Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-3260 EXPLOITDB text VERIFIED
Claroline < 1.8.10 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via (1) the cwd parameter in a rqMkHtml action to document/rqmkhtml.php, or the query string to (2) announcements/announcements.php, (3) calendar/agenda.php, (4) course/index.php, (5) course_description/index.php, (6) document/document.php, (7) exercise/exercise.php, (8) group/group_space.php, (9) phpbb/newtopic.php, (10) phpbb/reply.php, (11) phpbb/viewtopic.php, (12) wiki/wiki.php, or (13) work/work.php in claroline/.
by Digital Security Research Group
CVE-2008-3260 EXPLOITDB text VERIFIED
Claroline < 1.8.10 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via (1) the cwd parameter in a rqMkHtml action to document/rqmkhtml.php, or the query string to (2) announcements/announcements.php, (3) calendar/agenda.php, (4) course/index.php, (5) course_description/index.php, (6) document/document.php, (7) exercise/exercise.php, (8) group/group_space.php, (9) phpbb/newtopic.php, (10) phpbb/reply.php, (11) phpbb/viewtopic.php, (12) wiki/wiki.php, or (13) work/work.php in claroline/.
by Digital Security Research Group
CVE-2008-3260 EXPLOITDB text VERIFIED
Claroline < 1.8.10 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via (1) the cwd parameter in a rqMkHtml action to document/rqmkhtml.php, or the query string to (2) announcements/announcements.php, (3) calendar/agenda.php, (4) course/index.php, (5) course_description/index.php, (6) document/document.php, (7) exercise/exercise.php, (8) group/group_space.php, (9) phpbb/newtopic.php, (10) phpbb/reply.php, (11) phpbb/viewtopic.php, (12) wiki/wiki.php, or (13) work/work.php in claroline/.
by Digital Security Research Group
CVE-2008-3260 EXPLOITDB text VERIFIED
Claroline < 1.8.10 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via (1) the cwd parameter in a rqMkHtml action to document/rqmkhtml.php, or the query string to (2) announcements/announcements.php, (3) calendar/agenda.php, (4) course/index.php, (5) course_description/index.php, (6) document/document.php, (7) exercise/exercise.php, (8) group/group_space.php, (9) phpbb/newtopic.php, (10) phpbb/reply.php, (11) phpbb/viewtopic.php, (12) wiki/wiki.php, or (13) work/work.php in claroline/.
by Digital Security Research Group
CVE-2008-3261 EXPLOITDB text VERIFIED
Claroline < 1.8.10 - Open Redirect via URL Parameter
Open redirect vulnerability in claroline/redirector.php in Claroline before 1.8.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.
by Digital Security Research Group
CVE-2008-3303 EXPLOITDB text VERIFIED
BilboBlog 0.2.1 - Unauthenticated Authentication Bypass via Parameter Manipulation
admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, allows remote attackers to bypass authentication and obtain administrative access via a direct request that sets the login, admin_login, password, and admin_passwd parameters.
by BlackH
CVE-2008-3302 EXPLOITDB text VERIFIED
BilboBlog 0.2.1 - Authenticated SQL Injection via admin/delete.php num Parameter
SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, when magic_quotes_gpc is disabled, allows remote authenticated administrators to execute arbitrary SQL commands via the num parameter.
by BlackH
CVE-2008-3301 EXPLOITDB text VERIFIED
BilboBlog 0.2.1 - Authenticated Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in BilboBlog 0.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) content parameter to admin/update.php, related to conflicting code in widget.php; and allow remote attackers to inject arbitrary web script or HTML via the (2) titleId parameter to head.php, reachable through index.php; the (3) t_lang[lang_copyright] parameter to footer.php; the (4) content parameter to the default URI under admin/; the (5) url, (6) t_lang[lang_admin_help], (7) t_lang[lang_admin_clear_cache], (8) t_lang[lang_admin_home], and (9) t_lang[lang_admin_logout] parameters to admin/homelink.php; and the (10) t_lang[lang_admin_new_post] parameter to admin/post.php. NOTE: some of these details are obtained from third party information.
by BlackH
EIP-2026-118833 EXPLOITDB text VERIFIED
Microsoft Internet Explorer 6 - New ActiveX Object String Concatenation Memory Corruption
by 0x000000
CVE-2008-3194 EXPLOITDB text VERIFIED
pluck 4.5.1 - Path Traversal via langpref file blogpost or cat Parameter
Multiple directory traversal vulnerabilities in data/inc/themes/predefined_variables.php in pluck 4.5.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) langpref, (2) file, (3) blogpost, or (4) cat parameter.
by BugReport.IR
CVE-2008-3190 EXPLOITDB text VERIFIED
1Scripts CodeDB 1.1.1 - Remote File Inclusion via Lang Parameter Path Traversal
Directory traversal vulnerability in list.php in 1Scripts CodeDB 1.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
by cOndemned
CVE-2008-3304 EXPLOITDB text VERIFIED
BilboBlog 0.2.1 - Exposure of Sensitive Information via Error Message
BilboBlog 0.2.1 allows remote attackers to obtain sensitive information via (1) an enable_cache=false query string to footer.php or (2) a direct request to pagination.php, which reveals the installation path in an error message.
by BlackH
CVE-2008-3237 EXPLOITDB text VERIFIED
ITechBids 7.0 Gold - Cross-Site Scripting via Forward to Friend Product ID Parameter
Cross-site scripting (XSS) vulnerability in forward_to_friend.php in ITechBids 7.0 Gold allows remote attackers to inject arbitrary web script or HTML via the productid parameter.
by Encrypt3d.M!nd
CVE-2008-3191 EXPLOITDB text VERIFIED
mForum 0.1a - SQL Injection via User Profile Fields
Multiple SQL injection vulnerabilities in usercp.php in mForum 0.1a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) City, (2) Interest, (3) Email, (4) Icq, (5) msn, or (6) Yahoo Messenger field in an edit_profile action.
by CWH Underground
CVE-2008-3318 EXPLOITDB text VERIFIED
Maian Weblog < 3.1 - Unauthenticated Authentication Bypass via weblog_cookie
admin/index.php in Maian Weblog 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary weblog_cookie cookie.
by S.W.A.T.
CVE-2008-3321 EXPLOITDB text VERIFIED
Maian Uploader < 4.0 - Unauthenticated Authentication Bypass via uploader_cookie
admin/index.php in Maian Uploader 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary uploader_cookie cookie.
by S.W.A.T.
CVE-2008-3317 EXPLOITDB text VERIFIED
Maian Search < 1.1 - Unauthenticated Authentication Bypass via search_cookie
admin/index.php in Maian Search 1.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary search_cookie cookie.
by S.W.A.T.
CVE-2008-3322 EXPLOITDB text VERIFIED
Maian Recipe < 1.2 - Unauthenticated Authentication Bypass via recipe_cookie
admin/index.php in Maian Recipe 1.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary recipe_cookie cookie.
by S.W.A.T.
CVE-2008-3319 EXPLOITDB text VERIFIED
Maian Links < 3.1 - Unauthenticated Authentication Bypass via links_cookie
admin/index.php in Maian Links 3.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary links_cookie cookie.
by S.W.A.T.
CVE-2008-3320 EXPLOITDB text VERIFIED
Maian Guestbook < 3.2 - Unauthenticated Authentication Bypass via gbook_cookie
admin/index.php in Maian Guestbook 3.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary gbook_cookie cookie.
by S.W.A.T.
CVE-2008-3238 EXPLOITDB text VERIFIED
ITechBids 7.0 Gold - SQL Injection via seller_id, productid, or id Parameter
Multiple SQL injection vulnerabilities in ITechBids 7.0 Gold allow remote attackers to execute arbitrary SQL commands via (1) the seller_id parameter in sellers_othersitem.php, (2) the productid parameter in classifieds.php, and (3) the id parameter in shop.php.
by Encrypt3d.M!nd
CVE-2008-3193 EXPLOITDB text VERIFIED
jSite 1.0 OE - SQL Injection via Page Parameter
SQL injection vulnerability in jSite 1.0 OE allows remote attackers to execute arbitrary SQL commands via the page parameter to the default URI.
by S.W.A.T.
CVE-2008-3192 EXPLOITDB text VERIFIED
jsite 1.0 OE - Path Traversal via Module Parameter
Directory traversal vulnerability in index.php in jSite 1.0 OE allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter.
by S.W.A.T.
CVE-2008-3213 EXPLOITDB text VERIFIED
WebCMS Portal Edition - SQL Injection
SQL injection vulnerability in secciones/tablon/tablon.php in WebCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id parameter to portal/index.php in a tablon action. NOTE: some of these details are obtained from third party information.
by Mr.SQL
EIP-2026-109256 EXPLOITDB text VERIFIED
Maian Music 1.0 - Insecure Cookie Handling
by Saime