Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-4492 EXPLOITDB text VERIFIED
YourOwnBux 4.0 - SQL Injection via usNick Cookie
SQL injection vulnerability in referrals.php in YourOwnBux 4.0 allows remote attackers to execute arbitrary SQL commands via the usNick cookie.
by Tec-n0x
CVE-2008-5873 EXPLOITDB text VERIFIED
Yerba SACphp < 6.3 - Unauthenticated Authentication Bypass via galleta[sesion] Cookie
Yerba SACphp 6.3 and earlier allows remote attackers to bypass authentication and gain administrative access via a galleta[sesion] cookie that has a value beginning with 1:1: followed by a username.
by StAkeR
CVE-2008-4494 EXPLOITDB text VERIFIED
TorrentTrader Classic <= 1.08 - SQL Injection via id Parameter
SQL injection vulnerability in completed-advance.php in TorrentTrader Classic 1.08 and 1.04 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by BazOka-HaCkEr
CVE-2008-4496 EXPLOITDB text VERIFIED
PHP Realtor 1.5 - SQL Injection via view_cat.php v_cat Parameter
SQL injection vulnerability in view_cat.php in PHP Realtor 1.5 allows remote attackers to execute arbitrary SQL commands via the v_cat parameter.
by Mr.SQL
CVE-2008-4498 EXPLOITDB text VERIFIED
Phpautos - SQL Injection
SQL injection vulnerability in searchresults.php in PHP Autos 2.9.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
by Mr.SQL
CVE-2008-4495 EXPLOITDB text VERIFIED
PHP Auto Dealer 2.7 - SQL Injection via view_cat.php v_cat Parameter
SQL injection vulnerability in view_cat.php in PHP Auto Dealer 2.7 allows remote attackers to execute arbitrary SQL commands via the v_cat parameter.
by Mr.SQL
EIP-2026-108370 EXPLOITDB text VERIFIED
Joomla! Component com_hotspots - SQL Injection
by cOndemned
CVE-2008-4497 EXPLOITDB text VERIFIED
Built2Go Real Estate Listings 1.5 - SQL Injection via event_id Parameter
SQL injection vulnerability in event_detail.php in Built2Go Real Estate Listings 1.5 allows remote attackers to execute arbitrary SQL commands via the event_id parameter.
by d3v1l
CVE-2008-4610 EXPLOITDB text VERIFIED
MPlayer - Denial of Service via Malformed AAC or OGM File
MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718.
by Hanno Bock
CVE-2008-4610 EXPLOITDB text VERIFIED
MPlayer - Denial of Service via Malformed AAC or OGM File
MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718.
by Hanno Bock
CVE-2008-4514 EXPLOITDB text VERIFIED
KDE Konqueror 3.5.9 - Denial of Service via Long Font Color Value
The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via a font tag with a long color value, which triggers an assertion error.
by Jeremy Brown
EIP-2026-119306 EXPLOITDB text VERIFIED
XAMPP for Windows 1.6.8 - 'Phonebook.php' SQL Injection
by Jaykishan Nirmal
CVE-2008-4421 EXPLOITDB text VERIFIED
MetaGauge < 1.0.3.38 - Path Traversal via Dot Dot Backslash in URL
Directory traversal vulnerability in MetaGauge 1.0.0.17, and probably other versions before 1.0.3.38, allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) in the URL.
by Brad Antoniewicz
EIP-2026-112112 EXPLOITDB text VERIFIED
Simple Machines Forum (SMF) 1.1.6 - 'POST' Filter Security Bypass
by WHK
CVE-2008-4499 EXPLOITDB text VERIFIED
PHP Web Explorer Lite < 0.99b - Path Traversal via Refer or File Parameter
Multiple directory traversal vulnerabilities in PHP Web Explorer 0.99b and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) refer parameter to main.php and the (2) file parameter to edit.php.
by Pepelux
CVE-2008-4499 EXPLOITDB text VERIFIED
PHP Web Explorer Lite < 0.99b - Path Traversal via Refer or File Parameter
Multiple directory traversal vulnerabilities in PHP Web Explorer 0.99b and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) refer parameter to main.php and the (2) file parameter to edit.php.
by Pepelux
CVE-2008-4529 EXPLOITDB text VERIFIED
asiCMS alpha 0.208 - Remote Code Execution via _ENV[asicms][path] Parameter
Multiple PHP remote file inclusion vulnerabilities in asiCMS alpha 0.208 allow remote attackers to execute arbitrary PHP code via a URL in the _ENV[asicms][path] parameter to (1) Association.php, (2) BigMath.php, (3) DiffieHellman.php, (4) DumbStore.php, (5) Extension.php, (6) FileStore.php, (7) HMAC.php, (8) MemcachedStore.php, (9) Message.php, (10) Nonce.php, (11) SQLStore.php, (12) SReg.php, (13) TrustRoot.php, and (14) URINorm.php in classes/Auth/OpenID/; and (15) XRDS.php, (16) XRI.php and (17) XRIRes.php in classes/Auth/Yadis/.
by NoGe
CVE-2008-5712 EXPLOITDB text VERIFIED
KDE Konqueror 3.5.9 - Denial of Service via Long HTML Color Attribute
The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via (1) a long COLOR attribute in an HR element; or a long (a) BGCOLOR or (b) BORDERCOLOR attribute in a (2) TABLE, (3) TD, or (4) TR element. NOTE: the FONT vector is already covered by CVE-2008-4514.
by Jeremy Brown
CVE-2008-4518 EXPLOITDB text VERIFIED
Fastpublish CMS 1.9.9.9.9 d - SQL Injection via Sprache or Artikel Parameter
Multiple SQL injection vulnerabilities in Fastpublish CMS 1.9.9.9.9 d (1.9999 d) allow remote attackers to execute arbitrary SQL commands via the (1) sprache parameter to index2.php and the (2) artikel parameter to index.php.
by ~!Dok_tOR!~
CVE-2008-5870 EXPLOITDB text VERIFIED
FastStone Image Viewer 3.6 - Denial of Service via Malformed BMP Image
FastStone Image Viewer 3.6 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with large width and height values, possibly a related issue to CVE-2007-1942.
by suN8Hclf
CVE-2008-5937 EXPLOITDB text VERIFIED
AyeView 2.20 - Denial of Service via Malformed Bitmap File
AyeView 2.20 allows user-assisted attackers to cause a denial of service (memory consumption or application crash) via a bitmap (aka .bmp) file with large height and width values.
by suN8Hclf
CVE-2008-4490 EXPLOITDB text VERIFIED
phpabook < 0.8.8b - Remote File Inclusion via UserInfo Cookie
Directory traversal vulnerability in config.inc.php in phpAbook 0.8.8b and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the userInfo cookie.
by JosS
EIP-2026-110820 EXPLOITDB text VERIFIED
PHP-Fusion Mod triscoop_race_system - 'raceid' SQL Injection
by boom3rang
CVE-2008-4527 EXPLOITDB text VERIFIED
PHP-Fusion Recepies Module 1.1 - SQL Injection via kat_id Parameter
SQL injection vulnerability in recept.php in the Recepies (Recept) module 1.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the kat_id parameter in a kategorier action. NOTE: some of these details are obtained from third party information.
by boom3rang
CVE-2008-4521 EXPLOITDB text VERIFIED
World of Warcraft tracker infusion module 2.0 - SQL Injection via INFO_RAID_ID Parameter
SQL injection vulnerability in thisraidprogress.php in the World of Warcraft tracker infusion (raidtracker_panel) module 2.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the INFO_RAID_ID parameter.
by boom3rang