Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-111240 EXPLOITDB text VERIFIED
PHPWebGallery 1.3.4 - Blind SQL Injection (1)
by Stack
CVE-2008-4179 EXPLOITDB text VERIFIED
NooMS 1.1 - Cross-Site Scripting via Page ID or Search Query Parameters
Multiple cross-site scripting (XSS) vulnerabilities in NooMS 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) page_id parameter to smileys.php and the (2) q parameter to search.php.
by Dr.Crash
CVE-2008-4179 EXPLOITDB text VERIFIED
NooMS 1.1 - Cross-Site Scripting via Page ID or Search Query Parameters
Multiple cross-site scripting (XSS) vulnerabilities in NooMS 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) page_id parameter to smileys.php and the (2) q parameter to search.php.
by Dr.Crash
CVE-2008-4167 EXPLOITDB text VERIFIED
ezphotogallery 2.1 - Unauthenticated Administrator Account Manipulation via useradmin.php
useradmin.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 does not require administrative authentication, which allows remote attackers to (1) add or (2) remove an Administrator account.
by Stack
CVE-2008-4075 EXPLOITDB text VERIFIED
D-iscussion Board 3.01 - Path Traversal via Topic Parameter
Directory traversal vulnerability in index.php in D-iscussion Board 3.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the topic parameter.
by SirGod
CVE-2008-4074 EXPLOITDB text VERIFIED
Zanfi Autodealers CMS AutOnline - SQL Injection via index.php id Parameter
SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
by r45c4l
CVE-2008-4074 EXPLOITDB text VERIFIED
Zanfi Autodealers CMS AutOnline - SQL Injection via index.php id Parameter
SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
by ZoRLu
EIP-2026-103897 EXPLOITDB text VERIFIED
Epic Games Unreal Engine 436 - Multiple Format String Vulnerabilities
by Luigi Auriemma
CVE-2008-6977 EXPLOITDB text VERIFIED
aspWebAlbum 3.2 - Cross-Site Scripting via Album Summary Message Parameter
Cross-site scripting (XSS) vulnerability in album.asp in Full Revolution aspWebAlbum 3.2 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a summary action.
by e.wiZz!
CVE-2004-1553 EXPLOITDB text VERIFIED
aspWebAlbum - SQL Injection via Username Field or Cat Parameter
SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName parameter in a processlogin action to album.asp, as reachable from the login action.
by e.wiZz!
CVE-2008-2335 EXPLOITDB text VERIFIED
Vastal I-Tech phpVID 1.1, 1.2, 1.2.3 - Cross-Site Scripting via Search Results Query Parameter
Cross-site scripting (XSS) vulnerability in search_results.php in Vastal I-Tech phpVID 1.1 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 1.2.3 is also affected.
by r45c4l
CVE-2008-4158 EXPLOITDB text VERIFIED
Zanfi CMS lite 1.2 - Path Traversal via Flag or Inc Parameter
Multiple directory traversal vulnerabilities in index.php in Zanfi CMS lite 1.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) flag and (2) inc parameters.
by SirGod
CVE-2008-4159 EXPLOITDB text VERIFIED
Jaw Portal and Zanfi CMS Lite - SQL Injection via Page Parameter
SQL injection vulnerability in index.php in Jaw Portal and Zanfi CMS lite and allows remote attackers to execute arbitrary SQL commands via the page (pageid) parameter.
by Cru3l.b0y
CVE-2008-4157 EXPLOITDB text VERIFIED
Vastal I-Tech phpVID 1.1 and 1.2.3 - SQL Injection via groups.php cat Parameter
SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 1.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2007-3610. NOTE: it was later reported that 1.2.3 is also affected.
by r45c4l
EIP-2026-108047 EXPLOITDB text VERIFIED
Jaw Portal 1.2 - 'index.php' Multiple Local File Inclusions
by SirGod
CVE-2008-7120 EXPLOITDB text VERIFIED
hot_links_sql-php < 3 - SQL Injection via news.php Parameter
SQL injection vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to execute arbitrary SQL commands via the news.php parameter.
by r45c4l
CVE-2008-3824 EXPLOITDB text VERIFIED
Horde 3.1.x-3.1.9, Horde 3.2.x-3.2.2, Popoon r22196 - XSS
Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary web script or HTML by using / (slash) characters as replacements for spaces in an HTML e-mail message.
by Alexios Fakos
CVE-2008-3823 EXPLOITDB text VERIFIED
Horde 3.2.x - Cross-Site Scripting via MIME Attachment Filename
Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message.
by Alexios Fakos
CVE-2008-4373 EXPLOITDB text VERIFIED
AvailScript Job Portal Script - SQL Injection via jid Parameter
SQL injection vulnerability in job_seeker/applynow.php in AvailScript Job Portal Script allows remote attackers to execute arbitrary SQL commands via the jid parameter.
by InjEctOr5
EIP-2026-105330 EXPLOITDB text VERIFIED
AvailScript Job Portal Script - 'applynow.php' SQL Injection
by InjEctOr5
CVE-2008-6978 EXPLOITDB text VERIFIED
Full Revolution aspWebAlbum 3.2 - Unrestricted File Upload and Remote Code Execution via pics/ Directory
Unrestricted file upload vulnerability in Full Revolution aspWebAlbum 3.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in pics/, related to the uploadmedia action in album.asp.
by e.wiZz!
CVE-2008-4378 EXPLOITDB text VERIFIED
Hot Links SQL-PHP < 3.0 - SQL Injection via Report ID Parameter
SQL injection vulnerability in report.php in Mr. CGI Guy Hot Links SQL-PHP 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by sl4xUz
CVE-2008-4377 EXPLOITDB text VERIFIED
Creator CMS 5.0 - SQL Injection via sideid Parameter
SQL injection vulnerability in index.asp in Creative Mind Creator CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the sideid parameter.
by ThE X-HaCkEr
CVE-2008-4371 EXPLOITDB text VERIFIED
AvailScript Article Script - SQL Injection via aIDS Parameter
SQL injection vulnerability in articles.php in AvailScript Article Script allows remote attackers to execute arbitrary SQL commands via the aIDS parameter.
by sl4xUz
CVE-2008-4369 EXPLOITDB text VERIFIED
Availscript Photo Album - SQL Injection via sid Parameter
SQL injection vulnerability in pics.php in Availscript Photo Album allows remote attackers to execute arbitrary SQL commands via the sid parameter.
by sl4xUz