Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-3355 EXPLOITDB text VERIFIED
Camera Life 2.6.2 - SQL Injection via id Parameter in sitemap.xml.php
SQL injection vulnerability in sitemap.xml.php in Camera Life 2.6.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action.
by nuclear
EIP-2026-103383 EXPLOITDB text VERIFIED
Minix 3.1.2a - Remote TTY Panic (Denial of Service)
by kokanin
CVE-2008-3352 EXPLOITDB text VERIFIED
Live Music Plus 1.1.0 - SQL Injection
SQL injection vulnerability in index.php in Live Music Plus 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a Singer action.
by IRAQI
CVE-2008-6288 EXPLOITDB text VERIFIED
Interface Medien ibase < 2.03 - Path Traversal via Download Filename Parameter
Directory traversal vulnerability in download.php in Interface Medien ibase 2.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
by Dyshoo
CVE-2008-3351 EXPLOITDB text VERIFIED
Atom PhotoBlog <1.1.5b1 - SQL Injection
SQL injection vulnerability in atomPhotoBlog.php in Atom PhotoBlog 1.0.9.1 and 1.1.5b1 allows remote attackers to execute arbitrary SQL commands via the photoId parameter in a show action.
by Mr.SQL
CVE-2008-3351 EXPLOITDB text VERIFIED
Atom PhotoBlog <1.1.5b1 - SQL Injection
SQL injection vulnerability in atomPhotoBlog.php in Atom PhotoBlog 1.0.9.1 and 1.1.5b1 allows remote attackers to execute arbitrary SQL commands via the photoId parameter in a show action.
by Mr.SQL
CVE-2008-3370 EXPLOITDB text VERIFIED
EMC Centera Universal Access <4.0_4735.p4 - SQL Injection
SQL injection vulnerability in the CUA Login Module in EMC Centera Universal Access (CUA) 4.0_4735.p4 allows remote attackers to execute arbitrary SQL commands via the user (user name) field.
by Lars Heidelberg
EIP-2026-103382 EXPLOITDB text VERIFIED
Minix 3.1.2a - Local TTY Panic (Denial of Service)
by kokanin
EIP-2026-102679 EXPLOITDB text VERIFIED
Minix 3.1.2a - Psuedo Terminal Denial of Service
by kokanin
CVE-2008-3307 EXPLOITDB text VERIFIED
C. Desseno YouTube Blog ytb 0.1 - SQL Injection
SQL injection vulnerability in todos.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3306.
by Unohope
CVE-2008-3305 EXPLOITDB text VERIFIED
carlos_desseno youtube_blog 0.1 - Cross-Site Scripting via mensaje.php m Parameter
Cross-site scripting (XSS) vulnerability in mensaje.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to inject arbitrary web script or HTML via the m parameter.
by Unohope
CVE-2008-3308 EXPLOITDB text VERIFIED
C. Desseno YouTube Blog 0.1 - Remote File Inclusion Code Execution
PHP remote file inclusion vulnerability in cuenta/cuerpo.php in C. Desseno YouTube Blog (ytb) 0.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the base_archivo parameter.
by Unohope
CVE-2008-3315 EXPLOITDB text VERIFIED
Claroline 1.8.10 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the (1) query string to (a) announcements/messages.php; (b) lostPassword.php and (c) profile.php in auth/; (d) calendar/myagenda.php; (e) group/group.php; (f) learningPath.php, (g) learningPathList.php, and (h) module.php in learnPath/; (i) phpbb/index.php; (j) courseLog.php, (k) course_access_details.php, (l) delete_course_stats.php, (m) userLog.php, and (n) user_access_details.php in tracking/; (o) user/user.php; and (p) user/userInfo.php; the (2) view parameter to (q) tracking/courseLog.php; and the (3) toolId parameter to (r) tracking/toolaccess_details.php. NOTE: this may overlap CVE-2006-3257 and CVE-2005-1374.
by DSecRG
CVE-2008-3315 EXPLOITDB text VERIFIED
Claroline 1.8.10 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the (1) query string to (a) announcements/messages.php; (b) lostPassword.php and (c) profile.php in auth/; (d) calendar/myagenda.php; (e) group/group.php; (f) learningPath.php, (g) learningPathList.php, and (h) module.php in learnPath/; (i) phpbb/index.php; (j) courseLog.php, (k) course_access_details.php, (l) delete_course_stats.php, (m) userLog.php, and (n) user_access_details.php in tracking/; (o) user/user.php; and (p) user/userInfo.php; the (2) view parameter to (q) tracking/courseLog.php; and the (3) toolId parameter to (r) tracking/toolaccess_details.php. NOTE: this may overlap CVE-2006-3257 and CVE-2005-1374.
by DSecRG
CVE-2008-3315 EXPLOITDB text VERIFIED
Claroline 1.8.10 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the (1) query string to (a) announcements/messages.php; (b) lostPassword.php and (c) profile.php in auth/; (d) calendar/myagenda.php; (e) group/group.php; (f) learningPath.php, (g) learningPathList.php, and (h) module.php in learnPath/; (i) phpbb/index.php; (j) courseLog.php, (k) course_access_details.php, (l) delete_course_stats.php, (m) userLog.php, and (n) user_access_details.php in tracking/; (o) user/user.php; and (p) user/userInfo.php; the (2) view parameter to (q) tracking/courseLog.php; and the (3) toolId parameter to (r) tracking/toolaccess_details.php. NOTE: this may overlap CVE-2006-3257 and CVE-2005-1374.
by DSecRG
CVE-2008-3315 EXPLOITDB text VERIFIED
Claroline 1.8.10 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the (1) query string to (a) announcements/messages.php; (b) lostPassword.php and (c) profile.php in auth/; (d) calendar/myagenda.php; (e) group/group.php; (f) learningPath.php, (g) learningPathList.php, and (h) module.php in learnPath/; (i) phpbb/index.php; (j) courseLog.php, (k) course_access_details.php, (l) delete_course_stats.php, (m) userLog.php, and (n) user_access_details.php in tracking/; (o) user/user.php; and (p) user/userInfo.php; the (2) view parameter to (q) tracking/courseLog.php; and the (3) toolId parameter to (r) tracking/toolaccess_details.php. NOTE: this may overlap CVE-2006-3257 and CVE-2005-1374.
by DSecRG
EIP-2026-104045 EXPLOITDB text VERIFIED
Outpost Security Suite Pro 2009 - Filename Parsing Security Bypass
by Juan Pablo Lopez Yacubian
CVE-2008-3310 EXPLOITDB text VERIFIED
Pre Survey Poll - SQL Injection via catid Parameter
SQL injection vulnerability in default.asp in Pre Survey Poll allows remote attackers to execute arbitrary SQL commands via the catid parameter.
by DreamTurk
CVE-2008-3310 EXPLOITDB text VERIFIED
Pre Survey Poll - SQL Injection via catid Parameter
SQL injection vulnerability in default.asp in Pre Survey Poll allows remote attackers to execute arbitrary SQL commands via the catid parameter.
by DreamTurk
CVE-2008-3296 EXPLOITDB text VERIFIED
XOOPS 2.0.18.1 - Path Traversal and Arbitrary File Execution via fct Parameter
Directory traversal vulnerability in modules/system/admin.php in XOOPS 2.0.18 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Ciph3r
CVE-2008-3295 EXPLOITDB text VERIFIED
XOOPS 2.0.18.1 - Cross-Site Scripting via fct Parameter
Cross-site scripting (XSS) vulnerability in modules/system/admin.php in XOOPS 2.0.18.1 allows remote attackers to inject arbitrary web script or HTML via the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Ciph3r
CVE-2008-3346 EXPLOITDB text VERIFIED
ShopCart DX - SQL Injection via pid Parameter
SQL injection vulnerability in product_detail.php in ShopCart DX allows remote attackers to execute arbitrary SQL commands via the pid parameter.
by Cr@zy_King
CVE-2008-3354 EXPLOITDB text VERIFIED
RunCMS Newbb Plus Module - Remote Code Execution via bbPath Parameter Manipulation
Multiple PHP remote file inclusion vulnerabilities in the Newbb Plus (newbb_plus) module 0.93 in RunCMS 1.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bbPath[path] parameter to votepolls.php and the (2) bbPath[root_theme] parameter to config.php, different vectors than CVE-2006-0659. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Ciph3r
CVE-2008-3354 EXPLOITDB text VERIFIED
RunCMS Newbb Plus Module - Remote Code Execution via bbPath Parameter Manipulation
Multiple PHP remote file inclusion vulnerabilities in the Newbb Plus (newbb_plus) module 0.93 in RunCMS 1.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bbPath[path] parameter to votepolls.php and the (2) bbPath[root_theme] parameter to config.php, different vectors than CVE-2006-0659. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Ciph3r
CVE-2008-6443 EXPLOITDB text VERIFIED
phpkf - SQL Injection via forum_duzen.php fno Parameter
SQL injection vulnerability in forum_duzen.php in phpKF allows remote attackers to execute arbitrary SQL commands via the fno parameter.
by U238