Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-105394 EXPLOITDB text VERIFIED
Barcode Generator 2.0 - 'LSTable.php' Remote File Inclusion
by Br0k3n H34rT
CVE-2008-4714 EXPLOITDB text VERIFIED
Atomic Photo Album 1.1.0 pre4 - Authentication Bypass via Cookie Manipulation
Atomic Photo Album 1.1.0 pre4 does not properly handle the apa_cookie_login and apa_cookie_password cookies, which probably allows remote attackers to bypass authentication and gain administrative access via modified cookies.
by Stack
CVE-2008-4713 EXPLOITDB text VERIFIED
212cafe Board 0.07 - SQL Injection via qID Parameter
SQL injection vulnerability in view.php in 212cafe Board 0.07 allows remote attackers to execute arbitrary SQL commands via the qID parameter.
by CWH Underground
CVE-2008-6003 EXPLOITDB text VERIFIED
AJ Auction Pro Platinum 2 - SQL Injection
SQL injection vulnerability in sellers_othersitem.php in AJ Auction Pro Platinum 2 allows remote attackers to execute arbitrary SQL commands via the seller_id parameter.
by InjEctOr5
CVE-2008-4335 EXPLOITDB text VERIFIED
Atomic Photo Album 1.1.0pre4 - SQL Injection via apa_album_ID Parameter
SQL injection vulnerability in album.php in Atomic Photo Album (APA) 1.1.0pre4 allows remote attackers to execute arbitrary SQL commands via the apa_album_ID parameter.
by d3v1l
CVE-2008-4332 EXPLOITDB text VERIFIED
PHP infoBoard V.7 Plus - SQL Injection via idcat Parameter
SQL injection vulnerability in the showjavatopic function in func.php in PHP infoBoard V.7 Plus allows remote attackers to execute arbitrary SQL commands via the idcat parameter to showtopic.php.
by CWH Underground
CVE-2008-4841 EXPLOITDB text VERIFIED
Microsoft WordPad - Remote Code Execution via Crafted Word 97 File
The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.
by securfrog
CVE-2009-0259 EXPLOITDB text VERIFIED
OpenOffice.org 1.1.2-1.1.5 - Denial of Service and Possible Remote Code Execution via Crafted Word File
The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008, as demonstrated by 2008-crash.doc.rar, and a similar issue to CVE-2008-4841.
by securfrog
CVE-2008-5072 EXPLOITDB text VERIFIED
K-Lite Mega Codec Pack 3.5.7.0 - Denial of Service via Malformed FLV File
vsfilter.dll in K-Lite Mega Codec Pack 3.5.7.0 allows remote attackers to cause a denial of service (application crash) via a malformed FLV file.
by Aodrulez
EIP-2026-113100 EXPLOITDB text VERIFIED
Vikingboard 0.2 Beta - SQL Column Truncation
by StAkeR
EIP-2026-113099 EXPLOITDB text VERIFIED
Vikingboard 0.2 Beta - 'task' Local File Inclusion
by dun
EIP-2026-113098 EXPLOITDB text VERIFIED
Vikingboard 0.2 Beta - 'register.php' SQL Column Truncation Unauthorized Access
by StAkeR
CVE-2008-4331 EXPLOITDB text VERIFIED
phpocs < 0.1 - Path Traversal via Act Parameter
Directory traversal vulnerability in library/pagefunctions.inc.php in phpOCS 0.1 beta3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to index.php.
by dun
CVE-2008-4333 EXPLOITDB text VERIFIED
PHP infoBoard V.7 Plus - Cross-Site Scripting via isname Parameter
Cross-site scripting (XSS) vulnerability in PHP infoBoard V.7 Plus allows remote attackers to inject arbitrary web script or HTML via the isname parameter in a newtopic action.
by CWH Underground
CVE-2008-4334 EXPLOITDB text VERIFIED
PHP infoBoard V.7 Plus - Unauthenticated Authentication Bypass via infouser Cookie
PHP infoBoard V.7 Plus allows remote attackers to bypass authentication and gain administrative access by setting the infouser cookie to 1.
by Stack
CVE-2008-4329 EXPLOITDB text VERIFIED
openengine < 2.0_beta4 - Remote File Inclusion via oe_classpath Parameter
PHP remote file inclusion vulnerability in cms/system/openengine.php in openEngine 2.0 beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the oe_classpath parameter.
by dun
CVE-2008-4330 EXPLOITDB text VERIFIED
LanSuite 3.3.2 - Remote File Inclusion via Design Parameter Path Traversal
Directory traversal vulnerability in index.php in LanSuite 3.3.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the design parameter.
by dun
CVE-2008-4328 EXPLOITDB text VERIFIED
EasyRealtorPRO 2008 - SQL Injection via site_search.php Parameters
SQL injection vulnerability in site_search.php in EasyRealtorPRO 2008 allows remote attackers to execute arbitrary SQL commands via the (1) item, (2) search_ordermethod, and (3) search_order parameters.
by David Sopas
CVE-2008-4336 EXPLOITDB text VERIFIED
Atomic Photo Album 1.1.0pre4 - Cross-Site Scripting via apa_album_ID Parameter
Cross-site scripting (XSS) vulnerability in album.php in Atomic Photo Album (APA) 1.1.0pre4 allows remote attackers to inject arbitrary web script or HTML via the apa_album_ID parameter.
by d3v1l
CVE-2008-6004 EXPLOITDB text VERIFIED
AJ Auction Pro Platinum 2 - Cross-Site Scripting via search.php product parameter
Cross-site scripting (XSS) vulnerability in search.php in AJ Auction Pro Platinum 2 allows remote attackers to inject arbitrary web script or HTML via the product parameter.
by InjEctOr5
CVE-2008-4320 EXPLOITDB text VERIFIED
OpenNMS < 1.5.94 - Cross-Site Scripting via j_username, username, and filter Parameters
Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.5.94 allow remote attackers to inject arbitrary web script or HTML via (1) the j_username parameter to j_acegi_security_check, (2) the username parameter to notification/list.jsp, and (3) the filter parameter to event/list.
by d2d
CVE-2008-4320 EXPLOITDB text VERIFIED
OpenNMS < 1.5.94 - Cross-Site Scripting via j_username, username, and filter Parameters
Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.5.94 allow remote attackers to inject arbitrary web script or HTML via (1) the j_username parameter to j_acegi_security_check, (2) the username parameter to notification/list.jsp, and (3) the filter parameter to event/list.
by d2d
CVE-2008-4320 EXPLOITDB text VERIFIED
OpenNMS < 1.5.94 - Cross-Site Scripting via j_username, username, and filter Parameters
Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.5.94 allow remote attackers to inject arbitrary web script or HTML via (1) the j_username parameter to j_acegi_security_check, (2) the username parameter to notification/list.jsp, and (3) the filter parameter to event/list.
by d2d
CVE-2008-6408 EXPLOITDB text VERIFIED
ol'bookmarks 0.7.5 - Remote Code Execution via frame.php framefile Parameter
PHP remote file inclusion vulnerability in frame.php in ol'bookmarks manager 0.7.5 allows remote attackers to execute arbitrary PHP code via a URL in the framefile parameter.
by GoLd_M
CVE-2008-6407 EXPLOITDB text VERIFIED
ol'bookmarks manager 0.7.5 - Path Traversal via frame.php framefile Parameter
Directory traversal vulnerability in frame.php in ol'bookmarks manager 0.7.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the framefile parameter.
by GoLd_M