Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-4351 EXPLOITDB text VERIFIED
phpSmartCom 0.2 - Path Traversal via Index.php p Parameter
Directory traversal vulnerability in index.php in phpSmartCom 0.2 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the p parameter.
by r3dm0v3
CVE-2008-4115 EXPLOITDB text VERIFIED
TalkBack 2.3.6 - Unauthenticated Sensitive Information Exposure via info.php
TalkBack 2.3.6 allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function.
by SirGod
CVE-2008-3371 EXPLOITDB text VERIFIED
TalkBack < 2.3.6.2 - Remote File Inclusion via Language Parameter
Directory traversal vulnerability in install/help.php in TalkBack 2.3.5, and other versions before 2.3.6.2, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.
by SirGod
CVE-2008-4346 EXPLOITDB text VERIFIED
TalkBack 2.3.6 and 2.3.6.4 - Path Traversal via Language Parameter
Directory traversal vulnerability in TalkBack 2.3.6 and 2.3.6.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to comments.php, a different vector than CVE-2008-3371.
by SirGod
CVE-2008-4352 EXPLOITDB text VERIFIED
phpSmartCom 0.2 - SQL Injection via UID Parameter
SQL injection vulnerability in inc/pages/viewprofile.php in phpSmartCom 0.2 allows remote attackers to execute arbitrary SQL commands via the uid parameter in a viewprofile action to index.php.
by r3dm0v3
CVE-2008-4353 EXPLOITDB text VERIFIED
Linkarity - SQL Injection via cat_id Parameter
SQL injection vulnerability in link.php in Linkarity allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. NOTE: although one component of Linkarity is distributable PHP code, this issue might be site-specific. If so, it should not be included in CVE.
by Egypt Coder
CVE-2008-7006 EXPLOITDB text VERIFIED
Free PHP VX Guestbook 1.06 - Unauthenticated Database Backup Download via Direct Request
Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and download a backup of the database via a direct request to admin/backupdb.php.
by SirGod
CVE-2008-4176 EXPLOITDB text VERIFIED
FoT Video scripti 1.1 beta - SQL Injection via izle.asp oyun Parameter
SQL injection vulnerability in izle.asp in FoT Video scripti 1.1 beta allows remote attackers to execute arbitrary SQL commands via the oyun parameter.
by Crackers_Child
EIP-2026-113341 EXPLOITDB text VERIFIED
WebPortal CMS 0.7.4 - 'FCKeditor' Arbitrary File Upload
by S.W.A.T.
CVE-2008-4350 EXPLOITDB text VERIFIED
vbLOGIX Tutorial Script < 1.0 - SQL Injection via cat_id Parameter
SQL injection vulnerability in main.php in vbLOGIX Tutorial Script 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
by FIREH4CK3R
EIP-2026-112399 EXPLOITDB text VERIFIED
Sports Clubs Web Panel 0.0.1 - Arbitrary File Upload
by Stack
CVE-2008-7010 EXPLOITDB text VERIFIED
Skalinks Exchange Script 1.5 - Unauthenticated Privilege Escalation via Admin Registration
Skalfa Software SkaLinks Exchange Script 1.5 allows remote attackers to add new administrators and gain privileges via a direct request to admin/register.php.
by mr.al7rbi
EIP-2026-111650 EXPLOITDB text VERIFIED
QuicO - 'photo.php' SQL Injection
by Beenu Arora
CVE-2008-4347 EXPLOITDB text VERIFIED
Powie pNews 2.03 - SQL Injection via newsid Parameter
SQL injection vulnerability in newskom.php in Powie pNews 2.03 allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
by r45c4l
CVE-2008-4355 EXPLOITDB text VERIFIED
Powie PSCRIPT Forum <= 1.30 - SQL Injection via showprofil.php id Parameter
SQL injection vulnerability in showprofil.php in Powie PSCRIPT Forum (aka PHP Forum or pForum) 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by tmh
CVE-2008-4349 EXPLOITDB text VERIFIED
s0nic Paranews 3.4 - Cross-Site Scripting via News.php ID or Page Parameter
Multiple cross-site scripting (XSS) vulnerabilities in news.php in s0nic Paranews 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) page parameter in a details action.
by Xylitol
CVE-2008-4354 EXPLOITDB text VERIFIED
NetArt Media iBoutique 4.0 - SQL Injection via Cat Parameter
SQL injection vulnerability in the products module in NetArt Media iBoutique 4.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php.
by r45c4l
CVE-2008-4174 EXPLOITDB text VERIFIED
Dynamic MP3 Lister 2.0.1 - Cross-Site Scripting via currentpath invert search or sort Parameters
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dynamic MP3 Lister 2.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) currentpath, (2) invert, (3) search, and (4) sort parameters.
by Xylitol
CVE-2008-7015 EXPLOITDB text VERIFIED
Unreal Engine 3 - Denial of Service via Large Packet Length
Unreal engine 3, as used in Unreal Tournament 3 1.3, Frontlines: Fuel of War 1.1.1, and other products, allows remote attackers to cause a denial of service (server exit) via a packet with a large length value that triggers a memory allocation failure.
by Luigi Auriemma
CVE-2008-4591 EXPLOITDB text VERIFIED
phpwebgallery 1.3.4 - Cross-Site Scripting via lang[access_forbiden] and lang[ident_title] Parameters
Multiple cross-site scripting (XSS) vulnerabilities in admin/include/isadmin.inc.php in PhpWebGallery 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) lang[access_forbiden] and (2) lang[ident_title] parameters.
by Khashayar Fereidani
CVE-2008-4073 EXPLOITDB text VERIFIED
Zanfi Autodealers CMS AutOnline - SQL Injection via pageid Parameter
SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a DBpAGE action.
by r45c4l
CVE-2008-7009 EXPLOITDB text VERIFIED
Check Point ZoneAlarm Security Suite 7.0.483.000 and 8.0.020.000 - Local Buffer Overflow via Long Path
Buffer overflow in multiscan.exe in Check Point ZoneAlarm Security Suite 7.0.483.000 and 8.0.020.000 allows local users to execute arbitrary code via a file or directory with a long path. NOTE: some of these details are obtained from third party information.
by Juan Pablo Lopez Yacubian
CVE-2008-4592 EXPLOITDB text VERIFIED
Sports Clubs Web Panel 0.0.1 - Path Traversal via Index.php p Parameter
Directory traversal vulnerability in index.php in Sports Clubs Web Panel 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter.
by StAkeR
CVE-2008-4592 EXPLOITDB text VERIFIED
Sports Clubs Web Panel 0.0.1 - Path Traversal via Index.php p Parameter
Directory traversal vulnerability in index.php in Sports Clubs Web Panel 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter.
by Virangar Security
CVE-2008-4702 EXPLOITDB text VERIFIED
phpwebgallery 1.3.4 - Path Traversal via user[language] or user[template] Parameter
Multiple directory traversal vulnerabilities in PhpWebGallery 1.3.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) user[language] and (2) user[template] parameters to (a) init.inc.php, and (b) the user[language] parameter to isadmin.inc.php.
by Khashayar Fereidani