Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-4435 EXPLOITDB text VERIFIED
RMSOFT Downloads Plus Module 1.5 and 1.7 - Cross-Site Scripting via key or id Parameter
Multiple cross-site scripting (XSS) vulnerabilities in the RMSOFT Downloads Plus (rmdp) module 1.5 and 1.7 for Xoops allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to search.php and the (2) id parameter to down.php.
by Lostmon
EIP-2026-109160 EXPLOITDB text VERIFIED
Linkspider 1.08 - Multiple Remote File Inclusions
by Rohit Bansal
CVE-2008-3606 EXPLOITDB text VERIFIED
Qbik WinGate <6.2.2.1137 - Buffer Overflow
Heap-based buffer overflow in the IMAP service in Qbik WinGate 6.2.2.1137 and earlier allows remote authenticated users to cause a denial of service (resource exhaustion) or possibly execute arbitrary code via a long argument to the LIST command. NOTE: some of these details are obtained from third party information.
by Antunes
CVE-2008-5120 EXPLOITDB text VERIFIED
HP OpenVMS 8.3 - Stack-Based Buffer Overflow in MultiNet Finger Service
Stack-based buffer overflow in the Process Software MultiNet finger service (aka FINGERD) for HP OpenVMS 8.3 allows remote attackers to execute arbitrary code via a long request string.
by Shaun Colley
CVE-2008-3555 EXPLOITDB text VERIFIED
WSN Links <= 4.1.44 - Remote File Inclusion via TID Parameter
Directory traversal vulnerability in index.php in (1) WSN Forum 4.1.43 and earlier, (2) Gallery 4.1.30 and earlier, (3) Knowledge Base (WSNKB) 4.1.36 and earlier, (4) Links 4.1.44 and earlier, and possibly (5) Classifieds before 4.1.30 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the TID parameter, as demonstrated by uploading a .jpg file containing PHP sequences.
by otmorozok428
EIP-2026-113329 EXPLOITDB text VERIFIED
WebmasterSite (Multiple Products) - Remote Command Execution
by otmorozok428
EIP-2026-111630 EXPLOITDB text VERIFIED
Quate CMS 0.3.4 - Multiple Cross-Site Scripting Vulnerabilities
by CraCkEr
EIP-2026-111629 EXPLOITDB text VERIFIED
Quate CMS 0.3.4 - Local File Inclusion / Cross-Site Scripting
by CraCkEr
CVE-2008-6516 EXPLOITDB text VERIFIED
phpkf-portal 1.10 - Path Traversal via tema_dizin or portal_ayarlarportal_dili Parameter
Multiple directory traversal vulnerabilities in phpKF-Portal 1.10 allow remote attackers to include arbitrary files via a .. (dot dot) in the (1) tema_dizin parameter to baslik.php and (2) portal_ayarlarportal_dili parameter to anket_yonetim.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by KnocKout
CVE-2008-6516 EXPLOITDB text VERIFIED
phpkf-portal 1.10 - Path Traversal via tema_dizin or portal_ayarlarportal_dili Parameter
Multiple directory traversal vulnerabilities in phpKF-Portal 1.10 allow remote attackers to include arbitrary files via a .. (dot dot) in the (1) tema_dizin parameter to baslik.php and (2) portal_ayarlarportal_dili parameter to anket_yonetim.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by KnocKout
CVE-2008-3512 EXPLOITDB text VERIFIED
PHP-Nuke Kleinanzeigen Module - SQL Injection via lid Parameter
SQL injection vulnerability in the Kleinanzeigen module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a visit action to modules.php.
by Lovebug
CVE-2008-3560 EXPLOITDB text VERIFIED
Kshop module 2.22 for Xoops - Cross-Site Scripting via Search Parameter
Cross-site scripting (XSS) vulnerability in kshop_search.php in the Kshop module 2.22 for Xoops allows remote attackers to inject arbitrary web script or HTML via the search parameter.
by Lostmon
EIP-2026-108159 EXPLOITDB text VERIFIED
Joomla! / Mambo Component com_utchat 0.2 - Multiple Remote File Inclusions
by by_casper41
CVE-2008-3557 EXPLOITDB text VERIFIED
Free Hosting Manager 1.2-2.0 - Auth Bypass
Free Hosting Manager 1.2 and 2.0 allows remote attackers to bypass authentication and gain administrative access by setting both the adminuser and loggedin cookies.
by Scary-Boys
CVE-2008-3562 EXPLOITDB text VERIFIED
Chupix CMS 0.1.0 - Path Traversal via Contact Module mods Parameter
Directory traversal vulnerability in index.php in the Contact module in Chupix CMS 0.1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mods parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by casper41
CVE-2008-3556 EXPLOITDB text VERIFIED
Battle.net Clan Script 1.5.2 - SQL Injection
Multiple SQL injection vulnerabilities in index.php in Battle.net Clan Script 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) showmember parameter in a members action and the (2) thread parameter in a board action. NOTE: vector 1 might be the same as CVE-2008-2522.
by Khashayar Fereidani
CVE-2008-3607 EXPLOITDB text VERIFIED
NoticeWare Email Server NG <4.6.3 - DoS
The IMAP server in NoticeWare Email Server NG 4.6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via multiple long LOGIN commands.
by Antunes
EIP-2026-103444 EXPLOITDB text VERIFIED
Combat Evolved 1.0.7.0615 - Multiple Denial of Service Vulnerabilities
by Luigi Auriemma
CVE-2008-3559 EXPLOITDB text VERIFIED
KAPhotoservice - Cross-Site Scripting via Search Filename or Order Page Parameter
Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice allow remote attackers to inject arbitrary web script or HTML via the (1) filename parameter to search.asp and the (2) page parameter to order.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by by_casper41
CVE-2008-3559 EXPLOITDB text VERIFIED
KAPhotoservice - Cross-Site Scripting via Search Filename or Order Page Parameter
Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice allow remote attackers to inject arbitrary web script or HTML via the (1) filename parameter to search.asp and the (2) page parameter to order.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by by_casper41
CVE-2008-3511 EXPLOITDB text VERIFIED
Softbiz Image Gallery - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image Gallery (Photo Gallery) allow remote attackers to inject arbitrary web script or HTML via the (1) latest parameter to (a) index.php, (b) images.php, (c) suggest_image.php, and (d) image_desc.php; and the (2) msg parameter to index.php, images.php, and suggest_image.php, and (e) index.php, (f) adminhome.php, (g) config.php, (h) changepassword.php, (i) cleanup.php, (j) browsecats.php, and (k) images.php in admin/. NOTE: the image_desc.php/msg vector is covered by CVE-2006-1660. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by sl4xUz
CVE-2008-3511 EXPLOITDB text VERIFIED
Softbiz Image Gallery - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image Gallery (Photo Gallery) allow remote attackers to inject arbitrary web script or HTML via the (1) latest parameter to (a) index.php, (b) images.php, (c) suggest_image.php, and (d) image_desc.php; and the (2) msg parameter to index.php, images.php, and suggest_image.php, and (e) index.php, (f) adminhome.php, (g) config.php, (h) changepassword.php, (i) cleanup.php, (j) browsecats.php, and (k) images.php in admin/. NOTE: the image_desc.php/msg vector is covered by CVE-2006-1660. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by sl4xUz
CVE-2008-3511 EXPLOITDB text VERIFIED
Softbiz Image Gallery - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image Gallery (Photo Gallery) allow remote attackers to inject arbitrary web script or HTML via the (1) latest parameter to (a) index.php, (b) images.php, (c) suggest_image.php, and (d) image_desc.php; and the (2) msg parameter to index.php, images.php, and suggest_image.php, and (e) index.php, (f) adminhome.php, (g) config.php, (h) changepassword.php, (i) cleanup.php, (j) browsecats.php, and (k) images.php in admin/. NOTE: the image_desc.php/msg vector is covered by CVE-2006-1660. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by sl4xUz
CVE-2008-3511 EXPLOITDB text VERIFIED
Softbiz Image Gallery - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image Gallery (Photo Gallery) allow remote attackers to inject arbitrary web script or HTML via the (1) latest parameter to (a) index.php, (b) images.php, (c) suggest_image.php, and (d) image_desc.php; and the (2) msg parameter to index.php, images.php, and suggest_image.php, and (e) index.php, (f) adminhome.php, (g) config.php, (h) changepassword.php, (i) cleanup.php, (j) browsecats.php, and (k) images.php in admin/. NOTE: the image_desc.php/msg vector is covered by CVE-2006-1660. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by sl4xUz
CVE-2008-3511 EXPLOITDB text VERIFIED
Softbiz Image Gallery - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image Gallery (Photo Gallery) allow remote attackers to inject arbitrary web script or HTML via the (1) latest parameter to (a) index.php, (b) images.php, (c) suggest_image.php, and (d) image_desc.php; and the (2) msg parameter to index.php, images.php, and suggest_image.php, and (e) index.php, (f) adminhome.php, (g) config.php, (h) changepassword.php, (i) cleanup.php, (j) browsecats.php, and (k) images.php in admin/. NOTE: the image_desc.php/msg vector is covered by CVE-2006-1660. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by sl4xUz