Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-3664 EXPLOITDB text VERIFIED
XRMS - Cross-Site Scripting via Multiple Input Parameters
Multiple cross-site scripting (XSS) vulnerabilities in XRMS allow remote attackers to inject arbitrary web script or HTML via (1) the real name field, related to the user list; (2) the target parameter to login.php, (3) the title parameter to activities/some.php, (4) the company_name parameter to companies/some.php, (5) the last_name parameter to contacts/some.php, (6) the campaign_title parameter to campaigns/some.php, (7) the opportunity_title parameter to opportunities/some.php, (8) the case_title parameter to cases/some.php, (9) the file_id parameter to files/some.php, or (10) the starting parameter to reports/custom/mileage.php, a related issue to CVE-2008-1129.
by Fabian Fingerle
EIP-2026-111655 EXPLOITDB text VERIFIED
qwicsite pro - SQL Injection / Cross-Site Scripting
by Cr@zy_King
CVE-2008-4144 EXPLOITDB text VERIFIED
ACG-ScriptShop E-Gold Script Shop - SQL Injection via cid Parameter
SQL injection vulnerability in index.php in ACG-ScriptShop E-Gold Script Shop allows remote attackers to execute arbitrary SQL commands via the cid parameter in a showcat action.
by Hussin X
CVE-2008-3944 EXPLOITDB text VERIFIED
ACG-PTP 1.0.6 - SQL Injection via adid Parameter
SQL injection vulnerability in index.php in ACG-PTP 1.0.6 allows remote attackers to execute arbitrary SQL commands via the adid parameter in an adorder action.
by Hussin X
CVE-2008-6985 EXPLOITDB text
Zen Cart 1.2.0-1.3.8a - SQL Injection via Shopping Cart ID Parameter
Multiple SQL injection vulnerabilities in includes/classes/shopping_cart.php in Zen Cart 1.2.0 through 1.3.8a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter when (1) adding or (2) updating the shopping cart.
by GulfTech Security
CVE-2008-6977 EXPLOITDB text VERIFIED
aspWebAlbum 3.2 - Cross-Site Scripting via Album Summary Message Parameter
Cross-site scripting (XSS) vulnerability in album.asp in Full Revolution aspWebAlbum 3.2 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a summary action.
by Alemin_Krali
CVE-2004-1553 EXPLOITDB text VERIFIED
aspWebAlbum - SQL Injection via Username Field or Cat Parameter
SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName parameter in a processlogin action to album.asp, as reachable from the login action.
by Alemin_Krali
CVE-2008-6996 EXPLOITDB text VERIFIED
Google Chrome 0.2.149.27 - Denial of Service via Automatic Executable File Download
Google Chrome BETA (0.2.149.27) does not prompt the user before saving an executable file, which makes it easier for remote attackers or malware to cause a denial of service (disk consumption) or exploit other vulnerabilities via a URL that references an executable file, possibly related to the "ask where to save each file before downloading" setting.
by nerex
CVE-2008-6995 EXPLOITDB text VERIFIED
Google Chrome 0.2.149.27 - Denial of Service via URI Handler Integer Underflow
Integer underflow in net/base/escape.cc in chrome.dll in Google Chrome 0.2.149.27 allows remote attackers to cause a denial of service (browser crash) via a URI with an invalid handler followed by a "%" (percent) character, which triggers a buffer over-read, as demonstrated using an "about:%" URI.
by Rishi Narang
EIP-2026-112781 EXPLOITDB text VERIFIED
TransLucid 1.75 - 'FCKeditor' Arbitrary File Upload
by BugReport.IR
CVE-2008-4039 EXPLOITDB text VERIFIED
spice_classifieds - SQL Injection via cat_path Parameter
SQL injection vulnerability in index.php in Spice Classifieds allows remote attackers to execute arbitrary SQL commands via the cat_path parameter.
by InjEctOr5
CVE-2008-3943 EXPLOITDB text VERIFIED
eZoneScripts Living Local 1.1 - SQL Injection
SQL injection vulnerability in listtest.php in eZoneScripts Living Local 1.1 allows remote attackers to execute arbitrary SQL commands via the r parameter.
by Hussin X
CVE-2008-4046 EXPLOITDB text VERIFIED
eliteCMS 1.0 - SQL Injection via Page Parameter
SQL injection vulnerability in index.php in eliteCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
by e.wiZz!
CVE-2008-6396 EXPLOITDB text VERIFIED
Celerondude Uploader 6.1 - Cross-Site Scripting via Username Parameter
Cross-site scripting (XSS) vulnerability in account.php in Celerondude Uploader 6.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtained from third party information.
by Xc0re
CVE-2008-6978 EXPLOITDB text VERIFIED
Full Revolution aspWebAlbum 3.2 - Unrestricted File Upload and Remote Code Execution via pics/ Directory
Unrestricted file upload vulnerability in Full Revolution aspWebAlbum 3.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in pics/, related to the uploadmedia action in album.asp.
by Alemin_Krali
EIP-2026-104873 EXPLOITDB text VERIFIED
@Mail 5.42 and @Mail WebMail 5.0.5 - Multiple Cross-Site Scripting Vulnerabilities
by C1c4Tr1Z
CVE-2008-6970 EXPLOITDB text VERIFIED
UBB.threads < 7.3.1 - SQL Injection via Forum[] Array Parameter
SQL injection vulnerability in dosearch.inc.php in UBB.threads 7.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the Forum[] array parameter.
by GulfTech Security
CVE-2008-4086 EXPLOITDB text VERIFIED
Reciprocal Links Manager 1.1 - SQL Injection via Site Parameter
SQL injection vulnerability in index.php in Reciprocal Links Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the site parameter in an open action.
by Hussin X
CVE-2008-4092 EXPLOITDB text VERIFIED
myphpnuke < 1.8.8_8 - SQL Injection via printfeature.php artid Parameter
SQL injection vulnerability in printfeature.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the artid parameter.
by MustLive
CVE-2008-3941 EXPLOITDB text VERIFIED
bizdirectory < 2.04 - Cross-Site Scripting via Search Page Parameter
Cross-site scripting (XSS) vulnerability in BizDirectory 2.04 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter in a search action to the default URI.
by Am!r
CVE-2008-6394 EXPLOITDB text VERIFIED
CS-Cart <= 1.3.5 - SQL Injection via cs_cookies[customer_user_id] Cookie Parameter
SQL injection vulnerability in core/user.php in CS-Cart 1.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the cs_cookies[customer_user_id] cookie parameter.
by GulfTech Security
CVE-2008-4090 EXPLOITDB text VERIFIED
PHP Coupon Script 4.0 - SQL Injection via id Parameter in addtocart Action
SQL injection vulnerability in index.php in PHP Coupon Script 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in an addtocart action, a different vector than CVE-2007-2672.
by Hussin X
CVE-2008-4044 EXPLOITDB text VERIFIED
AJ Square aj-hyip - SQL Injection via artid Parameter
SQL injection vulnerability in article/readarticle.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the artid parameter.
by InjEctOr5
CVE-2008-4043 EXPLOITDB text VERIFIED
AJ Square AJ HYIP Acme - SQL Injection
Multiple SQL injection vulnerabilities in AJ Square AJ HYIP Acme allow remote attackers to execute arbitrary SQL commands via the artid parameter to (1) acme/article/comment.php and (2) prime/article/comment.php.
by security fears team
CVE-2008-4041 EXPLOITDB text VERIFIED
Softalk Mail Server 8.5.1.431 - DoS
The IMAP server in Softalk Mail Server (formerly WorkgroupMail) 8.5.1.431 allows remote authenticated users to cause a denial of service (resource consumption and daemon crash) via a long IMAP APPEND command with certain repeated parameters.
by Antunes