Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-6840 EXPLOITDB text VERIFIED
V-webmail 1.6.4 - Remote File Inclusion via CONFIG[pear_dir] or CONFIG[includes] Parameter
Multiple PHP remote file inclusion vulnerabilities in V-webmail 1.6.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[pear_dir] parameter to (a) Mail/RFC822.php, (b) Net/Socket.php, (c) XML/Parser.php, (d) XML/Tree.php, (e) Mail/mimeDecode.php, (f) Console/Getopt.php, (g) System.php, (h) Log.php, and (i) File.php in includes/pear/; the CONFIG[pear_dir] parameter to (j) includes/prepend.php, and (k) includes/cachedConfig.php; and the (2) CONFIG[includes] parameter to (l) prepend.php and (m) email.list.search.php in includes/. NOTE: the CONFIG[pear_dir] parameter to includes/mailaccess/pop3.php is already covered by CVE-2006-2666.
by CraCkEr
CVE-2008-3179 EXPLOITDB text VERIFIED
Web 2 Business phpDatingClub 3.7 - Path Traversal via Page Parameter
Directory traversal vulnerability in website.php in Web 2 Business (W2B) phpDatingClub (aka Dating Club) 3.7 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
by S.W.A.T.
CVE-2008-3183 EXPLOITDB text VERIFIED
gapicms 9.0.2 - Remote Code Execution via dirDepth Parameter
PHP remote file inclusion vulnerability in ktmlpro/includes/ktedit/toolbar.php in gapicms 9.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the dirDepth parameter.
by Ghost Hacker
CVE-2008-6924 EXPLOITDB text VERIFIED
eSyndiCat Directory 2.2 - Cross-Site Scripting via Register Parameters
Multiple cross-site scripting (XSS) vulnerabilities in register.php in eSyndiCat Directory 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) email, (3) password, (4) password2, (5) security_code, and (6) register parameters.
by Fugitif
CVE-2008-3189 EXPLOITDB text VERIFIED
DreamNews Manager - SQL Injection via id Parameter
SQL injection vulnerability in dreamnews-rss.php in DreamNews Manager allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Hussin X
CVE-2008-3202 EXPLOITDB text VERIFIED
Xomol CMS 1.2 - Cross-Site Scripting via current_url Parameter
Cross-site scripting (XSS) vulnerability in index.php in Xomol CMS 1.2 allows remote attackers to inject arbitrary web script or HTML via the current_url parameter in a tellafriend action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Julian Rodriguez
CVE-2008-6839 EXPLOITDB text VERIFIED
TGS Content Management 0.3.2r2 - Cross-Site Scripting via msg, goodmsg, dir, or id Parameters
Multiple cross-site scripting (XSS) vulnerabilities in TGS Content Management 0.3.2r2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg and (2) goodmsg parameters to (a) login.php and (b) index.php, and the (3) dir and (4) id parameters to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Julian Rodriguez
CVE-2008-6839 EXPLOITDB text VERIFIED
TGS Content Management 0.3.2r2 - Cross-Site Scripting via msg, goodmsg, dir, or id Parameters
Multiple cross-site scripting (XSS) vulnerabilities in TGS Content Management 0.3.2r2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg and (2) goodmsg parameters to (a) login.php and (b) index.php, and the (3) dir and (4) id parameters to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Julian Rodriguez
CVE-2008-3201 EXPLOITDB text VERIFIED
Pagefusion 1.5 - Cross-Site Scripting via acct_fname, acct_lname, PID, PGID, or rez Parameters
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Pagefusion 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) acct_fname and (2) acct_lname parameters in an edit action, and the (3) PID, (4) PGID, and (5) rez parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Julian Rodriguez
CVE-2008-3119 EXPLOITDB text VERIFIED
DreamPics Builder - SQL Injection via Page Parameter
SQL injection vulnerability in index.php in DreamPics Builder allows remote attackers to execute arbitrary SQL commands via the page parameter.
by Hussin X
CVE-2008-3162 EXPLOITDB text VERIFIED
FFmpeg - Stack-based Buffer Overflow in STR File Parser
Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr.c in FFmpeg before r13993 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted STR file that interleaves audio and video sectors.
by astrange
CVE-2008-3123 EXPLOITDB text VERIFIED
Mole Group Real Estate Script <1.1 - SQL Injection
SQL injection vulnerability in index.php in Mole Group Real Estate Script 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the listing_id parameter in a listings action.
by t0pP8uZz
CVE-2008-3125 EXPLOITDB text VERIFIED
Mole Group Lastminute Script 4.0 - SQL Injection
SQL injection vulnerability in index.php in Mole Group Lastminute Script 4.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by t0pP8uZz
CVE-2008-3124 EXPLOITDB text VERIFIED
Mole Group Hotel Script 1.0 - SQL Injection
SQL injection vulnerability in index.php in Mole Group Hotel Script 1.0 allows remote attackers to execute arbitrary SQL commands via the file parameter.
by t0pP8uZz
CVE-2008-6923 EXPLOITDB text VERIFIED
Joomla com_content 1.0.0 - SQL Injection via Itemid Parameter
SQL injection vulnerability in the content component (com_content) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a blogcategory action to index.php.
by unknown_styler
CVE-2008-3166 EXPLOITDB text VERIFIED
BoonEx Ray 3.5 - Remote Code Execution via sIncPath Parameter
PHP remote file inclusion vulnerability in modules/global/inc/content.inc.php in BoonEx Ray 3.5, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sIncPath parameter.
by RoMaNcYxHaCkEr
CVE-2008-3167 EXPLOITDB text VERIFIED
BoonEx Dolphin 6.1.2 - Remote Code Execution via dir[plugins] or sIncPath Parameter
Multiple PHP remote file inclusion vulnerabilities in BoonEx Dolphin 6.1.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dir[plugins] parameter to (a) HTMLSax3.php and (b) safehtml.php in plugins/safehtml/ and the (2) sIncPath parameter to (c) ray/modules/global/inc/content.inc.php. NOTE: vector 1 might be a problem in SafeHTML instead of Dolphin.
by RoMaNcYxHaCkEr
EIP-2026-103576 EXPLOITDB text VERIFIED
Mozilla Firefox/Evince/EOG/Gimp - '.SVG' Denial of Service (PoC)
by Kristian Hermansen
EIP-2026-102587 EXPLOITDB text VERIFIED
Firefox / Evince / EoG / GIMP - '.SVG' File Processing Denial of Service
by Kristian Hermansen
CVE-2008-6837 EXPLOITDB text VERIFIED
Zoph 0.7.2.1 - SQL Injection
SQL injection vulnerability in Zoph 0.7.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different issue than CVE-2008-3258. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Julian Rodriguez
CVE-2008-6838 EXPLOITDB text VERIFIED
Zoph 0.7.2.1 - Cross-Site Scripting via _off Parameter
Cross-site scripting (XSS) vulnerability in search.php in Zoph 0.7.2.1 allows remote attackers to inject arbitrary web script or HTML via the _off parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Julian Rodriguez
CVE-2008-3178 EXPLOITDB text VERIFIED
WebXell Editor 0.1.3 - Remote Code Execution via Unrestricted File Upload
Unrestricted file upload vulnerability in upload_pictures.php in WebXell Editor 0.1.3 allows remote attackers to execute arbitrary code by uploading a .php file with a jpeg content type, then accessing it via a direct request to the file in upload/.
by CWH Underground
CVE-2008-3152 EXPLOITDB text VERIFIED
SmartPPC and SmartPPC Pro - SQL Injection via idDirectory Parameter
SQL injection vulnerability in directory.php in SmartPPC and SmartPPC Pro allows remote attackers to execute arbitrary SQL commands via the idDirectory parameter.
by Hamtaro
CVE-2008-3151 EXPLOITDB text VERIFIED
PHP-Nuke 4ndvddb 0.91 - SQL Injection
SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_dvd action.
by Lovebug
CVE-2008-3163 EXPLOITDB text VERIFIED
DodosMail 2.5 - Path Traversal via dodosmail_header_file Parameter
Directory traversal vulnerability in dodosmail.php in DodosMail 2.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dodosmail_header_file parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ahmadbady