Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-6033 EXPLOITDB text VERIFIED
WSN Links 2.20 - SQL Injection via Comments.php ID Parameter
SQL injection vulnerability in comments.php in WSN Links 2.20 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by d3v1l
EIP-2026-113196 EXPLOITDB text VERIFIED
WCMS 1.0b - 'news_detail.asp' SQL Injection
by CWH Underground
EIP-2026-112897 EXPLOITDB text VERIFIED
UNAK-CMS - Cookie Authentication Bypass
by Ciph3r
CVE-2008-5840 EXPLOITDB text VERIFIED
phpicalendar <= 2.24 - Unauthenticated Authentication Bypass via Cookie Manipulation
PHP iCalendar 2.24 and earlier allows remote attackers to bypass authentication by setting the phpicalendar and phpicalendar_login cookies to 1.
by Stack
CVE-2008-6025 EXPLOITDB text VERIFIED
OpenElec < 3.01 - Remote Code Execution via Path Traversal in scr/form.php
Directory traversal vulnerability in scr/form.php in openElec 3.01 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the obj parameter.
by dun
CVE-2008-4341 EXPLOITDB text VERIFIED
MyBlog < 0.9.8 - Unauthenticated Authentication Bypass via Cookie Manipulation
add.php in MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication and gain administrative access by setting a cookie with admin=yes and login=admin.
by Pepelux
CVE-2008-6038 EXPLOITDB text VERIFIED
MapCal 0.1 - SQL Injection via id Parameter in editevent Action
SQL injection vulnerability in index.php in MapCal 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in an editevent action, possibly related to dsp_editevent.php.
by 0x90
CVE-2008-6028 EXPLOITDB text VERIFIED
University of Queensland Library Fez <2.0 RC1 - SQL Injection
SQL injection vulnerability in list.php in University of Queensland Library Fez 1.3 and 2.0 RC1 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter in a subject action.
by d3v1l
CVE-2008-6029 EXPLOITDB text VERIFIED
buzzywall <= 1.3.1 - SQL Injection via Search Parameter
SQL injection vulnerability in search.php in BuzzyWall 1.3.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the search parameter.
by ~!Dok_tOR!~
CVE-2008-6039 EXPLOITDB text VERIFIED
BLUEPAGE CMS <2.5 - Info Disclosure
Session fixation vulnerability in BLUEPAGE CMS 2.5 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
by David Vieira-Kurz
CVE-2008-6036 EXPLOITDB text VERIFIED
BaseBuilder < 2.0.1 - Remote Code Execution via mj_config[src_path] Parameter
PHP remote file inclusion vulnerability in main.inc.php in BaseBuilder 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mj_config[src_path] parameter.
by dun
CVE-2008-4344 EXPLOITDB text VERIFIED
6rbscript - SQL Injection via CatID Parameter
SQL injection vulnerability in cat.php in 6rbScript allows remote attackers to execute arbitrary SQL commands via the CatID parameter.
by Karar Alshami
EIP-2026-100527 EXPLOITDB text VERIFIED
rgb72 WCMS 1.0 - 'index.php' SQL Injection
by CWH Underground
CVE-2008-4243 EXPLOITDB text VERIFIED
Unreal Tournament 3 WebAdmin < 1.7 - Unauthenticated Path Traversal via ImageServer URI
Directory traversal vulnerability in ImageServer (aka UTImageServer) in WebAdmin before 1.7 for Epic Games Unreal Tournament 3 (UT3) 1.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
by Luigi Auriemma
CVE-2008-4244 EXPLOITDB text VERIFIED
Rianxosencabos CMS 0.9 - Unauthenticated Authentication Bypass via Cookie Manipulation
Rianxosencabos CMS 0.9 allows remote attackers to bypass authentication and gain administrative access by setting the usuario and pass cookies to 1.
by Stack
CVE-2008-4245 EXPLOITDB text VERIFIED
Rianxosencabos CMS 0.9 - Authenticated Privilege Escalation and User Deletion via Admin Control Panel
The Admin Control Panel in Rianxosencabos CMS 0.9 does not require administrator privileges, which allows remote authenticated users to (1) change a user's privileges, (2) delete a user account, or perform unspecified other administrative actions via vectors involving an admin lista action to the default URI, possibly related to useradmin.php.
by CWH Underground
CVE-2008-5088 EXPLOITDB text VERIFIED
PHPKB Knowledge Base Software 1.5 Professional - SQL Injection via ID Parameter
Multiple SQL injection vulnerabilities in PHPKB Knowledge Base Software 1.5 Professional allow remote attackers to execute arbitrary SQL commands via the ID parameter to (1) email.php and (2) question.php, a different vector than CVE-2008-1909.
by d3v1l
CVE-2008-6042 EXPLOITDB text VERIFIED
NetArtMedia Real Estate Portal 2.0 - SQL Injection
SQL injection vulnerability in the re_search module in NetArtMedia Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the ad parameter to index.php.
by Encrypt3d.M!nd
CVE-2008-6030 EXPLOITDB text VERIFIED
NetArtMedia Jobs Portal 1.3 - SQL Injection
Multiple SQL injection vulnerabilities in NetArtMedia Jobs Portal 1.3 allow remote attackers to execute arbitrary SQL commands via (1) the job parameter to index.php in the search module or (2) the news_id parameter to index.php.
by Encrypt3d.M!nd
CVE-2008-6404 EXPLOITDB text VERIFIED
eXtrovert Software Thyme 1.3 - Cross-Site Scripting via Callback Parameter
Cross-site scripting (XSS) vulnerability in add_calendars.php in eXtrovert Software Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the callback parameter.
by DigiTrust Group
CVE-2008-6466 EXPLOITDB text VERIFIED
Akira Powered Image Gallery 0.9.6.2 - SQL Injection via Image Parameter
SQL injection vulnerability in image_gallery.php in the Akira Powered Image Gallery (image_gallery) plugin 0.9.6.2 for e107 allows remote attackers to execute arbitrary SQL commands via the image parameter in an image-detail action.
by boom3rang
CVE-2008-6467 EXPLOITDB text VERIFIED
Diesel Job Site - SQL Injection via job_id Parameter
SQL injection vulnerability in jobs/jobseekers/job-info.php in Diesel Job Site allows remote attackers to execute arbitrary SQL commands via the job_id parameter.
by Stack
CVE-2008-6026 EXPLOITDB text VERIFIED
BlueCUBE CMS - SQL Injection via tienda.php id Parameter
SQL injection vulnerability in tienda.php in BlueCUBE CMS allows remote attackers to execute arbitrary SQL commands via the id parameter.
by r45c4l
CVE-2008-6464 EXPLOITDB text VERIFIED
Basic PHP Events Lister 1.0 - SQL Injection via event.php id Parameter
SQL injection vulnerability in event.php in Mevin Productions Basic PHP Events Lister 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by 0x90
CVE-2008-7021 EXPLOITDB text VERIFIED
AvailScript Jobs Portal Script - Authenticated Arbitrary File Upload via editlogo.php
Unrestricted file upload vulnerability in editlogo.php in AvailScript Jobs Portal Script allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as an image or logo, then accessing it via a direct request to the file in an unspecified directory.
by InjEctOr5