Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-3779 EXPLOITDB text VERIFIED
Five Star Review Script - Cross-Site Scripting via Search Words Parameter
Cross-site scripting (XSS) vulnerability in search/index.php in Five Star Review Script allows remote attackers to inject arbitrary web script or HTML via the words parameter in a search action.
by Mr.SQL
CVE-2008-3785 EXPLOITDB text VERIFIED
MiaCMS 4.6.5 - SQL Injection via com_content id Parameter
Multiple SQL injection vulnerabilities in the com_content component in MiaCMS 4.6.5 allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) view, (2) category, or (3) blogsection action to index.php.
by ~!Dok_tOR!~
CVE-2008-3780 EXPLOITDB text VERIFIED
Five Star Review Script - SQL Injection
SQL injection vulnerability in recommend.php in Five Star Review Script allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
by Mr.SQL
CVE-2008-7059 EXPLOITDB text VERIFIED
One-News Beta 2 - SQL Injection via q Parameter
SQL injection vulnerability in index.php in One-News Beta 2 allows remote attackers to execute arbitrary SQL commands via the q parameter.
by suN8Hclf
CVE-2008-7059 EXPLOITDB text VERIFIED
One-News Beta 2 - SQL Injection via q Parameter
SQL injection vulnerability in index.php in One-News Beta 2 allows remote attackers to execute arbitrary SQL commands via the q parameter.
by suN8Hclf
EIP-2026-109955 EXPLOITDB text VERIFIED
noname script 1.1 - Multiple Vulnerabilities
by SirGod
CVE-2008-3794 EXPLOITDB text VERIFIED
VLC Media Player 0.8.6i - Remote Code Execution via Crafted MMST Link
Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a heap-based buffer overflow.
by g_
CVE-2008-3786 EXPLOITDB text VERIFIED
PICTURESPRO Photo Cart 3.9 - Cross-Site Scripting via qtitle Parameter
Cross-site scripting (XSS) vulnerability in index.php in PICTURESPRO Photo Cart 3.9 allows remote attackers to inject arbitrary web script or HTML via the qtitle parameter (aka "Gallery or event name" field) in a search action.
by Tyler Trioxide
CVE-2008-3850 EXPLOITDB text VERIFIED
Accellion File Transfer FTA_7_0_135 - XSS
Cross-site scripting (XSS) vulnerability in Accellion File Transfer FTA_7_0_135 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to courier/forgot_password.html.
by Eric Beaulieu
CVE-2008-7057 EXPLOITDB text VERIFIED
BandSite CMS 1.1.4 - Cross-Site Scripting via Merchandise Type Parameter
Cross-site scripting (XSS) vulnerability in merchandise.php in BandSite CMS 1.1.4 allows remote attackers to inject arbitrary HTML or web script via the type parameter.
by SirGod
CVE-2008-7056 EXPLOITDB text VERIFIED
BandSite CMS 1.1.4 - Unauthenticated Database Backup Download via adminpanel/phpmydump.php
BandSite CMS 1.1.4 does not perform access control for adminpanel/phpmydump.php, which allows remote attackers to obtain copies of the database via a direct request.
by SirGod
CVE-2008-4740 EXPLOITDB text VERIFIED
TinyCMS 1.1.2 - Remote File Inclusion via ZZ_Templater config[template] Parameter
Directory traversal vulnerability in templater.php in the ZZ_Templater module in TinyCMS 1.1.2, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the config[template] parameter.
by cOndemned
CVE-2008-4742 EXPLOITDB text VERIFIED
TimeTrex 2.2.11 - Cross-Site Scripting via Login Parameters
Multiple cross-site scripting (XSS) vulnerabilities in interface/Login.php in TimeTrex 2.2.11 allow remote attackers to inject arbitrary web script or HTML via the (1) password and (2) user_name parameters.
by Doz
CVE-2008-3774 EXPLOITDB text VERIFIED
Simasy CMS - SQL Injection via id Parameter
SQL injection vulnerability in index.php in Simasy CMS allows remote attackers to execute arbitrary SQL commands via the id parameter.
by r45c4l
CVE-2008-4744 EXPLOITDB text VERIFIED
DXShopCart 4.30mc - SQL Injection via product_detail.php pid Parameter
SQL injection vulnerability in product_detail.php in DXShopCart 4.30mc allows remote attackers to execute arbitrary SQL commands via the pid parameter.
by Hussin X
CVE-2008-3788 EXPLOITDB text VERIFIED
PICTURESPRO Photo Cart 3.9 - SQL Injection
Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) qtitle, (2) qid, and (3) qyear parameters to (a) search.php, and the (4) email and (5) password parameters to (b) _login.php.
by ~!Dok_tOR!~
CVE-2008-4741 EXPLOITDB text VERIFIED
far-php 1.00 - Path Traversal via Index.php c Parameter
Directory traversal vulnerability in index.php in FAR-PHP 1.00, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the c parameter.
by Beenu Arora
CVE-2008-4155 EXPLOITDB text VERIFIED
EasySite 2.3 - Path Traversal via Module or Action Parameter
Multiple directory traversal vulnerabilities in EasySite 2.3 allow remote attackers to read arbitrary files or list directories via a .. (dot dot) in the (1) module or (2) action parameter in (a) www/index.php; the (3) module, (4) ss_module, or (5) ss_action parameter in (b) modules/Module/index.php or (c) modules/Themes/index.php; or the (6) module parameter in (d) inc/vmenu.php.
by SirGod
CVE-2008-4156 EXPLOITDB text VERIFIED
CustomCms Gaming Portal 4.0 - SQL Injection via print.php id Parameter
SQL injection vulnerability in print.php in CustomCms (CCMS) Gaming Portal 4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
by ~!Dok_tOR!~
CVE-2008-7058 EXPLOITDB text VERIFIED
BandSite CMS 1.1.4 - Cross-Site Request Forgery via Admin Logout Endpoint
Cross-site request forgery (CSRF) vulnerability in BandSite CMS 1.1.4 allows remote attackers to hijack the authentication of administrators and force a logout via adminpanel/logout.php.
by SirGod
CVE-2008-3776 EXPLOITDB text VERIFIED
Fujitsu Web-Based Admin View <2.1.2 - Path Traversal
Directory traversal vulnerability in Fujitsu Web-Based Admin View 2.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
by Deniz Cevik
CVE-2008-3480 EXPLOITDB text VERIFIED
Anzio WePO <3.2.19-3.2.24 - Buffer Overflow
Stack-based buffer overflow in the Anzio Web Print Object (WePO) ActiveX control 3.2.19 and 3.2.24, as used in Anzio Print Wizard, allows remote attackers to execute arbitrary code via a long mainurl parameter.
by Core Security
CVE-2008-3752 EXPLOITDB text VERIFIED
YourFreeWorld Ad-Exchange Script - SQL Injection
SQL injection vulnerability in tr.php in YourFreeWorld Ad-Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Hussin X
CVE-2008-3773 EXPLOITDB text VERIFIED
vBulletin <3.7.2 PL1, <3.6.10 PL3 - XSS
Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and 3.6.10 PL3, when "Show New Private Message Notification Pop-Up" is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a private message subject (aka newpm[title]).
by Core Security
CVE-2008-3767 EXPLOITDB text VERIFIED
phpBazar 2.0.2 - SQL Injection via adid Parameter
SQL injection vulnerability in classified.php in phpBazar 2.0.2 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
by e.wiZz!