008-6155 EXPLOITDB text VERIFIED
Hispah Text Links Ads 1.1 - SQL Injection via idtl Parameter
SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1 allows remote attackers to execute arbitrary SQL commands via the idtl parameter in a buy action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by InjEctOr5
EIP-2026-106434 EXPLOITDB text VERIFIED
DFFFrameworkAPI - 'DFF_config[dir_include]' Multiple Remote File Inclusions
by GoLd_M
CVE-2008-4502 EXPLOITDB text VERIFIED
DataFeedFile PHP Framework API - Remote Code Execution via DFF_config[dir_include] Parameter
Multiple PHP remote file inclusion vulnerabilities in DataFeedFile (DFF) PHP Framework API allow remote attackers to execute arbitrary PHP code via a URL in the DFF_config[dir_include] parameter to (1) DFF_affiliate_client_API.php, (2) DFF_featured_prdt.func.php, (3) DFF_mer.func.php, (4) DFF_mer_prdt.func.php, (5) DFF_paging.func.php, (6) DFF_rss.func.php, and (7) DFF_sku.func.php in include/.
by GoLd_M
CVE-2008-6156 EXPLOITDB text VERIFIED
AdMan 1.1.20070907 - Authenticated SQL Injection via editCampaign.php campaignId Parameter
SQL injection vulnerability in editCampaign.php in AdMan 1.1.20070907 allows remote authenticated users to execute arbitrary SQL commands via the campaignId parameter.
by SuB-ZeRo
CVE-2008-5712 EXPLOITDB text VERIFIED
KDE Konqueror 3.5.9 - Denial of Service via Long HTML Color Attribute
The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via (1) a long COLOR attribute in an HR element; or a long (a) BGCOLOR or (b) BORDERCOLOR attribute in a (2) TABLE, (3) TD, or (4) TR element. NOTE: the FONT vector is already covered by CVE-2008-4514.
by Jeremy Brown