Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-3511 EXPLOITDB text VERIFIED
Softbiz Image Gallery - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image Gallery (Photo Gallery) allow remote attackers to inject arbitrary web script or HTML via the (1) latest parameter to (a) index.php, (b) images.php, (c) suggest_image.php, and (d) image_desc.php; and the (2) msg parameter to index.php, images.php, and suggest_image.php, and (e) index.php, (f) adminhome.php, (g) config.php, (h) changepassword.php, (i) cleanup.php, (j) browsecats.php, and (k) images.php in admin/. NOTE: the image_desc.php/msg vector is covered by CVE-2006-1660. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by sl4xUz
CVE-2008-3511 EXPLOITDB text VERIFIED
Softbiz Image Gallery - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image Gallery (Photo Gallery) allow remote attackers to inject arbitrary web script or HTML via the (1) latest parameter to (a) index.php, (b) images.php, (c) suggest_image.php, and (d) image_desc.php; and the (2) msg parameter to index.php, images.php, and suggest_image.php, and (e) index.php, (f) adminhome.php, (g) config.php, (h) changepassword.php, (i) cleanup.php, (j) browsecats.php, and (k) images.php in admin/. NOTE: the image_desc.php/msg vector is covered by CVE-2006-1660. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by sl4xUz
CVE-2008-3511 EXPLOITDB text VERIFIED
Softbiz Image Gallery - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image Gallery (Photo Gallery) allow remote attackers to inject arbitrary web script or HTML via the (1) latest parameter to (a) index.php, (b) images.php, (c) suggest_image.php, and (d) image_desc.php; and the (2) msg parameter to index.php, images.php, and suggest_image.php, and (e) index.php, (f) adminhome.php, (g) config.php, (h) changepassword.php, (i) cleanup.php, (j) browsecats.php, and (k) images.php in admin/. NOTE: the image_desc.php/msg vector is covered by CVE-2006-1660. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by sl4xUz
CVE-2008-3511 EXPLOITDB text VERIFIED
Softbiz Image Gallery - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image Gallery (Photo Gallery) allow remote attackers to inject arbitrary web script or HTML via the (1) latest parameter to (a) index.php, (b) images.php, (c) suggest_image.php, and (d) image_desc.php; and the (2) msg parameter to index.php, images.php, and suggest_image.php, and (e) index.php, (f) adminhome.php, (g) config.php, (h) changepassword.php, (i) cleanup.php, (j) browsecats.php, and (k) images.php in admin/. NOTE: the image_desc.php/msg vector is covered by CVE-2006-1660. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by sl4xUz
CVE-2008-3561 EXPLOITDB text VERIFIED
Powergap Shopsystem - SQL Injection
SQL injection vulnerability in s03.php in Powergap Shopsystem, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the ag parameter.
by Rohit Bansal
CVE-2008-3574 EXPLOITDB text VERIFIED
Pluck 4.5.2 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Pluck 4.5.2, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lang_footer parameter to (a) data/inc/footer.php; the (2) pluck_version, (3) lang_install22, (4) titelkop, (5) lang_kop1, (6) lang_kop2, (7) lang_modules, (8) lang_kop4, (9) lang_kop15, (10) lang_kop5, and (11) titelkop parameters to (b) data/inc/header.php; the pluck_version and titelkop parameters to (c) data/inc/header2.php; and the (14) lang_theme6 parameter to (d) data/inc/themeinstall.php.
by Khashayar Fereidani
CVE-2008-3563 EXPLOITDB text VERIFIED
Plogger <= 3.0 - SQL Injection via checked Parameter
Multiple SQL injection vulnerabilities in Plogger 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the checked array parameter to plog-download.php in an album action and (2) unspecified parameters to plog-remote.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the activate parameter to admin/plog-themes.php, related to theme_dir settings.
by GulfTech Security
CVE-2008-3508 EXPLOITDB text VERIFIED
LiteNews 0.1 - Unauthenticated Authentication Bypass via Admin Cookie
LiteNews 0.1 (aka 01), and possibly 1.2 and earlier, allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie.
by Scary-Boys
CVE-2008-3507 EXPLOITDB text VERIFIED
LiteNews 0.1 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in LiteNews 0.1 (aka 01), and possibly 1.2 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action.
by Stack
EIP-2026-107771 EXPLOITDB text VERIFIED
iges CMS 2.0 - Cross-Site Scripting / SQL Injection
by BugReport.IR
CVE-2008-3510 EXPLOITDB text VERIFIED
Crafty Syntax Live Help <2.14.6 - XSS
Cross-site scripting (XSS) vulnerability in livehelp_js.php in Crafty Syntax Live Help (CSLH) 2.14.6 allows remote attackers to inject arbitrary web script or HTML via the department parameter.
by CoRSaNTuRK
CVE-2008-3494 EXPLOITDB text VERIFIED
8e6 R3000 Internet Filter 2.0.12.10 - Open Redirect
8e6 R3000 Internet Filter 2.0.12.10 allows remote attackers to bypass intended restrictions via an extra HTTP Host header with additional leading text placed before the real Host header.
by nnposter
CVE-2008-3568 EXPLOITDB text VERIFIED
UNAK-CMS 1.5.5 - Path Traversal via Dirroot Parameter
Absolute path traversal vulnerability in fckeditor/editor/filemanager/browser/default/connectors/php/connector.php in UNAK-CMS 1.5.5 allows remote attackers to include and execute arbitrary local files via a full pathname in the Dirroot parameter, a different vulnerability than CVE-2006-4890.1.
by Sina Yazdanmehr
CVE-2008-3565 EXPLOITDB text VERIFIED
Meeting Room Booking System <1.2.6 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Meeting Room Booking System (MRBS) 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the area parameter to (1) day.php, (2) week.php, (3) month.php, (4) search.php, (5) report.php, and (6) help.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by sl4xUz
CVE-2008-3565 EXPLOITDB text VERIFIED
Meeting Room Booking System <1.2.6 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Meeting Room Booking System (MRBS) 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the area parameter to (1) day.php, (2) week.php, (3) month.php, (4) search.php, (5) report.php, and (6) help.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by sl4xUz
CVE-2008-3565 EXPLOITDB text VERIFIED
Meeting Room Booking System <1.2.6 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Meeting Room Booking System (MRBS) 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the area parameter to (1) day.php, (2) week.php, (3) month.php, (4) search.php, (5) report.php, and (6) help.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by sl4xUz
CVE-2008-3565 EXPLOITDB text VERIFIED
Meeting Room Booking System <1.2.6 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Meeting Room Booking System (MRBS) 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the area parameter to (1) day.php, (2) week.php, (3) month.php, (4) search.php, (5) report.php, and (6) help.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by sl4xUz
CVE-2008-3565 EXPLOITDB text VERIFIED
Meeting Room Booking System <1.2.6 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Meeting Room Booking System (MRBS) 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the area parameter to (1) day.php, (2) week.php, (3) month.php, (4) search.php, (5) report.php, and (6) help.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by sl4xUz
CVE-2008-3565 EXPLOITDB text VERIFIED
Meeting Room Booking System <1.2.6 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Meeting Room Booking System (MRBS) 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the area parameter to (1) day.php, (2) week.php, (3) month.php, (4) search.php, (5) report.php, and (6) help.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by sl4xUz
CVE-2008-3582 EXPLOITDB text VERIFIED
Keld PHP-MySQL News Script 0.7.1 - SQL Injection
SQL injection vulnerability in login.php in Keld PHP-MySQL News Script 0.7.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.
by crimsoN_Loyd9
CVE-2008-3587 EXPLOITDB text VERIFIED
Homes 4 Sale - Cross-Site Scripting via result.php r Parameter
Cross-site scripting (XSS) vulnerability in result.php in Chris Bunting Homes 4 Sale allows remote attackers to inject arbitrary web script or HTML via the r parameter.
by Ghost Hacker
CVE-2008-3564 EXPLOITDB text VERIFIED
Dayfox Blog 4 - Remote File Inclusion via Path Traversal in p, cat, and archive Parameters
Multiple directory traversal vulnerabilities in index.php in Dayfox Blog 4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) p, (2) cat, and (3) archive parameters. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
by Virangar Security
CVE-2008-3569 EXPLOITDB text VERIFIED
XAMPP 1.6.7 - Cross-Site Scripting via text Parameter
Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.6.7, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the text parameter to (1) iart.php and (2) ming.php.
by Khashayar Fereidani
CVE-2008-3569 EXPLOITDB text VERIFIED
XAMPP 1.6.7 - Cross-Site Scripting via text Parameter
Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.6.7, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the text parameter to (1) iart.php and (2) ming.php.
by Khashayar Fereidani
CVE-2008-3593 EXPLOITDB text VERIFIED
SyzygyCMS 0.3 - Remote File Inclusion via Page Parameter Path Traversal
Directory traversal vulnerability in index.php in SyzygyCMS 0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
by SirGod