Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-3580 EXPLOITDB text VERIFIED
Qsoft K-Links - SQL Injection via id Parameter or PATH_INFO
Multiple SQL injection vulnerabilities in Qsoft K-Links allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to visit.php, or the PATH_INFO to the default URI under (2) report/, (3) addreview/, or (4) refer/.
by Corwin
CVE-2008-3581 EXPLOITDB text VERIFIED
Qsoft K-Links - Cross-Site Scripting via login_message Parameter
Cross-site scripting (XSS) vulnerability in index.php in Qsoft K-Links allows remote attackers to inject arbitrary web script or HTML via the login_message parameter in a login action.
by Corwin
CVE-2008-0856 EXPLOITDB text VERIFIED
e-Vision CMS 2.02 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in e-Vision CMS 2.02 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) iframe.php and (2) print.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Khashayar Fereidani
CVE-2008-3594 EXPLOITDB text VERIFIED
MagicScripts E-Store Kit - SQL Injection
SQL injection vulnerability in viewdetails.php in MagicScripts E-Store Kit-1, E-Store Kit-2, E-Store Kit-1 Pro PayPal Edition, and E-Store Kit-2 PayPal Edition allows remote attackers to execute arbitrary SQL commands via the pid parameter.
by Mr.SQL
CVE-2008-3491 EXPLOITDB text VERIFIED
Scripts24 iPost <1.0.1, iTGP <1.0.4 - SQL Injection
SQL injection vulnerability in go.php in Scripts24 iPost 1.0.1 and iTGP 1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter in a report action.
by Mr.SQL
CVE-2008-3491 EXPLOITDB text VERIFIED
Scripts24 iPost <1.0.1, iTGP <1.0.4 - SQL Injection
SQL injection vulnerability in go.php in Scripts24 iPost 1.0.1 and iTGP 1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter in a report action.
by Mr.SQL
CVE-2008-3588 EXPLOITDB text VERIFIED
phsblog 0.1.1 - SQL Injection via eid, cid, or urltitle Parameter
Multiple SQL injection vulnerabilities in phsBlog 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to comments.php, (2) cid parameter to index.php, and the (3) urltitle parameter to entries.php.
by cOndemned
CVE-2008-3445 EXPLOITDB text VERIFIED
phpMyRealty 2.0.0 - SQL Injection via Location Parameter
SQL injection vulnerability in index.php in phpMyRealty (PMR) 2.0.0 allows remote attackers to execute arbitrary SQL commands via the location parameter.
by CraCkEr
CVE-2008-3487 EXPLOITDB text VERIFIED
PHPAuction GPL Enhanced 2.51 - SQL Injection
SQL injection vulnerability in profile.php in PHPAuction GPL Enhanced 2.51 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Hussin X
CVE-2008-3513 EXPLOITDB text VERIFIED
Book Catalog module 1.0 - SQL Injection
SQL injection vulnerability in the Book Catalog module 1.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to modules.php.
by H4ckCity Security Team
CVE-2008-3585 EXPLOITDB text VERIFIED
PozScripts GreenCart - SQL Injection
Multiple SQL injection vulnerabilities in PozScripts GreenCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) product_desc.php and (2) store_info.php.
by Hussin X
CVE-2008-3566 EXPLOITDB text VERIFIED
ZoneO-soft freeForum 1.7 - Cross-Site Scripting via acuparam Parameter or PATH_INFO
Cross-site scripting (XSS) vulnerability in ZoneO-soft freeForum 1.7 allows remote attackers to inject arbitrary web script or HTML via the acuparam parameter to (1) the default URI or (2) index.php, or (3) the PATH_INFO to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ahmadbady
CVE-2008-3484 EXPLOITDB text VERIFIED
eStoreAff 0.1 - SQL Injection via cid Parameter
SQL injection vulnerability in eStoreAff 0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter in a showcat action to index.php.
by Mr.SQL
CVE-2008-3490 EXPLOITDB text VERIFIED
E-topbiz Online Dating <3.0 - SQL Injection
SQL injection vulnerability in members/mail.php in E-topbiz Online Dating 3 1.0 allows remote authenticated users to execute arbitrary SQL commands via the mail_id parameter in a veiw action.
by Corwin
CVE-2008-3570 EXPLOITDB text VERIFIED
Africa Be Gone 1.0a - Remote Code Execution via abg_path Parameter
PHP remote file inclusion vulnerability in index.php in Africa Be Gone (ABG) 1.0a allows remote attackers to execute arbitrary PHP code via a URL in the abg_path parameter.
by Lo$er
CVE-2008-2370 EXPLOITDB text VERIFIED
Apache Tomcat 4.1.0-4.1.37, 5.5.0-5.5.26, 6.0.0-6.0.16 - Path Traversal via RequestDispatcher
Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
by Stefano Di Paola
CVE-2008-1232 EXPLOITDB text VERIFIED
Apache Tomcat 4.1.0-4.1.37, 5.5.0-5.5.26, 6.0.0-6.0.16 - Cross-Site Scripting via HttpServletResponse.sendError
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
by Konstantin Kolinko
CVE-2008-3489 EXPLOITDB text VERIFIED
PHPX 3.5.16 - SQL Injection via PXL Cookie in checkCookie Function
SQL injection vulnerability in checkCookie function in includes/functions.inc.php in PHPX 3.5.16 allows remote attackers to execute arbitrary SQL commands via a PXL cookie.
by gnix
CVE-2008-3446 EXPLOITDB text VERIFIED
LetterIt 2 - Remote File Inclusion via Language Parameter Path Traversal
Directory traversal vulnerability in inc/wysiwyg.php in LetterIt 2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
by NoGe
EIP-2026-107545 EXPLOITDB text VERIFIED
H0tturk Panel - 'gizli.php' Remote File Inclusion
by U238
CVE-2008-3448 EXPLOITDB text VERIFIED
csphonebook 1.02 - Cross-Site Scripting via Letter Parameter
Cross-site scripting (XSS) vulnerability in index.php in common solutions csphonebook 1.02 allows remote attackers to inject arbitrary web script or HTML via the letter parameter.
by Ghost Hacker
CVE-2008-3447 EXPLOITDB text VERIFIED
F-Prot Antivirus 6.2.1 4252 - Denial of Service via Malformed ZIP Archive
The scanning engine in F-Prot Antivirus 6.2.1 4252 allows remote attackers to cause a denial of service (infinite loop) via a malformed ZIP archive, probably related to invalid offsets.
by kokanin
CVE-2008-2935 EXPLOITDB text VERIFIED
libxslt 1.1.8-1.1.24 - Heap-Based Buffer Overflow in RC4 Encryption/Decryption
Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input."
by Chris Evans
CVE-2008-7090 EXPLOITDB text VERIFIED
Pligg CMS < 9.9 - Path Traversal via Trackback URL or Template Parameter
Multiple directory traversal vulnerabilities in Pligg 9.9 and earlier allow remote attackers to (1) determine the existence of arbitrary files via a .. (dot dot) in the $tb_url variable in trackback.php, or (2) include arbitrary files via a .. (dot dot) in the template parameter to settemplate.php.
by GulfTech Security
CVE-2008-7089 EXPLOITDB text VERIFIED
Pligg CMS < 9.9.0 - Cross-Site Scripting via Search Keyword Parameter
Cross-site scripting (XSS) vulnerability in Pligg 9.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action to user.php and other unspecified vectors.
by GulfTech Security