Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-4528 EXPLOITDB text VERIFIED
Phlatline Personal Information Manager 1.01 - Path Traversal via Notes.php ID Parameter
Directory traversal vulnerability in notes.php in Phlatline's Personal Information Manager (pPIM) 1.01 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter in an edit action.
by Stack
CVE-2008-4423 EXPLOITDB text VERIFIED
Ovidentia 6.6.5 - SQL Injection via Item Parameter in Contact Modify Action
SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the item parameter in a contact modify action.
by Khashayar Fereidani
CVE-2008-3700 EXPLOITDB text VERIFIED
Kayako SupportSuite < 3.20.02 - Cross-Site Scripting via SessionID Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite 3.20.02 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the sessionid parameter in a livesupport startclientchat action to visitor/index.php; (2) the filter parameter in a news view action to index.php; or the Full Name field in a (3) account creation, (4) ticket opening, or (5) chat request operation.
by GulfTech Security
CVE-2008-3700 EXPLOITDB text VERIFIED
Kayako SupportSuite < 3.20.02 - Cross-Site Scripting via SessionID Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite 3.20.02 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the sessionid parameter in a livesupport startclientchat action to visitor/index.php; (2) the filter parameter in a news view action to index.php; or the Full Name field in a (3) account creation, (4) ticket opening, or (5) chat request operation.
by GulfTech Security
CVE-2008-3701 EXPLOITDB text VERIFIED
Kayako SupportSuite <3.20.02 - SQL Injection
SQL injection vulnerability in staff/index.php in Kayako SupportSuite 3.20.02 and earlier allows remote authenticated users to execute arbitrary SQL commands via the customfieldlinkid parameter in a delcflink action.
by GulfTech Security
CVE-2008-4424 EXPLOITDB text VERIFIED
Domain Group Network GooCMS 1.02 - Cross-Site Scripting via Comments Action s Parameter
Cross-site scripting (XSS) vulnerability in index.php in Domain Group Network GooCMS 1.02 allows remote attackers to inject arbitrary web script or HTML via the s parameter in a comments action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ahmadbaby
CVE-2008-2938 EXPLOITDB text VERIFIED
Apache Tomcat 4.1.0-4.1.37, 5.5.0-5.5.26, 6.0.0-6.0.16 - Directory Traversal via Encoded URI Sequences
Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
by Simon Ryeo
CVE-2008-4426 EXPLOITDB text VERIFIED
Phlatline Personal Information Manager 1.0 - Cross-Site Scripting via events.php date parameter
Cross-site scripting (XSS) vulnerability in events.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to inject arbitrary web script or HTML via the date parameter in a new action.
by BeyazKurt
CVE-2008-4425 EXPLOITDB text VERIFIED
Phlatline Personal Information Manager 1.0 - Path Traversal & Arbitrary File Deletion via Upload.php
Directory traversal vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter within a delfile action.
by BeyazKurt
CVE-2008-3603 EXPLOITDB text VERIFIED
Vacation Rental Script 3.0 - SQL Injection
SQL injection vulnerability in index.php in Vacation Rental Script 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a sections action.
by CraCkEr
CVE-2008-3595 EXPLOITDB text VERIFIED
txtSQL 2.2 Final - Remote File Inclusion Code Execution
PHP remote file inclusion vulnerability in examples/txtSQLAdmin/startup.php in txtSQL 2.2 Final allows remote attackers to execute arbitrary PHP code via a URL in the CFG[txtsql][class] parameter.
by CraCkEr
CVE-2008-3598 EXPLOITDB text VERIFIED
psipuss 1.0 - SQL Injection via Cid Parameter or Username Parameter
Multiple SQL injection vulnerabilities in psipuss 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the Cid parameter to categories.php or (2) the Username parameter to login.php.
by Virangar Security
CVE-2008-4528 EXPLOITDB text VERIFIED
Phlatline Personal Information Manager 1.01 - Path Traversal via Notes.php ID Parameter
Directory traversal vulnerability in notes.php in Phlatline's Personal Information Manager (pPIM) 1.01 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter in an edit action.
by BeyazKurt
CVE-2008-3602 EXPLOITDB text VERIFIED
uPHP_ring_website 0.9.1 - Auth Bypass
admin/wr_admin.php in PHP-Ring Webring System (aka uPHP_ring_website) 0.9.1 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.
by Virangar Security
CVE-2008-3599 EXPLOITDB text VERIFIED
OpenImpro 1.1 - SQL Injection via image.php id Parameter
SQL injection vulnerability in image.php in OpenImpro 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by nuclear
EIP-2026-106661 EXPLOITDB text VERIFIED
e107 < 0.7.11 - Arbitrary Variable Overwriting
by GulfTech Security
CVE-2008-3431 EXPLOITDB HIGH text VERIFIED
Sun xVM VirtualBox <1.6.4 - Privilege Escalation
The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \\.\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address.
by Core Security
CVSS 8.8
CVE-2008-3668 EXPLOITDB text VERIFIED
Yogurt Social Network module 3.2 rc1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the Yogurt Social Network module 3.2 rc1 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the uid parameter to (1) friends.php, (2) seutubo.php, (3) album.php, (4) scrapbook.php, (5) index.php, or (6) tribes.php; or (7) the description field of a new scrap.
by Lostmon
CVE-2008-3668 EXPLOITDB text VERIFIED
Yogurt Social Network module 3.2 rc1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the Yogurt Social Network module 3.2 rc1 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the uid parameter to (1) friends.php, (2) seutubo.php, (3) album.php, (4) scrapbook.php, (5) index.php, or (6) tribes.php; or (7) the description field of a new scrap.
by Lostmon
CVE-2008-3668 EXPLOITDB text VERIFIED
Yogurt Social Network module 3.2 rc1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the Yogurt Social Network module 3.2 rc1 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the uid parameter to (1) friends.php, (2) seutubo.php, (3) album.php, (4) scrapbook.php, (5) index.php, or (6) tribes.php; or (7) the description field of a new scrap.
by Lostmon
CVE-2008-3668 EXPLOITDB text VERIFIED
Yogurt Social Network module 3.2 rc1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the Yogurt Social Network module 3.2 rc1 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the uid parameter to (1) friends.php, (2) seutubo.php, (3) album.php, (4) scrapbook.php, (5) index.php, or (6) tribes.php; or (7) the description field of a new scrap.
by Lostmon
CVE-2008-3668 EXPLOITDB text VERIFIED
Yogurt Social Network module 3.2 rc1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the Yogurt Social Network module 3.2 rc1 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the uid parameter to (1) friends.php, (2) seutubo.php, (3) album.php, (4) scrapbook.php, (5) index.php, or (6) tribes.php; or (7) the description field of a new scrap.
by Lostmon
CVE-2008-3668 EXPLOITDB text VERIFIED
Yogurt Social Network module 3.2 rc1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the Yogurt Social Network module 3.2 rc1 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the uid parameter to (1) friends.php, (2) seutubo.php, (3) album.php, (4) scrapbook.php, (5) index.php, or (6) tribes.php; or (7) the description field of a new scrap.
by Lostmon
CVE-2008-4432 EXPLOITDB text VERIFIED
RMSOFT MiniShop module 1.0 - Cross-Site Scripting via search.php itemsxpag Parameter
Cross-site scripting (XSS) vulnerability in search.php in the RMSOFT MiniShop module 1.0 for Xoops allows remote attackers to inject arbitrary web script or HTML via the itemsxpag parameter.
by Lostmon
CVE-2008-4435 EXPLOITDB text VERIFIED
RMSOFT Downloads Plus Module 1.5 and 1.7 - Cross-Site Scripting via key or id Parameter
Multiple cross-site scripting (XSS) vulnerabilities in the RMSOFT Downloads Plus (rmdp) module 1.5 and 1.7 for Xoops allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to search.php and the (2) id parameter to down.php.
by Lostmon