Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-3649 EXPLOITDB text VERIFIED
Article Friendly Standard - SQL Injection
SQL injection vulnerability in categorydetail.php in Article Friendly Standard allows remote attackers to execute arbitrary SQL commands via the Cat parameter.
by Mr.SQL
CVE-2008-3669 EXPLOITDB text VERIFIED
ZeeScripts Reviews Opinions Rating Posting Engine Web-Site PHP Script - SQL Injection via ItemID Parameter
SQL injection vulnerability in comments.php in ZeeScripts Reviews Opinions Rating Posting Engine Web-Site PHP Script (aka ZeeReviews) allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.
by Mr.SQL
CVE-2008-3674 EXPLOITDB text VERIFIED
PozScripts TubeGuru - SQL Injection
SQL injection vulnerability in ugroups.php in PozScripts TubeGuru Video Sharing Script allows remote attackers to execute arbitrary SQL commands via the UID parameter.
by Hussin X
CVE-2008-3673 EXPLOITDB text VERIFIED
PozScripts Classified Ads - SQL Injection
SQL injection vulnerability in browsecats.php in PozScripts Classified Ads allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2008-3672.
by Hussin X
CVE-2008-7091 EXPLOITDB text VERIFIED
Pligg CMS < 9.9.0 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to submit.php; (4) requestTitle variable in a query to story.php; (5) requestID and (6) requestTitle variables in recommend.php; (7) categoryID parameter to cloud.php; (8) title parameter to out.php; (9) username parameter to login.php; (10) id parameter to cvote.php; and (11) commentid parameter to edit.php.
by GulfTech Security
CVE-2008-3454 EXPLOITDB text VERIFIED
JnSHosts PHP Hosting Directory 2.0 - Auth Bypass
JnSHosts PHP Hosting Directory 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the "adm" cookie value to 1.
by Stack
CVE-2008-3405 EXPLOITDB text VERIFIED
nzFotolog 0.4.1 - Path Traversal via Action File Parameter
Directory traversal vulnerability in index.php in Ricardo Amaral nzFotolog 0.4.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action_file parameter.
by Khashayar Fereidani
CVE-2008-3404 EXPLOITDB text VERIFIED
MJGuest 6.8 GT - Cross-Site Scripting via Link Parameter
Cross-site scripting (XSS) vulnerability in guestbook.js.php in MJGuest 6.8 GT allows remote attackers to inject arbitrary web script or HTML via the link parameter.
by DSecRG
CVE-2008-3401 EXPLOITDB text VERIFIED
HIOX Random Ad 1.3 - Remote Code Execution via hm Parameter
PHP remote file inclusion vulnerability in hioxRandomAd.php in HIOX Random Ad (HRA) 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter.
by Ghost Hacker
CVE-2008-3402 EXPLOITDB text VERIFIED
HIOX Browser Statistics 2.0 - Remote Code Execution via hm Parameter
Multiple PHP remote file inclusion vulnerabilities in HIOX Browser Statistics (HBS) 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the hm parameter to (1) hioxupdate.php and (2) hioxstats.php.
by Ghost Hacker
EIP-2026-106427 EXPLOITDB text VERIFIED
DEV Web Management System 1.5 - Multiple Input Validation Vulnerabilities
by Dr.Crash
CVE-2008-3670 EXPLOITDB text VERIFIED
Article Friendly Pro - SQL Injection
SQL injection vulnerability in authordetail.php in Article Friendly Pro allows remote attackers to execute arbitrary SQL commands via the autid parameter.
by Mr.SQL
CVE-2008-3409 EXPLOITDB text VERIFIED
Unreal Tournament 3 <1.3beta4 - Buffer Overflow
Buffer overflow in Unreal Tournament 3 1.3beta4 and earlier allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a UDP packet containing a large value in a certain size field, followed by a data string of that size, aka attack 1 in ut3mendo.c.
by Luigi Auriemma
CVE-2008-3396 EXPLOITDB text VERIFIED
Unreal Tournament 2004 <= 3369 - Denial of Service via Malformed Packet Sequence
Unreal Tournament 2004 (UT2004) 3369 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a certain sequence of malformed packets.
by Luigi Auriemma
CVE-2008-3430 EXPLOITDB text VERIFIED
CoVideoWindow.ocx 5.0.907.1 - Buffer Overflow
Buffer overflow in the CoVideoWindow.ocx ActiveX control 5.0.907.1 in Eyeball MessengerSDK, as used in products such as SiOL Komunikator 1.3, allows remote attackers to execute arbitrary code via a large argument supplied to the BGColor method. NOTE: this might only be a vulnerability in certain insecure configurations of Internet Explorer.
by Edi Strosar
CVE-2008-3455 EXPLOITDB text VERIFIED
JnSHosts PHP Hosting Directory 2.0 - RCE
PHP remote file inclusion vulnerability in include/admin.php in JnSHosts PHP Hosting Directory 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the rd parameter.
by RoMaNcYxHaCkEr
CVE-2008-3390 EXPLOITDB text VERIFIED
Minishowcase Image Gallery <09b136 - Path Traversal
Directory traversal vulnerability in libraries/general.init.php in Minishowcase Image Gallery 09b136, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
by DSecRG
EIP-2026-109482 EXPLOITDB text VERIFIED
MiniBB RSS 2.0 Plugin - Multiple Remote File Inclusions
by Ghost Hacker
CVE-2008-3374 EXPLOITDB text VERIFIED
Gregarius < 0.5.4 - SQL Injection via rsargs Array Parameter
SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the rsargs array parameter in an __exp__getFeedContent action.
by GulfTech Security
CVE-2008-7084 EXPLOITDB text VERIFIED
Velocity Security Management System - Path Traversal via URI
Directory traversal vulnerability in the web server 1.0 in Velocity Security Management System allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
by DSecRG
CVE-2008-3419 EXPLOITDB text VERIFIED
Youtuber Clone - SQL Injection via UID Parameter
SQL injection vulnerability in ugroups.php in Youtuber Clone allows remote attackers to execute arbitrary SQL commands via the UID parameter.
by Hussin X
CVE-2008-3369 EXPLOITDB text VERIFIED
ViArt Shop < 3.5 - SQL Injection via products_rss.php category_id Parameter
SQL injection vulnerability in products_rss.php in ViArt Shop 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
by GulfTech Security
CVE-2008-3371 EXPLOITDB text VERIFIED
TalkBack < 2.3.6.2 - Remote File Inclusion via Language Parameter
Directory traversal vulnerability in install/help.php in TalkBack 2.3.5, and other versions before 2.3.6.2, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.
by NoGe
CVE-2008-3366 EXPLOITDB text VERIFIED
Pligg CMS Beta 9.9.0 - SQL Injection
SQL injection vulnerability in story.php in Pligg CMS Beta 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might overlap CVE-2008-1774.
by Hussin X
CVE-2008-3365 EXPLOITDB text VERIFIED
Pixelpost 1.7.1 - Remote Code Execution via Language Parameter Path Traversal
Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on Windows, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language_full parameter.
by DSecRG