Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-6037 EXPLOITDB text VERIFIED
AvailScript Article Script - SQL Injection
SQL injection vulnerability in view.php in AvailScript Article Script allows remote attackers to execute arbitrary SQL commands via the v parameter.
by Hussin X
CVE-2008-6454 EXPLOITDB text VERIFIED
6rbscript 3.3 - SQL Injection via singerid Parameter
SQL injection vulnerability in section.php in 6rbScript 3.3 allows remote attackers to execute arbitrary SQL commands via the singerid parameter in a singers action.
by Hussin X
CVE-2008-6453 EXPLOITDB text VERIFIED
6rbscript 3.3 - Path Traversal via Name Parameter
Directory traversal vulnerability in section.php in 6rbScript 3.3, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter.
by Stack
CVE-2008-4247 EXPLOITDB text VERIFIED
FreeBSD NetBSD OpenBSD - Cross-Site Request Forgery via Long FTP URI
ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
by Maksymilian Arciemowicz
CVE-2008-6469 EXPLOITDB text VERIFIED
PlainCart 1.1.2 - SQL Injection via Index.php p Parameter
SQL injection vulnerability in index.php in PlainCart 1.1.2 allows remote attackers to execute arbitrary SQL commands via the p parameter.
by r45c4l
CVE-2008-6452 EXPLOITDB text VERIFIED
oceandir < 2.9 - SQL Injection via show_vote.php id Parameter
SQL injection vulnerability in show_vote.php in Oceandir 2.9 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by JEEN HACKER TEAM
CVE-2008-5097 EXPLOITDB text VERIFIED
MyFWB 1.0 - SQL Injection via Page Parameter
SQL injection vulnerability in index.php in MyFWB 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
by 0x90
CVE-2008-6451 EXPLOITDB text VERIFIED
jPORTAL 2 - SQL Injection via humor.php id Parameter
SQL injection vulnerability in humor.php in jPORTAL 2 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might overlap CVE-2004-2036 or CVE-2005-3509.
by r45c4l
CVE-2008-6411 EXPLOITDB text VERIFIED
explay_cms < 2.1 - Unauthenticated Authentication Bypass via Login Cookie
Explay CMS 2.1 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the login cookie to 1.
by Stack
CVE-2008-6468 EXPLOITDB text VERIFIED
Diesel Pay - SQL Injection via Area Parameter in Browse Action
SQL injection vulnerability in index.php in Diesel Pay allows remote attackers to execute arbitrary SQL commands via the area parameter in a browse action.
by ZoRLu
CVE-2008-5090 EXPLOITDB text VERIFIED
Advanced Electron Forum < 1.0.7 - Remote Code Execution via BBCode Email Parameter
Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attackers to execute arbitrary PHP code via PHP code embedded in bbcode in the email parameter, which is processed by the preg_replace function with the eval switch.
by GulfTech Security
CVE-2008-6034 EXPLOITDB text VERIFIED
Achievo 1.3.2 - Cross-Site Scripting via atkaction Parameter
Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the atkaction parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Rohit Bansal
CVE-2008-6043 EXPLOITDB text VERIFIED
PHP Pro Bid 6.04 - SQL Injection via Order Field and Order Type Parameters
Multiple SQL injection vulnerabilities in PHP Pro Bid (PPB) 6.04 allow remote attackers to execute arbitrary SQL commands via the (1) order_field and (2) order_type parameters to categories.php and unspecified other components. NOTE: some of these details are obtained from third party information.
by Jan Van Niekerk
EIP-2026-110475 EXPLOITDB text VERIFIED
Parallels H-Sphere 3.0/3.1 - 'login.php' Multiple Cross-Site Scripting Vulnerabilities
by t0fx
CVE-2008-7008 EXPLOITDB text VERIFIED
HyperStop Web Host Directory 1.2 - Unauthenticated Database Backup Download via Direct Request
HyperStop Web Host Directory 1.2 allows remote attackers to bypass authentication and download a database backup via a direct request to admin/backup/db.
by r45c4l
EIP-2026-106961 EXPLOITDB text VERIFIED
Explay CMS 2.1 - Persistent Cross-Site Scripting / Cross-Site Request Forgery
by hodik
CVE-2008-6471 EXPLOITDB text VERIFIED
MountainGrafix easyLink 1.1.0 - SQL Injection via detail.php cat Parameter
SQL injection vulnerability in detail.php in MountainGrafix easyLink 1.1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter in a show action.
by Egypt Coder
CVE-2008-4173 EXPLOITDB text VERIFIED
ProArcadeScript 1.3 - SQL Injection via Random Parameter
SQL injection vulnerability in ProArcadeScript 1.3 allows remote attackers to execute arbitrary SQL commands via the random parameter to the default URI.
by SuNHouSe2
CVE-2008-4187 EXPLOITDB text VERIFIED
ProActive CMS - Path Traversal via Template Parameter
Directory traversal vulnerability in index.php in ProActive CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
by r45c4l
CVE-2008-4142 EXPLOITDB text VERIFIED
ephpscripts e-php_cms - SQL Injection via article.php es_id Parameter
SQL injection vulnerability in article.php in E-Php CMS allows remote attackers to execute arbitrary SQL commands via the es_id parameter.
by HaCkeR_EgY
CVE-2008-4150 EXPLOITDB text VERIFIED
Diesel Joke Site - SQL Injection via picture_category.php id Parameter
SQL injection vulnerability in picture_category.php in Diesel Joke Site allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-3763.
by SarBoT511
CVE-2008-4151 EXPLOITDB text VERIFIED
CYASK 3.x - Path Traversal via Neturl Parameter
Directory traversal vulnerability in collect.php in CYASK 3.x allows remote attackers to read arbitrary files via a .. (dot dot) in the neturl parameter.
by xy7
CVE-2008-4161 EXPLOITDB text VERIFIED
Assetman 2.5b - SQL Injection via search_inv.php order and order_by Parameters
SQL injection vulnerability in search_inv.php in Assetman 2.5b allows remote attackers to execute arbitrary SQL commands and conduct session fixation attacks via a combination of crafted order and order_by parameters in a search_all action.
by Neo Anderson
CVE-2008-4145 EXPLOITDB text VERIFIED
Addalink < 1.0 - SQL Injection via category_id Parameter
SQL injection vulnerability in user_read_links.php in Addalink 1.0 beta 4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
by ka0x
EIP-2026-100531 EXPLOITDB text VERIFIED
Sama Educational Management System - 'error.asp' Cross-Site Scripting
by Lagon666