Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-3076 EXPLOITDB text VERIFIED
Vim - OS Command Injection via Netrw Plugin Filename Handling
The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.
by Jan Minar
CVE-2008-3180 EXPLOITDB text VERIFIED
ContentNow CMS 1.4.1 - Cross-Site Scripting via pageid Parameter or PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in upload/file/language_menu.php in ContentNow CMS 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) pageid parameter or (2) PATH_INFO.
by CWH Underground
CVE-2008-3089 EXPLOITDB text VERIFIED
Xpoze Pro 3.06 - SQL Injection via uid Parameter
SQL injection vulnerability in user.html in Xpoze Pro 3.06 (aka Xpoze Pro CMS 2008) allows remote attackers to execute arbitrary SQL commands via the uid parameter.
by HIva Team
CVE-2008-3181 EXPLOITDB text VERIFIED
ContentNow CMS 1.4.1 - Authenticated Arbitrary File Upload via upload.php
Unrestricted file upload vulnerability in upload.php in ContentNow CMS 1.4.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/.
by CWH Underground
CVE-2008-3087 EXPLOITDB text VERIFIED
Kasseler CMS 1.3.0 - Path Traversal via File Parameter
Directory traversal vulnerability in Kasseler CMS 1.3.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to index.php, possibly related to the phpManual module.
by Cr@zy_King
CVE-2008-3088 EXPLOITDB text VERIFIED
Kasseler CMS 1.3.0 and 1.3.1 Lite - Cross-Site Scripting via Files Module cid Parameter
Cross-site scripting (XSS) vulnerability in the Files module in Kasseler CMS 1.3.0 and 1.3.1 Lite allows remote attackers to inject arbitrary web script or HTML via the cid parameter in a Category action to index.php.
by Cr@zy_King
CVE-2008-3155 EXPLOITDB text VERIFIED
Panda ActiveScan <1.02.00 - Buffer Overflow
Stack-based buffer overflow in the ActiveX control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Update method.
by Karol Wiesek
CVE-2008-3156 EXPLOITDB text VERIFIED
Panda ActiveScan < 1.02.00 - Remote Code Execution via ActiveX Update Method
The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to download and execute arbitrary cabinet (CAB) files via unspecified URLs passed to the Update method.
by Karol Wiesek
CVE-2008-6841 EXPLOITDB text VERIFIED
gmitc com_dbquery < 1.4.1.1 - Remote Code Execution via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in the Green Mountain Information Technology and Consulting Database Query (com_dbquery) component 1.4.1.1 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to classes/DBQ/admin/common.class.php.
by SsEs
EIP-2026-104804 EXPLOITDB text VERIFIED
1024 CMS 1.4.4 - Multiple Local/Remote File Inclusions
by DSecRG
CVE-2008-6813 EXPLOITDB text VERIFIED
phpWebNews 0.2 MySQL Edition - SQL Injection via id_kat Parameter
SQL injection vulnerability in index.php in phpWebNews 0.2 MySQL Edition allows remote attackers to execute arbitrary SQL commands via the id_kat parameter.
by storm
CVE-2008-6812 EXPLOITDB text VERIFIED
phpWebNews 0.2 - SQL Injection via bukutamu.php det Parameter
SQL injection vulnerability in bukutamu.php in phpWebNews 0.2 MySQL Edition allows remote attackers to execute arbitrary SQL commands via the det parameter.
by Virangar Security
EIP-2026-110591 EXPLOITDB text VERIFIED
pHNews CMS Alpha 1 - Local File Inclusion
by CraCkEr
CVE-2008-3035 EXPLOITDB text VERIFIED
xchangeboard < 1.70 - Authenticated SQL Injection via newThread.php boardID Parameter
SQL injection vulnerability in newThread.php in XchangeBoard 1.70 Final and earlier allows remote authenticated users to execute arbitrary SQL commands via the boardID parameter.
by haZl0oh
CVE-2008-3083 EXPLOITDB text VERIFIED
brightcode_weblinks_module - SQL Injection via catid Parameter
SQL injection vulnerability in Brightcode Weblinks (com_brightweblinks) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.
by His0k4
EIP-2026-108148 EXPLOITDB text VERIFIED
Joomla! / Mambo Component com_is 1.0.1 - Multiple SQL Injections
by H-T Team
CVE-2008-3036 EXPLOITDB text VERIFIED
CMS little 0.0.1 - Path Traversal via Template Parameter
Directory traversal vulnerability in index.php in CMS little 0.0.1 allows remote attackers to include and execute arbitrary local files, and probably remote files, via a .. (dot dot) in the template parameter.
by CWH Underground
CVE-2008-3024 EXPLOITDB text VERIFIED
QNX Momentics < 6.3.2 - Local Privilege Escalation via Long .pal Filename
Stack-based buffer overflow in phgrafx in QNX Momentics (aka RTOS) 6.3.2 and earlier allows local users to gain privileges via a long .pal filename in palette/.
by Filipe Balestra
CVE-2008-3027 EXPLOITDB text VERIFIED
VanGogh Web CMS 0.9 - SQL Injection via article_ID Parameter
SQL injection vulnerability in get_article.php in VanGogh Web CMS 0.9 allows remote attackers to execute arbitrary SQL commands via the article_ID parameter to index.php.
by CWH Underground
CVE-2008-3026 EXPLOITDB text VERIFIED
OneClick CMS 2008-01-24 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in OneClick CMS (aka Sisplet CMS) 2008-01-24 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by CWH Underground
CVE-2008-3025 EXPLOITDB text VERIFIED
plx Ad Trader 3.2 - SQL Injection via adid Parameter
SQL injection vulnerability in ad.php in plx Ad Trader 3.2 allows remote attackers to execute arbitrary SQL commands via the adid parameter in a redir action.
by Hussin X
CVE-2008-3031 EXPLOITDB text VERIFIED
Simple PHP Agenda <= 2.2.4 - Remote File Inclusion via Page Parameter
Directory traversal vulnerability in index.php in Simple PHP Agenda 2.2.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
by StAkeR
CVE-2008-6481 EXPLOITDB text VERIFIED
com_versioning 1.0.2 - SQL Injection via id Parameter
SQL injection vulnerability in the Versioning component (com_versioning) 1.0.2 in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php.
by DarkMatter Crew
EIP-2026-108804 EXPLOITDB text VERIFIED
Joomla! Component mygallery - 'cid' SQL Injection
by Houssamix
CVE-2008-3030 EXPLOITDB text VERIFIED
EfesTECH Shop 2.0 - SQL Injection via cat_id Parameter
SQL injection vulnerability in default.asp in EfesTECH Shop 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in an urunler action.
by Kacak