Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-110818 EXPLOITDB text VERIFIED
PHP-Fusion Mod manuals - 'manual' SQL Injection
by boom3rang
EIP-2026-110314 EXPLOITDB text VERIFIED
OpenNMS < 1.5.96 - Multiple Vulnerabilities
by BugSec LTD
CVE-2008-4509 EXPLOITDB text VERIFIED
FOSS Gallery 1.0 beta - Unauthenticated Arbitrary File Upload via processFiles.php
Unrestricted file upload vulnerability in processFiles.php in FOSS Gallery Admin and FOSS Gallery Public 1.0 beta allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the root directory.
by Pepelux
CVE-2008-4519 EXPLOITDB text VERIFIED
Fastpublish CMS 1.9999 d - Path Traversal via Target Parameter
Multiple directory traversal vulnerabilities in Fastpublish CMS 1.9999 d allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the target parameter to (1) index2.php and (2) index.php.
by ~!Dok_tOR!~
EIP-2026-104014 EXPLOITDB text VERIFIED
OpenNMS 1.5.x - HTTP Response Splitting
by BugSec LTD
CVE-2008-4393 EXPLOITDB text VERIFIED
VeriSign Kontiki Delivery Management System <= 5.0 - Cross-Site Scripting via Action Parameter
Cross-site scripting (XSS) vulnerability in VeriSign Kontiki Delivery Management System (DMS) 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter to zodiac/servlet/zodiac.
by Mazin Faour
CVE-2008-5884 EXPLOITDB text VERIFIED
AyeView 2.20 - Denial of Service via Malformed GIF Header
AyeView 2.20 allows user-assisted attackers to cause a denial of service (application crash) via a GIF file with a malformed header.
by suN8Hclf
CVE-2008-4528 EXPLOITDB text VERIFIED
Phlatline Personal Information Manager 1.01 - Path Traversal via Notes.php ID Parameter
Directory traversal vulnerability in notes.php in Phlatline's Personal Information Manager (pPIM) 1.01 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter in an edit action.
by JosS
CVE-2008-4522 EXPLOITDB text VERIFIED
JMweb MP3 Music Audio Search and Download Script - Path Traversal via src Parameter
Multiple directory traversal vulnerabilities in JMweb MP3 Music Audio Search and Download Script allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the src parameter to (1) listen.php and (2) download.php.
by SirGod
EIP-2026-119305 EXPLOITDB text VERIFIED
XAMPP for Windows 1.6.8 - 'cds.php' SQL Injection
by Jaykishan Nirmal
CVE-2008-4501 EXPLOITDB text VERIFIED
Serv-U File Server 7.0.0.1-7.3 - Authenticated Path Traversal via RNTO Command
Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\ (dot dot backslash) in the RNTO command.
by dmnt
EIP-2026-119091 EXPLOITDB text VERIFIED
RhinoSoft Serv-U FTP Server 7.2.0.1 - 'rnto' Directory Traversal
by dmnt
CVE-2008-5667 EXPLOITDB text VERIFIED
VirusBlokAda VBA32 Personal Antivirus <3.12.8.x - DoS
The scanning engine in VirusBlokAda VBA32 Personal Antivirus 3.12.8.x allows remote attackers to cause a denial of service (memory corruption and application crash) via a malformed RAR archive.
by LiquidWorm
CVE-2008-4500 EXPLOITDB text VERIFIED
Serv-U 7.0.0.1-7.3 - Authenticated Denial of Service via STOU Command
Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using "con:1".
by dmnt
CVE-2008-5677 EXPLOITDB text VERIFIED
Kwalbum < 2.0.2 - Authenticated Arbitrary File Upload and Remote Code Execution via Executable File Extension
Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and earlier, when PICS_PATH is located in the web root, allows remote authenticated users with upload capability to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under items/, related to the ReplaceBadFilenameChars function in include/ItemAdder.php. NOTE: some of these details are obtained from third party information.
by CWH Underground
CVE-2008-6133 EXPLOITDB text VERIFIED
Full PHP Emlak Script - SQL Injection
SQL injection vulnerability in arsaprint.php in Full PHP Emlak Script allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3942.
by Hussin X
CVE-2008-4526 EXPLOITDB text VERIFIED
CCMS 3.1 - Path Traversal via Skin Parameter
Multiple directory traversal vulnerabilities in CCMS 3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin parameter to (1) index.php, (2) forums.php, (3) admin.php, (4) header.php, (5) pages/story.php and (6) pages/poll.php.
by SirGod
CVE-2008-4525 EXPLOITDB text VERIFIED
ampjuke 0.7.5 - SQL Injection via Special Parameter in Performerid Action
SQL injection vulnerability in index.php in AmpJuke 0.7.5 allows remote attackers to execute arbitrary SQL commands via the special parameter in a performerid action.
by S_DLA_S
CVE-2008-3326 EXPLOITDB text VERIFIED
Moodle 1.6.x < 1.6.7 and 1.7.x < 1.7.5 - Cross-Site Scripting via Blog Entry Title Parameter
Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the etitle parameter (blog entry title).
by ZeN
CVE-2008-1087 EXPLOITDB text VERIFIED
Microsoft Windows - Buffer Overflow
Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability."
by Ac!dDrop
CVE-2008-5678 EXPLOITDB text VERIFIED
FDI OLIB7 WebView 2.5.1.1 - Info Disclosure
Fretwell-Downing Informatics (FDI) OLIB7 WebView 2.5.1.1 allows remote authenticated users to obtain sensitive information from files via the infile parameter to the default URI under cgi/, as demonstrated by the (1) get_settings.ini, (2) setup.ini, and (3) text.ini files.
by ZeN
CVE-2008-6164 EXPLOITDB text VERIFIED
DreamCost HostAdmin 3.1.1 - Cross-Site Scripting via Page Parameter
Cross-site scripting (XSS) vulnerability in index.php in DreamCost HostAdmin 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
by Am!r
CVE-2008-6162 EXPLOITDB text VERIFIED
bux.to_clone_script - Unauthenticated Authentication Bypass via Cookie Manipulation
Bux.to Clone script allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1 and the usNick cookie to admin.
by SirGod
CVE-2008-3832 EXPLOITDB text VERIFIED
Fedora Linux Kernel - Denial of Service via utrace_control Function
A certain Fedora patch for the utrace subsystem in the Linux kernel before 2.6.26.5-28 on Fedora 8, and before 2.6.26.5-45 on Fedora 9, allows local users to cause a denial of service (NULL pointer dereference and system crash or hang) via a call to the utrace_control function.
by Michael Simms
CVE-2008-4546 EXPLOITDB text VERIFIED
Adobe Flash Player - Denial of Service via HTTP Response Mismatch
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.
by Matthew Dempsky