Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-7119 EXPLOITDB text VERIFIED
WeBid 0.5.4 - SQL Injection via item.php id Parameter
SQL injection vulnerability in item.php in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Stack
CVE-2008-3101 EXPLOITDB text VERIFIED
vtiger CRM 5.0.4 - Cross-Site Scripting via Parenttab, User Password, or Query String Parameters
Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the parenttab parameter in an index action to the Products module, as reachable through index.php; (2) the user_password parameter in an Authenticate action to the Users module, as reachable through index.php; or (3) the query_string parameter in a UnifiedSearch action to the Home module, as reachable through index.php.
by Fabian Fingerle
EIP-2026-107380 EXPLOITDB text VERIFIED
GenPortal - 'buscarCat.php' Cross-Site Scripting
by sl4xUz
CVE-2008-4084 EXPLOITDB text VERIFIED
MyioSoft EasyClassifields 3.0 - SQL Injection via go Parameter in browse Action
SQL injection vulnerability in staticpages/easyclassifields/index.php in MyioSoft EasyClassifields 3.0 allows remote attackers to execute arbitrary SQL commands via the go parameter in a browse action.
by e.wiZz!
CVE-2008-6991 EXPLOITDB text VERIFIED
cmsbright - SQL Injection via id_rub_page Parameter
SQL injection vulnerability in public/page.php in Websens CMSbright allows remote attackers to execute arbitrary SQL commands via the id_rub_page parameter.
by h4ck3r
CVE-2008-7117 EXPLOITDB text VERIFIED
WeBid 0.5.4 - Arbitrary CSS File Modification via file Parameter
eledicss.php in WeBid auction script 0.5.4 allows remote attackers to modify arbitrary cascading style sheets (CSS) files via a certain request with the file parameter set to style.css. NOTE: this can probably be leveraged for cross-site scripting (XSS) attacks.
by InjEctOr5
CVE-2008-7116 EXPLOITDB text VERIFIED
WeBid 0.5.4 - SQL Injection via Admin Panel Username Parameter
SQL injection vulnerability in the admin panel (admin/) in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the username.
by InjEctOr5
CVE-2008-4088 EXPLOITDB text VERIFIED
myphpnuke < 1.8.8_8 - SQL Injection via print.php sid Parameter
SQL injection vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the sid parameter.
by MustLive
CVE-2008-3945 EXPLOITDB text VERIFIED
Words tag 1.2 - SQL Injection via Word Parameter in Claim Action
SQL injection vulnerability in index.php in Words tag 1.2 allows remote attackers to execute arbitrary SQL commands via the word parameter in a claim action.
by Hussin X
CVE-2008-7118 EXPLOITDB text VERIFIED
WeBid 0.5.4 - Unauthenticated Sensitive Information Exposure via Direct Request
WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.log.
by InjEctOr5
CVE-2008-4091 EXPLOITDB text VERIFIED
Web Directory Script 1.5.3 - SQL Injection via Site Parameter in Open Action
SQL injection vulnerability in index.php in Web Directory Script 1.5.3 allows remote attackers to execute arbitrary SQL commands via the site parameter in an open action.
by Hussin X
CVE-2008-4089 EXPLOITDB text VERIFIED
myphpnuke < 1.8.8_8 - Cross-Site Scripting via print.php sid Parameter
Cross-site scripting (XSS) vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to inject arbitrary web script or HTML via the sid parameter.
by MustLive
CVE-2008-4082 EXPLOITDB text VERIFIED
Brim 2.0.0 - Authenticated SQL Injection via Tasks Plugin Search Action
SQL injection vulnerability in the Tasks plugin in Brim 2.0.0, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via an arbitrary field in a search action to index.php.
by InjEctOr5
CVE-2008-4083 EXPLOITDB text VERIFIED
Brim 2.0 - Authenticated Cross-Site Scripting via Bookmarks Plugin Name Parameter
Cross-site scripting (XSS) vulnerability in the Bookmarks plugin in Brim 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in an addItemPost action to index.php. NOTE: some of these details are obtained from third party information.
by InjEctOr5
CVE-2008-1083 EXPLOITDB HIGH text VERIFIED
Microsoft Windows - Buffer Overflow
Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."
by Ac!dDrop
CVSS 8.1
CVE-2008-3942 EXPLOITDB text VERIFIED
Full PHP Emlak Script - SQL Injection
SQL injection vulnerability in landsee.php in Full PHP Emlak Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Hussin X
EIP-2026-106552 EXPLOITDB text VERIFIED
dotProject 2.1.2 - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities
by C1c4Tr1Z
EIP-2026-101014 EXPLOITDB text VERIFIED
Dreambox - Web Interface URI Remote Denial of Service
by Marc Ruef
CVE-2008-3937 EXPLOITDB MEDIUM text VERIFIED
OpenDb 1.0.6 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Open Media Collectors Database (OpenDb) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) user_id parameter in an edit action to user_admin.php, the (2) title parameter to listings.php, and the (3) redirect_url parameter to user_profile.php.
by C1c4Tr1Z
CVSS 6.1
CVE-2008-3937 EXPLOITDB MEDIUM text VERIFIED
OpenDb 1.0.6 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Open Media Collectors Database (OpenDb) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) user_id parameter in an edit action to user_admin.php, the (2) title parameter to listings.php, and the (3) redirect_url parameter to user_profile.php.
by C1c4Tr1Z
CVSS 6.1
CVE-2008-3937 EXPLOITDB MEDIUM text VERIFIED
OpenDb 1.0.6 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Open Media Collectors Database (OpenDb) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) user_id parameter in an edit action to user_admin.php, the (2) title parameter to listings.php, and the (3) redirect_url parameter to user_profile.php.
by C1c4Tr1Z
CVSS 6.1
CVE-2008-4093 EXPLOITDB text VERIFIED
YourOwnBux 3.1 and 3.2 beta - SQL Injection via User Parameter
SQL injection vulnerability in memberstats.php in YourOwnBux 3.1 and 3.2 beta, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter.
by ~!Dok_tOR!~
CVE-2008-3861 EXPLOITDB text VERIFIED
phpMyRealty < 1.0.9 - SQL Injection via id or price_max Parameter
Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in pages.php and (2) the price_max parameter in search.php.
by ~!Dok_tOR!~
EIP-2026-104889 EXPLOITDB text VERIFIED
AbleSpace 1.0 - 'adv_cat.php' Cross-Site Scripting
by Bug Researchers Group
CVE-2008-2930 EXPLOITDB text VERIFIED
Red Hat Directory Server 7.1 < SP7, 8 & Fedora Directory Server 1.1.1 - DoS via LDAP Requests
Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 allow remote attackers to cause a denial of service (CPU consumption and search outage) via crafted LDAP search requests with patterns, related to a single-threaded regular-expression subsystem.
by Ulf Weltman