Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-3234 EXPLOITDB text VERIFIED
OpenSSH - Authenticated SELinux Role Bypass via Username Suffix
sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.
by eliteboy
CVE-2008-3251 EXPLOITDB text VERIFIED
tplSoccerSite 1.0 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in tplSoccerSite 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the opp parameter to tampereunited/opponent.php; or the id parameter to (2) index.php, (3) player.php, (4) matchdetails.php, or (5) additionalpage.php in tampereunited/.
by Mr.SQL
CVE-2008-7087 EXPLOITDB text VERIFIED
OpenPro 1.3.1 - Remote Code Execution via LIBPATH Parameter
PHP remote file inclusion vulnerability in search_wA.php in OpenPro 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the LIBPATH parameter.
by Ghost Hacker
CVE-2008-3265 EXPLOITDB text VERIFIED
DT Register (com_dtregister) 2.2.3 - SQL Injection
SQL injection vulnerability in the DT Register (com_dtregister) 2.2.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the eventId parameter in a pay_options action to index.php.
by His0k4
EIP-2026-106926 EXPLOITDB text VERIFIED
Evaria ECMS 1.1 - 'DOCUMENT_ROOT' Multiple Remote File Inclusions
by ahmadbady
CVE-2008-3240 EXPLOITDB text VERIFIED
AlstraSoft Affiliate Network Pro - SQL Injection
SQL injection vulnerability in index.php in AlstraSoft Affiliate Network Pro allows remote attackers to execute arbitrary SQL commands via the pgm parameter in a directory action.
by Hussin X
EIP-2026-103787 EXPLOITDB text VERIFIED
Netrw Vim Script - 's:BrowserMaps()' Command Execution
by Jan Minar
CVE-2008-6248 EXPLOITDB text VERIFIED
Galatolo WebManager 1.3a - Cross-Site Scripting via Tag Parameter
Cross-site scripting (XSS) vulnerability in all.php in Galatolo WebManager 1.3a and earlier allows remote attackers to inject arbitrary web script or HTML via the tag parameter.
by StAkeR
CVE-2008-3233 EXPLOITDB text VERIFIED
WordPress < 2.6 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN development versions only, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by anonymous
EIP-2026-111567 EXPLOITDB text VERIFIED
pSys 0.7.0 Alpha - Multiple Remote File Inclusions
by RoMaNcYxHaCkEr
CVE-2008-3207 EXPLOITDB text VERIFIED
Pragyan CMS 2.6.2 - Remote Code Execution via form.lib.php Parameter Injection
PHP remote file inclusion vulnerability in cms/modules/form.lib.php in Pragyan CMS 2.6.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the (1) sourceFolder or (2) moduleFolder parameter.
by N3TR00T3R
CVE-2008-3385 EXPLOITDB text VERIFIED
php Help Agent 1.0-1.1 Full - Path Traversal
Directory traversal vulnerability in include/head_chat.inc.php in php Help Agent 1.0 and 1.1 Full allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
by BeyazKurt
CVE-2008-7088 EXPLOITDB text VERIFIED
PhotoPost vBGallery 2.4.2 - Authenticated Arbitrary File Upload via Executable Extension Bypass
Unrestricted file upload vulnerability in upload.php in PhotoPost vBGallery 2.4.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in a certain path. NOTE: this may be the same vulnerability as CVE-2008-0251, but this is not clear due to lack of details from the vendor.
by Cold Zero
CVE-2008-7085 EXPLOITDB text VERIFIED
HockeySTATS Online 2.0 - SQL Injection via id or divid Parameter
Multiple SQL injection vulnerabilities in TheHockeyStop HockeySTATS Online 2.0 Basic and Advanced allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the viewpage action to the default URI, probably index.php, or (2) divid parameter in the schedule action to index.php.
by Mr.SQL
CVE-2008-6300 EXPLOITDB text VERIFIED
Galatolo WebManager 1.3a - Unauthenticated Authentication Bypass via Cookie Manipulation
Galatolo WebManager 1.3a allows remote attackers to bypass authentication and gain administrative access by setting the (1) gwm_user and (2) gwm_pass cookies to admin. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Virangar Security
CVE-2008-6249 EXPLOITDB text VERIFIED
Galatolo WebManager < 1.3a - SQL Injection via id Parameter
SQL injection vulnerability in plugins/users/index.php in Galatolo WebManager 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by StAkeR
CVE-2008-6250 EXPLOITDB text VERIFIED
Comdev Web Blogger < 4.1.3 - SQL Injection via arcmonth Parameter
SQL injection vulnerability in Comdev Web Blogger 4.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the arcmonth parameter to a blog page.
by K-159
CVE-2008-3260 EXPLOITDB text VERIFIED
Claroline < 1.8.10 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via (1) the cwd parameter in a rqMkHtml action to document/rqmkhtml.php, or the query string to (2) announcements/announcements.php, (3) calendar/agenda.php, (4) course/index.php, (5) course_description/index.php, (6) document/document.php, (7) exercise/exercise.php, (8) group/group_space.php, (9) phpbb/newtopic.php, (10) phpbb/reply.php, (11) phpbb/viewtopic.php, (12) wiki/wiki.php, or (13) work/work.php in claroline/.
by Digital Security Research Group
CVE-2008-3260 EXPLOITDB text VERIFIED
Claroline < 1.8.10 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via (1) the cwd parameter in a rqMkHtml action to document/rqmkhtml.php, or the query string to (2) announcements/announcements.php, (3) calendar/agenda.php, (4) course/index.php, (5) course_description/index.php, (6) document/document.php, (7) exercise/exercise.php, (8) group/group_space.php, (9) phpbb/newtopic.php, (10) phpbb/reply.php, (11) phpbb/viewtopic.php, (12) wiki/wiki.php, or (13) work/work.php in claroline/.
by Digital Security Research Group
CVE-2008-3260 EXPLOITDB text VERIFIED
Claroline < 1.8.10 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via (1) the cwd parameter in a rqMkHtml action to document/rqmkhtml.php, or the query string to (2) announcements/announcements.php, (3) calendar/agenda.php, (4) course/index.php, (5) course_description/index.php, (6) document/document.php, (7) exercise/exercise.php, (8) group/group_space.php, (9) phpbb/newtopic.php, (10) phpbb/reply.php, (11) phpbb/viewtopic.php, (12) wiki/wiki.php, or (13) work/work.php in claroline/.
by Digital Security Research Group
CVE-2008-3260 EXPLOITDB text VERIFIED
Claroline < 1.8.10 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via (1) the cwd parameter in a rqMkHtml action to document/rqmkhtml.php, or the query string to (2) announcements/announcements.php, (3) calendar/agenda.php, (4) course/index.php, (5) course_description/index.php, (6) document/document.php, (7) exercise/exercise.php, (8) group/group_space.php, (9) phpbb/newtopic.php, (10) phpbb/reply.php, (11) phpbb/viewtopic.php, (12) wiki/wiki.php, or (13) work/work.php in claroline/.
by Digital Security Research Group
CVE-2008-3260 EXPLOITDB text VERIFIED
Claroline < 1.8.10 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via (1) the cwd parameter in a rqMkHtml action to document/rqmkhtml.php, or the query string to (2) announcements/announcements.php, (3) calendar/agenda.php, (4) course/index.php, (5) course_description/index.php, (6) document/document.php, (7) exercise/exercise.php, (8) group/group_space.php, (9) phpbb/newtopic.php, (10) phpbb/reply.php, (11) phpbb/viewtopic.php, (12) wiki/wiki.php, or (13) work/work.php in claroline/.
by Digital Security Research Group
CVE-2008-3260 EXPLOITDB text VERIFIED
Claroline < 1.8.10 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via (1) the cwd parameter in a rqMkHtml action to document/rqmkhtml.php, or the query string to (2) announcements/announcements.php, (3) calendar/agenda.php, (4) course/index.php, (5) course_description/index.php, (6) document/document.php, (7) exercise/exercise.php, (8) group/group_space.php, (9) phpbb/newtopic.php, (10) phpbb/reply.php, (11) phpbb/viewtopic.php, (12) wiki/wiki.php, or (13) work/work.php in claroline/.
by Digital Security Research Group
CVE-2008-3260 EXPLOITDB text VERIFIED
Claroline < 1.8.10 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via (1) the cwd parameter in a rqMkHtml action to document/rqmkhtml.php, or the query string to (2) announcements/announcements.php, (3) calendar/agenda.php, (4) course/index.php, (5) course_description/index.php, (6) document/document.php, (7) exercise/exercise.php, (8) group/group_space.php, (9) phpbb/newtopic.php, (10) phpbb/reply.php, (11) phpbb/viewtopic.php, (12) wiki/wiki.php, or (13) work/work.php in claroline/.
by Digital Security Research Group
CVE-2008-3260 EXPLOITDB text VERIFIED
Claroline < 1.8.10 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via (1) the cwd parameter in a rqMkHtml action to document/rqmkhtml.php, or the query string to (2) announcements/announcements.php, (3) calendar/agenda.php, (4) course/index.php, (5) course_description/index.php, (6) document/document.php, (7) exercise/exercise.php, (8) group/group_space.php, (9) phpbb/newtopic.php, (10) phpbb/reply.php, (11) phpbb/viewtopic.php, (12) wiki/wiki.php, or (13) work/work.php in claroline/.
by Digital Security Research Group