Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-109742 EXPLOITDB text VERIFIED
MyBlog 0.9.8 - Multiple Remote Information Disclosure Vulnerabilities
by AmnPardaz Security Research Team
CVE-2007-3198 EXPLOITDB text VERIFIED
Maran PHP Blog < 2007-04-22 - Cross-Site Scripting via Comments ID Parameter
Cross-site scripting (XSS) vulnerability in comments.php in Maran PHP Blog (Maran Blog), possibly only versions before 20070610, allows remote attackers to inject arbitrary web script or HTML via the id parameter.
by Dr.Crash
CVE-2008-3384 EXPLOITDB text VERIFIED
Interact Learning Community Environment Interact 2.4.1 - Path Traversal via Help Module and File Parameters
Multiple directory traversal vulnerabilities in help/help.php in Interact Learning Community Environment Interact 2.4.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) module and (2) file parameters.
by DSecRG
CVE-2008-3311 EXPLOITDB text VERIFIED
Adam Scheinberg Flip 3.0 - Remote Code Execution via config.php incpath Parameter
PHP remote file inclusion vulnerability in config.php in Adam Scheinberg Flip 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter.
by Cru3l.b0y
CVE-2008-3293 EXPLOITDB text VERIFIED
EZWebAlbum - Path Traversal via dlfilename Parameter
Directory traversal vulnerability in download.php in EZWebAlbum allows remote attackers to read arbitrary files via the dlfilename parameter.
by Ghost Hacker
CVE-2008-3292 EXPLOITDB text VERIFIED
EZWebAlbum 1.0 - Unauthenticated Authentication Bypass via photoalbumadmin Cookie
constants.inc in EZWebAlbum 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the photoalbumadmin cookie, as demonstrated via addpage.php.
by Virangar Security
CVE-2008-3299 EXPLOITDB text VERIFIED
eSyndiCat 1.6 - Unauthenticated Authentication Bypass via admin_lng Cookie
eSyndiCat 1.6 allows remote attackers to bypass authentication and gain administrative access by setting the admin_lng cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Ciph3r
CVE-2008-3380 EXPLOITDB text VERIFIED
MyioSoft EasyBookMarker 4.0(tr) - XSS
Cross-site scripting (XSS) vulnerability in ajaxp_backend.php in MyioSoft EasyBookMarker 4.0 trial edition (tr) allows remote attackers to inject arbitrary web script or HTML via the rs parameter.
by Dr.Crash
CVE-2008-3300 EXPLOITDB text VERIFIED
AlphAdmin CMS 1.0.5/03 - Auth Bypass
AlphAdmin CMS 1.0.5/03 allows remote attackers to bypass authentication and gain administrative access by setting the aa_login cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Ciph3r
CVE-2008-3314 EXPLOITDB text VERIFIED
zdaemon < 1.08.07 - Denial of Service via Crafted Type 6 Command
ZDaemon 1.08.07 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted type 6 command, which triggers a NULL pointer dereference.
by Luigi Auriemma
CVE-2008-3387 EXPLOITDB text VERIFIED
phpfootball 1.6 - SQL Injection via show.php dbtable Parameter
SQL injection vulnerability in show.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the dbtable parameter.
by Mr.SQL
CVE-2008-3256 EXPLOITDB text VERIFIED
Siteframe CMS <3.2.3 & Siteframe Beaumont <5.0.5 - SQL Injection
SQL injection vulnerability in folder.php in Siteframe CMS 3.2.3 and earlier, and Siteframe Beaumont 5.0.5 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter.
by n0ne
EIP-2026-111057 EXPLOITDB text VERIFIED
PHPFreeChat 1.1 - 'demo21_with_hardocded_urls.php' Cross-Site Scripting
by ahmadbady
CVE-2008-3312 EXPLOITDB text VERIFIED
Lemon CMS 1.10 - Path Traversal via Dir Parameter
Directory traversal vulnerability in lemon_includes/FCKeditor/editor/filemanager/browser/browser.php in Lemon CMS 1.10 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this might be an issue in FCKeditor.
by Ciph3r
CVE-2008-3388 EXPLOITDB text VERIFIED
Def-Blog 1.0.3 - SQL Injection via Article Parameter
Multiple SQL injection vulnerabilities in Def-Blog 1.0.3 allow remote attackers to execute arbitrary SQL commands via the article parameter to (1) comaddok.php and (2) comlook.php.
by CWH Underground
CVE-2008-3388 EXPLOITDB text VERIFIED
Def-Blog 1.0.3 - SQL Injection via Article Parameter
Multiple SQL injection vulnerabilities in Def-Blog 1.0.3 allow remote attackers to execute arbitrary SQL commands via the article parameter to (1) comaddok.php and (2) comlook.php.
by CWH Underground
CVE-2008-3313 EXPLOITDB text VERIFIED
CreaCMS 1.0 - Remote Code Execution
Multiple PHP remote file inclusion vulnerabilities in CreaCMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) cfg[document_uri] parameter to _administration/edition_article/edition_article.php and the (2) cfg[base_uri_admin] parameter to _administration/fonctions/get_liste_langue.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Ciph3r
CVE-2008-3313 EXPLOITDB text VERIFIED
CreaCMS 1.0 - Remote Code Execution
Multiple PHP remote file inclusion vulnerabilities in CreaCMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) cfg[document_uri] parameter to _administration/edition_article/edition_article.php and the (2) cfg[base_uri_admin] parameter to _administration/fonctions/get_liste_langue.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Ciph3r
CVE-2008-3291 EXPLOITDB text VERIFIED
AproxEngine 5.1.0.4 - SQL Injection
SQL injection vulnerability in index.php in AproxEngine (aka Aprox CMS Engine) 5.1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Mr.SQL
CVE-2008-3285 EXPLOITDB text VERIFIED
Filesys::SmbClientParser <2.7 - RCE
The Filesys::SmbClientParser module 2.7 and earlier for Perl allows remote SMB servers to execute arbitrary code via a folder name containing shell metacharacters.
by Jesus Olmos Gonzalez
CVE-2008-3254 EXPLOITDB text VERIFIED
preCMS 1 - SQL Injection via UserProfil id Parameter
SQL injection vulnerability in index.php in preCMS 1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a UserProfil action.
by Mr.SQL
CVE-2008-3245 EXPLOITDB text VERIFIED
phpHoo3 - SQL Injection via viewCat Parameter
SQL injection vulnerability in phpHoo3.php in phpHoo3 4.3.9, 4.3.10, 4.4.8, and 5.2.6 allows remote attackers to execute arbitrary SQL commands via the viewCat parameter.
by Mr.SQL
EIP-2026-107713 EXPLOITDB text VERIFIED
IBS 0.15 - 'Username' Cross-Site Scripting
by Cyb3r-1sT
CVE-2008-3250 EXPLOITDB text VERIFIED
Arctic Issue Tracker 2.0.0 - SQL Injection
SQL injection vulnerability in index.php in Arctic Issue Tracker 2.0.0 allows remote attackers to execute arbitrary SQL commands via the filter parameter.
by QTRinux
CVE-2008-3386 EXPLOITDB text VERIFIED
AlstraSoft Video Share Enterprise 4.51 - SQL Injection
SQL injection vulnerability in album.php in AlstraSoft Video Share Enterprise 4.51 allows remote attackers to execute arbitrary SQL commands via the UID parameter, a different vector than CVE-2007-4086.
by Hussin X