Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-3100 EXPLOITDB text VERIFIED
Owl Intranet Knowledgebase <0.95 - XSS
Cross-site scripting (XSS) vulnerability in lib/owl.lib.php in Steve Bourgeois and Chris Vincent Owl Intranet Knowledgebase 0.95 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter in a getpasswd action to register.php.
by Fabian Fingerle
CVE-2008-3363 EXPLOITDB text VERIFIED
Dokeos E-Learning System <1.8.5 - Path Traversal
Directory traversal vulnerability in user_portal.php in the Dokeos E-Learning System 1.8.5 on Windows allows remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the include parameter.
by DSecRG
CVE-2008-3368 EXPLOITDB text VERIFIED
ATutor < 1.6.1 - Authenticated Remote Code Execution via Import Type Parameter
PHP remote file inclusion vulnerability in tools/packages/import.php in ATutor 1.6.1 pl1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via a URL in the type parameter.
by Khashayar Fereidani
CVE-2008-3391 EXPLOITDB text VERIFIED
Web Wiz Forum 9.5 - Cross-Site Scripting via Mode Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Web Wiz Forum 9.5 allow remote attackers to inject arbitrary web script or HTML via the mode parameter to (1) admin_group_details.asp and (2) admin_category_details.asp.
by CSDT
CVE-2008-3391 EXPLOITDB text VERIFIED
Web Wiz Forum 9.5 - Cross-Site Scripting via Mode Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Web Wiz Forum 9.5 allow remote attackers to inject arbitrary web script or HTML via the mode parameter to (1) admin_group_details.asp and (2) admin_category_details.asp.
by CSDT
CVE-2008-3414 EXPLOITDB text VERIFIED
SiteAdmin <line2.php - SQL Injection
SQL injection vulnerability in line2.php in SiteAdmin allows remote attackers to execute arbitrary SQL commands via the art parameter.
by Cr@zy_King
EIP-2026-107490 EXPLOITDB text VERIFIED
Greatclone GC Auction Platinum - 'category.php' SQL Injection
by Hussin X
CVE-2008-3372 EXPLOITDB text VERIFIED
Getacoder Clone - SQL Injection via sb_protype Parameter
SQL injection vulnerability in search_form.php in Getacoder Clone allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter.
by Hussin X
CVE-2008-3413 EXPLOITDB text VERIFIED
Greatclone GC Auction Platinum - SQL Injection
SQL injection vulnerability in category.php in Greatclone GC Auction Platinum allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.
by Hussin X
CVE-2008-3415 EXPLOITDB text VERIFIED
CMScout 2.05 - Remote File Inclusion via Directory Traversal in bit Parameter
Directory traversal vulnerability in common.php in CMScout 2.05, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bit parameter, as demonstrated by an upload to avatar/ of a .jpg file containing PHP sequences.
by Khashayar Fereidani
CVE-2008-3406 EXPLOITDB text VERIFIED
phplinkat 0.1 - SQL Injection via showcat.php catid Parameter
SQL injection vulnerability in showcat.php in phpLinkat 0.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
by Encrypt3d.M!nd
EIP-2026-113439 EXPLOITDB text VERIFIED
Willoughby TriO 2.1 - SQL Injection
by dun
CVE-2008-3418 EXPLOITDB text VERIFIED
willo trio < 2.1 - SQL Injection via browse.php id Parameter
SQL injection vulnerability in browse.php in TriO 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by dun
EIP-2026-111242 EXPLOITDB text VERIFIED
PHPwebnews 0.2 MySQL Edition - 'SQL' Insecure Cookie Handling
by Virangar Security
CVE-2008-3407 EXPLOITDB text VERIFIED
phpLinkat 0.1 - Unauthenticated Authentication Bypass via login=right Cookie
phpLinkat 0.1 allows remote attackers to bypass authentication and access unspecified pages under admin/ by sending a login=right cookie.
by Encrypt3d.M!nd
CVE-2008-3420 EXPLOITDB text VERIFIED
Mobius for Mimsy XG <1.4.4.1 - SQL Injection
Multiple SQL injection vulnerabilities in Mobius for Mimsy XG 1 1.4.4.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to browse.php or (2) the s parameter in an exhibitions action to detail.php.
by dun
CVE-2008-3416 EXPLOITDB text VERIFIED
IceBB - SQL Injection via Username Parameter in Members Module
SQL injection vulnerability in modules/members.php in IceBB before 1.0-rc9.3 allows remote attackers to execute arbitrary SQL commands via the username parameter in a members action to index.php, related to an incorrect protection mechanism in the clean_string function in includes/functions.php.
by girex
CVE-2008-3412 EXPLOITDB text VERIFIED
Comsenz EPShop <3.0 - SQL Injection
SQL injection vulnerability in Comsenz EPShop (aka ECShop) before 3.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter in a (1) pro_show or (2) disppro action to the default URI.
by mikeX
CVE-2008-3417 EXPLOITDB text VERIFIED
fipsCMS light < 2.1 - SQL Injection via r Parameter
SQL injection vulnerability in home/index.asp in fipsCMS light 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the r parameter, a different vector than CVE-2006-6115 and CVE-2007-2561.
by U238
CVE-2008-3399 EXPLOITDB text VERIFIED
XRMS CRM 1.99.2 - Remote Code Execution via Include Directory Parameter
PHP remote file inclusion vulnerability in activities/workflow-activities.php in XRMS CRM 1.99.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the include_directory parameter.
by AzzCoder
CVE-2008-3398 EXPLOITDB text VERIFIED
xrms_crm 1.99.2 - Cross-Site Scripting via msg Parameter
Multiple cross-site scripting (XSS) vulnerabilities in XRMS CRM 1.99.2 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to unspecified components, possibly including login.php. NOTE: this may overlap CVE-2008-1129.
by AzzCoder
CVE-2008-3400 EXPLOITDB text VERIFIED
xrms_crm 1.99.2 - Exposure of Sensitive Information via Direct Request to tests/info.php
XRMS CRM 1.99.2 allows remote attackers to obtain configuration information via a direct request to tests/info.php, which calls the phpinfo function.
by AzzCoder
CVE-2008-3377 EXPLOITDB text VERIFIED
phpTest 0.6.3 - SQL Injection via image_id Parameter
SQL injection vulnerability in picture.php in phpTest 0.6.3 allows remote attackers to execute arbitrary SQL commands via the image_id parameter.
by cOndemned
CVE-2008-3378 EXPLOITDB text VERIFIED
Fizzmedia 1.51.2 - SQL Injection via mid Parameter
SQL injection vulnerability in comment.php in Fizzmedia 1.51.2 allows remote attackers to execute arbitrary SQL commands via the mid parameter.
by Mr.SQL
CVE-2008-3575 EXPLOITDB text VERIFIED
ezcontents_cms - Remote Code Execution via GLOBALS[gsLanguage] Parameter
PHP remote file inclusion vulnerability in modules/calendar/minicalendar.php in ezContents CMS allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[gsLanguage] parameter, a different vector than CVE-2006-4477 and CVE-2004-0132.
by HACKERS PAL