Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-4131 EXPLOITDB text VERIFIED
Solaris 8-10 - Privilege Escalation via Tag Handling in vi ex vedit view and edit
Multiple unspecified vulnerabilities in Sun Solaris 8 through 10 allow local users to gain privileges via vectors related to handling of tags with (1) the -t option and (2) the :tag command in the (a) vi, (b) ex, (c) vedit, (d) view, and (e) edit programs.
by Eli the Bearded
CVE-2008-4141 EXPLOITDB text VERIFIED
x10media .x10_automatic_mp3_script 1.5.5 - Remote File Inclusion via web_root Parameter
Multiple PHP remote file inclusion vulnerabilities in x10Media x10 Automatic MP3 Script 1.5.5 allow remote attackers to execute arbitrary PHP code via a URL in the web_root parameter to (1) includes/function_core.php and (2) templates/layout_lyrics.php.
by THUNDER
CVE-2008-4138 EXPLOITDB text VERIFIED
TECHNOTE 7 - Remote Code Execution via shop_this_skin_path Parameter
PHP remote file inclusion vulnerability in skin_shop/standard/3_plugin_twindow/twindow_notice.php in TECHNOTE 7 allows remote attackers to execute arbitrary PHP code via a URL in the shop_this_skin_path parameter.
by webDEViL
CVE-2008-4140 EXPLOITDB text VERIFIED
Quick.Cart 3.1 - Cross-Site Scripting via Admin.php Query String
Cross-site scripting (XSS) vulnerability in admin.php in Quick.Cart 3.1 allows remote attackers to inject arbitrary web script or HTML via the query string.
by John Cobb
CVE-2008-4134 EXPLOITDB text VERIFIED
phpRealty < 0.03 - Remote Code Execution via INC Parameter
PHP remote file inclusion vulnerability in manager/static/view.php in phpRealty 0.03 and earlier, and possibly other versions before 0.05, allows remote attackers to execute arbitrary PHP code via a URL in the INC parameter.
by ka0x
CVE-2008-4137 EXPLOITDB text VERIFIED
php_crawler - Remote File Inclusion via footer_file Parameter
PHP remote file inclusion vulnerability in footer.php in PHP-Crawler 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the footer_file parameter.
by Piker
CVE-2008-4172 EXPLOITDB text VERIFIED
Cars & Vehicle Script - SQL Injection via lnkid Parameter
SQL injection vulnerability in page.php in Cars & Vehicle (aka Cars-Vehicle Script) allows remote attackers to execute arbitrary SQL commands via the lnkid parameter.
by Hussin X
CVE-2008-4146 EXPLOITDB text VERIFIED
Addalink < 1.0 - Improper Authentication
Addalink 1.0 beta 4 and earlier allows remote attackers to (1) approve web-site additions via a modified approved field and (2) change the visit-counter value via a modified counter field.
by Pepelux
CVE-2008-4206 EXPLOITDB text VERIFIED
Attachmax Dolphin <= 2.1.0 - Remote Code Execution via rel_path Parameter
PHP remote file inclusion vulnerability in config.php in Attachmax Dolphin 2.1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the rel_path parameter.
by K-159
CVE-2008-4205 EXPLOITDB text VERIFIED
Attachmax Dolphin - SQL Injection via Category Parameter
SQL injection vulnerability in search.php Attachmax Dolphin 2.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter in a Search action to index.php. NOTE: some of these details are obtained from third party information.
by K-159
CVE-2008-4139 EXPLOITDB text VERIFIED
OpenSolution Quick.Cms.Lite 2.1 - Cross-Site Scripting via Admin.php Query String
Cross-site scripting (XSS) vulnerability in admin.php in OpenSolution Quick.Cms.Lite 2.1 allows remote attackers to inject arbitrary web script or HTML via the query string.
by John Cobb
CVE-2008-4169 EXPLOITDB text VERIFIED
iScripts EasyIndex - SQL Injection via detaillist.php produid Parameter
SQL injection vulnerability in detaillist.php in iScripts EasyIndex, possibly 1.0, allows remote attackers to execute arbitrary SQL commands via the produid parameter.
by SirGod
CVE-2008-4202 EXPLOITDB text VERIFIED
Gonafish LinksCaffePRO 4.5 - SQL Injection via idd Parameter in deadlink Action
SQL injection vulnerability in index.php in Gonafish LinksCaffePRO 4.5 allows remote attackers to execute arbitrary SQL commands via the idd parameter in a deadlink action.
by sl4xUz
CVE-2008-4207 EXPLOITDB text VERIFIED
Attachmax Dolphin <= 2.1.0 - Unauthenticated Sensitive Information Exposure via info.php
Attachmax Dolphin 2.1.0 and earlier does not properly protect info.php in the main folder, which allows remote attackers to obtain sensitive information via a direct request, which invokes the phpinfo function. NOTE: some of these details are obtained from third party information.
by K-159
CVE-2008-7011 EXPLOITDB text VERIFIED
Digital Extreme Pariah - Resource Management Error
The Unreal engine, as used in Unreal Tournament 3 1.3, Unreal Tournament 2003 and 2004, Dead Man's Hand, Pariah, WarPath, Postal2, and Shadow Ops, allows remote authenticated users to cause a denial of service (server exit) via multiple file downloads from the server, which triggers an assertion failure when the Closing flag in UnChan.cpp is set.
by Luigi Auriemma
CVE-2008-4204 EXPLOITDB text VERIFIED
SoftAcid Hotel Reservation System - SQL Injection via city Parameter
SQL injection vulnerability in city.asp in SoftAcid Hotel Reservation System (HRS) allows remote attackers to execute arbitrary SQL commands via the city parameter.
by JosS
CVE-2008-4177 EXPLOITDB text VERIFIED
Pre Real Estate Listings - SQL Injection via Search Parameter
SQL injection vulnerability in search.php in Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the c parameter.
by JosS
CVE-2008-4096 EXPLOITDB text VERIFIED
phpMyAdmin < 2.11.9.1 - Authenticated Remote Code Execution via Sort Parameter
libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function.
by Norman Hippert
CVE-2008-4175 EXPLOITDB text VERIFIED
Linkbidscript - SQL Injection
Multiple SQL injection vulnerabilities in Link Bid Script 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) ucat parameter to upgrade.php and the (2) id parameter to linkadmin/edit.php.
by SirGod
CVE-2008-4203 EXPLOITDB text VERIFIED
CzarNews < 1.20 - SQL Injection via recook Cookie
SQL injection vulnerability in cn_users.php in CzarNews 1.20 and earlier allows remote attackers to execute arbitrary SQL commands via a recook cookie.
by 0ut0fbound
CVE-2008-7012 EXPLOITDB text VERIFIED
Accellion Secure File Transfer Appliance < 7_0_178 - Spam Email Injection via Error Reporting Page
courier/1000@/api_error_email.html (aka "error reporting page") in Accellion File Transfer Appliance FTA_7_0_178, and possibly other versions before FTA_7_0_189, allows remote attackers to send spam e-mail via modified description and client_email parameters.
by Eric Beaulieu
CVE-2008-4356 EXPLOITDB text VERIFIED
Kasseler CMS 1.1.0 and 1.2.0 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Kasseler CMS 1.1.0 and 1.2.0 allow remote attackers to execute arbitrary SQL commands via (1) the nid parameter to index.php in a View action to the News module; (2) the vid parameter to index.php in a Result action to the Voting module; (3) the fid parameter to index.php in a ShowForum action to the Forum module; (4) the tid parameter to index.php in a ShowTopic action to the Forum module; (5) the uname parameter to index.php in a UserInfo action to the Account module; or (6) the module parameter to index.php, probably related to the TopSites module.
by ~!Dok_tOR!~
CVE-2008-7007 EXPLOITDB text VERIFIED
Free PHP VX Guestbook 1.06 - Unauthenticated Authentication Bypass via Cookie Manipulation
Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and gain administrative access by setting the (1) admin_name and (2) admin_pass cookie values to 1.
by Stack
CVE-2008-4181 EXPLOITDB text VERIFIED
Netenberg Fantastico De Luxe < 2.10.4 - Authenticated Path Traversal via fantasticopath Parameter
Directory traversal vulnerability in includes/xml.php in the Netenberg Fantastico De Luxe module before 2.10.4 r19 for cPanel, when cPanel PHP Register Globals is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) or absolute pathname in the fantasticopath parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
by joker_1
CVE-2008-4135 EXPLOITDB text VERIFIED
Symbian OS S60 3rd Edition - Denial of Service via Deauthentication Frames
Symbian OS S60 3rd edition on the Nokia E90 Communicator 07.40.1.2 Ra-6 and Nseries N82 allows remote attackers to cause a denial of service (device crash) via multiple deauthentication (DeAuth) frames.
by wins.mallow