Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-3906 EXPLOITDB text VERIFIED
Mono <2.0 - HTTP Response Splitting
CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.
by Juraj Skripsky
CVE-2008-3195 EXPLOITDB text VERIFIED
TWiki < 4.2.3 - Path Traversal and Arbitrary File Execution via Image Parameter
Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot dot) in the image variable, and execute arbitrary files via unspecified vectors.
by Th1nk3r
CVE-2008-3758 EXPLOITDB text VERIFIED
Lussumo Vanilla <= 1.1.4 - Cross-Site Scripting (XSS) via NewPassword, Account Picture, and Icon Fields
Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla 1.1.4 and earlier (1) allow remote attackers to inject arbitrary web script or HTML via the NewPassword parameter to people.php, and allow remote authenticated users to inject arbitrary web script or HTML via the (2) Account picture and (3) Icon fields in account.php. NOTE: some of these details are obtained from third party information.
by GulfTech Security
CVE-2008-3768 EXPLOITDB text VERIFIED
Turnkey Web Tools SunShop <4.1.5 - SQL Injection
Multiple SQL injection vulnerabilities in class.ajax.php in Turnkey Web Tools SunShop Shopping Cart before 4.1.5 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an edit_registry action to index.php, (2) a vector involving the check_email function, and other vectors.
by GulfTech Security
CVE-2008-3749 EXPLOITDB text VERIFIED
YourFreeWorld Banner Mgr < - SQL Injection
SQL injection vulnerability in tr.php in YourFreeWorld Banner Management Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
by S.W.A.T.
CVE-2008-3719 EXPLOITDB text VERIFIED
SFS Affiliate Directory - SQL Injection
SQL injection vulnerability in directory.php in SFS Affiliate Directory allows remote attackers to execute arbitrary SQL commands via the id parameter in a deadlink action.
by Hussin X
CVE-2008-3725 EXPLOITDB text VERIFIED
YourFreeWorld Ad Board Script - SQL Injection
SQL injection vulnerability in trr.php in YourFreeWorld Ad Board Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Hussin X
CVE-2008-3748 EXPLOITDB text VERIFIED
Active PHP Bookmarks <1.2.06 - SQL Injection
SQL injection vulnerability in view_group.php in Active PHP Bookmarks (APB) 1.1.02 and 1.2.06 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Hussin X
CVE-2008-4101 EXPLOITDB text VERIFIED
Vim < 7.2.010 - Arbitrary Command Execution via K Keystroke
Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.
by Ben Schmidt
CVE-2008-3763 EXPLOITDB text VERIFIED
Turnkey PHP Live Helper <2.0.1 - Code Injection
Variable overwrite vulnerability in libsecure.php in Turnkey PHP Live Helper 2.0.1 and earlier, when register_globals is enabled, allows remote attackers to overwrite arbitrary variables related to the db config file. NOTE: this can be leveraged for code injection by overwriting the language file.
by GulfTech Security
CVE-2008-3762 EXPLOITDB text VERIFIED
Turnkey PHP Live Helper <2.0.1 - SQL Injection
SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the dep parameter, related to lack of input sanitization in the get function in global.php.
by GulfTech Security
CVE-2008-3761 EXPLOITDB text VERIFIED
VMware Workstation 6.5.1 - Denial of Service via IOCTL Request
hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 uses the METHOD_NEITHER communication method for IOCTLs, which allows local users to cause a denial of service via a crafted IOCTL request.
by g_
CVE-2008-6518 EXPLOITDB text VERIFIED
VidiScript - Authenticated Remote Code Execution via Avatar Upload
Unrestricted file upload vulnerability in the profile feature in VidiScript allows registered remote authenticated users to execute arbitrary code by uploading a PHP file as an Avatar, then accessing the avatar via a direct request.
by InjEctOr5
CVE-2008-3764 EXPLOITDB text VERIFIED
Turnkey PHP Live Helper <2.0.1 - Code Injection
Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters, to chat.php.
by GulfTech Security
CVE-2008-3917 EXPLOITDB text VERIFIED
Ovidentia 6.6.5 - Cross-Site Scripting via Search Field Parameter
Cross-site scripting (XSS) vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter in a search action.
by ThE dE@Th
CVE-2008-6517 EXPLOITDB text VERIFIED
NewsHOWLER 1.03 Beta - SQL Injection via news_user Cookie Parameter
SQL injection vulnerability in NewsHOWLER 1.03 Beta allows remote attackers to execute arbitrary SQL commands via the news_user cookie parameter.
by Khashayar Fereidani
EIP-2026-108021 EXPLOITDB text VERIFIED
itMedia - Multiple SQL Injections
by baltazar
CVE-2008-3770 EXPLOITDB text VERIFIED
Freeway 1.4.1.171 - Path Traversal via Language Parameter
Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) includes/events_application_top.php; (2) english/account.php, (3) french/account.php, and (4) french/account_newsletters.php in includes/languages/; (5) includes/modules/faqdesk/faqdesk_article_require.php; (6) includes/modules/newsdesk/newsdesk_article_require.php; (7) card1.php, (8) loginbox.php, and (9) whos_online.php in templates/Freeway/boxes/; and (10) templates/Freeway/mainpage_modules/mainpage.php. NOTE: vector 1 may be the same as CVE-2008-3677.
by Digital Security Research Group
CVE-2008-3770 EXPLOITDB text VERIFIED
Freeway 1.4.1.171 - Path Traversal via Language Parameter
Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) includes/events_application_top.php; (2) english/account.php, (3) french/account.php, and (4) french/account_newsletters.php in includes/languages/; (5) includes/modules/faqdesk/faqdesk_article_require.php; (6) includes/modules/newsdesk/newsdesk_article_require.php; (7) card1.php, (8) loginbox.php, and (9) whos_online.php in templates/Freeway/boxes/; and (10) templates/Freeway/mainpage_modules/mainpage.php. NOTE: vector 1 may be the same as CVE-2008-3677.
by Digital Security Research Group
CVE-2008-3770 EXPLOITDB text VERIFIED
Freeway 1.4.1.171 - Path Traversal via Language Parameter
Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) includes/events_application_top.php; (2) english/account.php, (3) french/account.php, and (4) french/account_newsletters.php in includes/languages/; (5) includes/modules/faqdesk/faqdesk_article_require.php; (6) includes/modules/newsdesk/newsdesk_article_require.php; (7) card1.php, (8) loginbox.php, and (9) whos_online.php in templates/Freeway/boxes/; and (10) templates/Freeway/mainpage_modules/mainpage.php. NOTE: vector 1 may be the same as CVE-2008-3677.
by Digital Security Research Group
CVE-2008-3770 EXPLOITDB text VERIFIED
Freeway 1.4.1.171 - Path Traversal via Language Parameter
Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) includes/events_application_top.php; (2) english/account.php, (3) french/account.php, and (4) french/account_newsletters.php in includes/languages/; (5) includes/modules/faqdesk/faqdesk_article_require.php; (6) includes/modules/newsdesk/newsdesk_article_require.php; (7) card1.php, (8) loginbox.php, and (9) whos_online.php in templates/Freeway/boxes/; and (10) templates/Freeway/mainpage_modules/mainpage.php. NOTE: vector 1 may be the same as CVE-2008-3677.
by Digital Security Research Group
CVE-2008-3770 EXPLOITDB text VERIFIED
Freeway 1.4.1.171 - Path Traversal via Language Parameter
Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) includes/events_application_top.php; (2) english/account.php, (3) french/account.php, and (4) french/account_newsletters.php in includes/languages/; (5) includes/modules/faqdesk/faqdesk_article_require.php; (6) includes/modules/newsdesk/newsdesk_article_require.php; (7) card1.php, (8) loginbox.php, and (9) whos_online.php in templates/Freeway/boxes/; and (10) templates/Freeway/mainpage_modules/mainpage.php. NOTE: vector 1 may be the same as CVE-2008-3677.
by Digital Security Research Group
CVE-2008-3770 EXPLOITDB text VERIFIED
Freeway 1.4.1.171 - Path Traversal via Language Parameter
Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) includes/events_application_top.php; (2) english/account.php, (3) french/account.php, and (4) french/account_newsletters.php in includes/languages/; (5) includes/modules/faqdesk/faqdesk_article_require.php; (6) includes/modules/newsdesk/newsdesk_article_require.php; (7) card1.php, (8) loginbox.php, and (9) whos_online.php in templates/Freeway/boxes/; and (10) templates/Freeway/mainpage_modules/mainpage.php. NOTE: vector 1 may be the same as CVE-2008-3677.
by Digital Security Research Group
CVE-2008-3770 EXPLOITDB text VERIFIED
Freeway 1.4.1.171 - Path Traversal via Language Parameter
Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) includes/events_application_top.php; (2) english/account.php, (3) french/account.php, and (4) french/account_newsletters.php in includes/languages/; (5) includes/modules/faqdesk/faqdesk_article_require.php; (6) includes/modules/newsdesk/newsdesk_article_require.php; (7) card1.php, (8) loginbox.php, and (9) whos_online.php in templates/Freeway/boxes/; and (10) templates/Freeway/mainpage_modules/mainpage.php. NOTE: vector 1 may be the same as CVE-2008-3677.
by Digital Security Research Group
CVE-2008-3770 EXPLOITDB text VERIFIED
Freeway 1.4.1.171 - Path Traversal via Language Parameter
Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) includes/events_application_top.php; (2) english/account.php, (3) french/account.php, and (4) french/account_newsletters.php in includes/languages/; (5) includes/modules/faqdesk/faqdesk_article_require.php; (6) includes/modules/newsdesk/newsdesk_article_require.php; (7) card1.php, (8) loginbox.php, and (9) whos_online.php in templates/Freeway/boxes/; and (10) templates/Freeway/mainpage_modules/mainpage.php. NOTE: vector 1 may be the same as CVE-2008-3677.
by Digital Security Research Group