Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-3718 EXPLOITDB text VERIFIED
cyberBB 0.6 - Authenticated SQL Injection via id or user Parameter
Multiple SQL injection vulnerabilities in cyberBB 0.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter to show_topic.php and the (2) user parameter to profile.php.
by cOndemned
CVE-2008-3714 EXPLOITDB text VERIFIED
AWStats 6.8 - Cross-Site Scripting via Query String
Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the query_string, a different vulnerability than CVE-2006-3681 and CVE-2006-1945.
by Morgan Todd
EIP-2026-100384 EXPLOITDB text VERIFIED
K Web CMS - 'sayfala.asp' SQL Injection
by baltazar
CVE-2008-6022 EXPLOITDB text VERIFIED
Xnova - Remote Code Execution via ugamela_root_path Parameter
PHP remote file inclusion vulnerability in includes/todofleetcontrol.php in an older version of Xnova, possibly 0.8 sp1, allows remote attackers to execute arbitrary PHP code via a URL in the ugamela_root_path parameter.
by NuclearHaxor
CVE-2008-6023 EXPLOITDB text VERIFIED
xnova < 0.8 - Remote Code Execution via xnova_root_path Parameter
PHP remote file inclusion vulnerability in includes/todofleetcontrol.php in a newer version of Xnova, possibly 0.8 sp1, allows remote attackers to execute arbitrary PHP code via a URL in the xnova_root_path parameter.
by NuclearHaxor
CVE-2008-3713 EXPLOITDB text VERIFIED
phpbasket - SQL Injection via pro_id Parameter
SQL injection vulnerability in product.php in PHPBasket allows remote attackers to execute arbitrary SQL commands via the pro_id parameter.
by r45c4l
CVE-2008-3711 EXPLOITDB text VERIFIED
PHPArcadeScript 4.0 - SQL Injection
SQL injection vulnerability in index.php in PHPArcadeScript (PHP Arcade Script) 4.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter in a browse action.
by Hussin X
CVE-2008-7107 EXPLOITDB text VERIFIED
ESET Smart Security 3.0.667.0 - Denial of Service via IOCTL Request to easdrv.sys
easdrv.sys in ESET Smart Security 3.0.667.0 allows local users to cause a denial of service (crash) via a crafted IOCTL 0x222003 request to the \\.\easdrv device interface.
by g_
CVE-2008-3732 EXPLOITDB text VERIFIED
VLC Media Player <0.8.6i - Buffer Overflow
Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
by g_
CVE-2008-3720 EXPLOITDB text VERIFIED
DMCMS 0.7.4 - SQL Injection via Page Parameter
SQL injection vulnerability in index.php in DeeEmm CMS (DMCMS) 0.7.4 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the id vector is already covered by CVE-2007-5679.
by Khashayar Fereidani
CVE-2007-5679 EXPLOITDB text VERIFIED
DeeEmm.com DM CMS 0.7.0.Beta and 0.7.4 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in DeeEmm.com DM CMS 0.7.0.Beta allows remote attackers to execute arbitrary SQL commands via the id parameter in the media page (build_media_content.php). NOTE: it was later reported that 0.7.4 is also affected.
by Khashayar Fereidani
CVE-2008-3706 EXPLOITDB text VERIFIED
zeejobsite 2.0 - SQL Injection via bannerclick.php adid Parameter
SQL injection vulnerability in bannerclick.php in ZEEJOBSITE 2.0 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
by Hussin X
EIP-2026-111548 EXPLOITDB text VERIFIED
PromoProducts - 'view_product.php' Multiple SQL Injections
by baltazar
CVE-2008-3723 EXPLOITDB text VERIFIED
PHPizabi 0.848b C1 HFP3 - Path Traversal
Directory traversal vulnerability in index.php in PHPizabi 0.848b C1 HFP3 allows remote authenticated administrators to read arbitrary files via (1) a .. (dot dot), (2) a URL, or possibly (3) a full pathname in the id parameter in an admin.templates.edittemplate action. NOTE: some of these details are obtained from third party information.
by Lostmon
CVE-2008-3712 EXPLOITDB text VERIFIED
Mambo 4.6.2 and 4.6.5 - Cross-Site Scripting via Query String and mosConfig_sitename Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.2 and 4.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php and the (2) mosConfig_sitename parameter to administrator/popups/index3pop.php.
by Khashayar Fereidani
CVE-2008-3712 EXPLOITDB text VERIFIED
Mambo 4.6.2 and 4.6.5 - Cross-Site Scripting via Query String and mosConfig_sitename Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.2 and 4.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php and the (2) mosConfig_sitename parameter to administrator/popups/index3pop.php.
by Khashayar Fereidani
CVE-2008-3715 EXPLOITDB text VERIFIED
FlexCMS 2.5 and earlier - Cross-Site Scripting via PreviousColorsString Parameter
Cross-site scripting (XSS) vulnerability in inc-core-admin-editor-previouscolorsjs.php in the FlexCMS 2.5 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the PreviousColorsString parameter.
by Dr.Crash
CVE-2008-3708 EXPLOITDB text VERIFIED
dotcms 1.6.0.9 - Path Traversal via ID Parameter
Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) news/index.dot and (2) getting_started/macros/macros_detail.dot.
by Don
CVE-2008-3721 EXPLOITDB text VERIFIED
DeeEmm CMS 0.7.4 - Remote Code Execution via Language Directory Parameter
PHP remote file inclusion vulnerability in user_language.php in DeeEmm CMS (DMCMS) 0.7.4 allows remote attackers to execute arbitrary PHP code via a URL in the language_dir parameter.
by Khashayar Fereidani
CVE-2008-3722 EXPLOITDB text VERIFIED
fipsCMS 2.1 - SQL Injection via forum/neu.asp kat Parameter
SQL injection vulnerability in forum/neu.asp in fipsCMS 2.1 allows remote attackers to execute arbitrary SQL commands via the kat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by U238
EIP-2026-109158 EXPLOITDB text VERIFIED
Links Pile - 'link.php' SQL Injection
by HaCkeR_EgY
EIP-2026-102521 EXPLOITDB text VERIFIED
Openfire 3.5.2 - 'login.jsp' Cross-Site Scripting
by Daniel Henninger
CVE-2008-5947 EXPLOITDB text VERIFIED
YapBB 1.2 Beta 2 - Remote File Inclusion Code Execution
PHP remote file inclusion vulnerability in include/class_yapbbcooker.php in YapBB 1.2.Beta 2 allows remote attackers to execute arbitrary PHP code via a URL in the cfgIncludeDirectory parameter.
by CraCkEr
CVE-2008-5946 EXPLOITDB text VERIFIED
php-fusion 4.01 - SQL Injection via News ID Parameter
SQL injection vulnerability in readmore.php in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the news_id parameter.
by Rake
CVE-2008-3682 EXPLOITDB text VERIFIED
YPN PHP Realty - SQL Injection via dpage.php docID Parameter
SQL injection vulnerability in dpage.php in YPN PHP Realty allows remote attackers to execute arbitrary SQL commands via the docID parameter.
by CraCkEr