Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-105758 EXPLOITDB text VERIFIED
CAT2 - 'spaw_root' Local File Inclusion
by StAkeR
CVE-2007-1899 EXPLOITDB text VERIFIED
myWebland myBloggie 2.1.6 - SQL Injection via User ID Parameter
Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a viewuser action to index.php, and allow remote authenticated administrators to execute arbitrary SQL commands via (2) the post_id parameter in an edit action to admin.php.
by Jesper Jurcenoks
CVE-2008-3033 EXPLOITDB text VERIFIED
RSS-aggregator 1.0 - Unauthenticated Admin Function Access via admin/fonctions/ Directory
RSS-aggregator 1.0 does not require administrative authentication for the admin/fonctions/ directory, which allows remote attackers to access admin functions and have unspecified other impact, as demonstrated by (1) an IdFlux request to supprimer_flux.php and (2) a TpsRafraich request to modifier_tps_rafraich.php.
by CWH Underground
CVE-2008-3034 EXPLOITDB text VERIFIED
rss_aggregator 1.0 - SQL Injection via IdFlux or IdTag Parameter
Multiple SQL injection vulnerabilities in RSS-aggregator 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) IdFlux parameter to admin/fonctions/supprimer_flux.php and the (2) IdTag parameter to admin/fonctions/supprimer_tag.php.
by CWH Underground
CVE-2008-3034 EXPLOITDB text VERIFIED
rss_aggregator 1.0 - SQL Injection via IdFlux or IdTag Parameter
Multiple SQL injection vulnerabilities in RSS-aggregator 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) IdFlux parameter to admin/fonctions/supprimer_flux.php and the (2) IdTag parameter to admin/fonctions/supprimer_tag.php.
by CWH Underground
EIP-2026-111689 EXPLOITDB text VERIFIED
RCM Revision Web Development - 'products.php' SQL Injection
by Niiub
CVE-2008-3131 EXPLOITDB text VERIFIED
powie psys 0.7.0 Alpha - SQL Injection via chatbox.php showid Parameter
SQL injection vulnerability in chatbox.php in pSys 0.7.0 Alpha, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the showid parameter.
by DNX
CVE-2008-3080 EXPLOITDB text VERIFIED
myWebland myBloggie 2.1.6 - Cross-Site Request Forgery in admin.php
Cross-site request forgery (CSRF) vulnerability in admin.php in myWebland myBloggie 2.1.6 allows remote attackers to perform edit actions as administrators. NOTE: this can be leveraged to execute SQL commands by also exploiting CVE-2007-1899.
by Jesper Jurcenoks
EIP-2026-109295 EXPLOITDB text VERIFIED
Mambo Component N-Gallery - Multiple SQL Injections
by AlbaniaN-[H]
CVE-2008-3127 EXPLOITDB text VERIFIED
HIOX Banner Rotator 1.3 - Remote File Inclusion via hm Parameter
PHP remote file inclusion vulnerability in hioxBannerRotate.php in HIOX Banner Rotator (HBR) 1.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter.
by Ghost Hacker
CVE-2007-3653 EXPLOITDB text VERIFIED
FaName 1.0 - Cross-Site Scripting via key/desc/name Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Farsi Script (aka FaScript) FaName 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) key or (2) desc parameter to index.php, or (3) the name parameter to page.php.
by Jesper Jurcenoks
CVE-2007-3653 EXPLOITDB text VERIFIED
FaName 1.0 - Cross-Site Scripting via key/desc/name Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Farsi Script (aka FaScript) FaName 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) key or (2) desc parameter to index.php, or (3) the name parameter to page.php.
by Jesper Jurcenoks
CVE-2008-5190 EXPLOITDB text VERIFIED
eshop100 - SQL Injection via SUB Parameter
SQL injection vulnerability in index.php in eSHOP100 allows remote attackers to execute arbitrary SQL commands via the SUB parameter.
by JuDge
CVE-2008-3129 EXPLOITDB text VERIFIED
Catviz 0.4 beta 1 - SQL Injection via Foreign Key Value or Webpage Parameter
Multiple SQL injection vulnerabilities in index.php in Catviz 0.4 beta 1 allow remote attackers to execute arbitrary SQL commands via the (1) foreign_key_value parameter in the news page and (2) webpage parameter in the webpage_multi_edit form.
by anonymous
CVE-2008-5198 EXPLOITDB text VERIFIED
Acmlmboard 1.A2 - SQL Injection via Memberlist pow Parameter
SQL injection vulnerability in memberlist.php in Acmlmboard 1.A2 allows remote attackers to execute arbitrary SQL commands via the pow parameter.
by anonymous
CVE-2008-3140 EXPLOITDB text VERIFIED
Wireshark 1.0.0 - Denial of Service in Syslog Dissector
The syslog dissector in Wireshark (formerly Ethereal) 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors, possibly related to an "incomplete SS7 MSU syslog encapsulated packet."
by Noam Rathus
CVE-2008-2943 EXPLOITDB text VERIFIED
IBM Tivoli Directory Server 6.1.0.0-6.1.0.15 - Authenticated Denial of Service via Duplicate ibm-globalAdminGroup Entry
Double free vulnerability in IBM Tivoli Directory Server (TDS) 6.1.0.0 through 6.1.0.15 allows remote authenticated administrators to cause a denial of service (ABEND) and possibly execute arbitrary code by using ldapadd to attempt to create a duplicate ibm-globalAdminGroup LDAP database entry. NOTE: the vendor states "There is no real risk of a vulnerability," although there are likely scenarios in which a user is allowed to make administrative LDAP requests but does not have the privileges to stop the server.
by anonymous
CVE-2008-2952 EXPLOITDB text VERIFIED
OpenLDAP 2.2.4-2.4.10 - Denial of Service via Crafted ASN.1 BER Datagrams
liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error.
by Cameron Hotchkies
CVE-2008-5203 EXPLOITDB text VERIFIED
PowerAward 1.1.0 RC1 - Cross-Site Scripting via l_vote_done Parameter
Cross-site scripting (XSS) vulnerability in external_vote.php in PowerAward 1.1.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the l_vote_done parameter.
by CraCkEr
CVE-2008-5195 EXPLOITDB text VERIFIED
SebracCMS 0.4 - SQL Injection via recid Parameter
Multiple SQL injection vulnerabilities in SebracCMS (sbcms) 0.4 allow remote attackers to execute arbitrary SQL commands via (1) the recid parameter to cms/form/read.php, (2) the uname parameter to cms/index.php, and other unspecified vectors.
by shinmai
CVE-2008-5204 EXPLOITDB text VERIFIED
PowerAward 1.1.0 RC1 - Path Traversal
Multiple directory traversal vulnerabilities in PowerAward 1.1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter to (1) agb.php, (2) angemeldet.php, (3) anmelden.php, (4) charts.php, (5) external_vote.php, (6) guestbook.php, (7) impressum.php, (8) index.php, (9) rss-reader.php, (10) statistic.php, (11) teilnehmer.php, (12) topsites.php, (13) votecode.php, (14) voting.php, and (15) winner.php.
by CraCkEr
CVE-2008-5194 EXPLOITDB text VERIFIED
SoftVisions obm 2.2 - SQL Injection
SQL injection vulnerability in checkavail.php in SoftVisions Software Online Booking Manager (obm) 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Hussin X
CVE-2008-7169 EXPLOITDB text VERIFIED
Jabode com_jabode - SQL Injection via id Parameter
SQL injection vulnerability in Jabode horoscope extension (com_jabode) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a sign task to index.php.
by His0k4
CVE-2008-3132 EXPLOITDB text VERIFIED
Joomla com_beamospetition - SQL Injection via Pet Parameter
SQL injection vulnerability in the beamospetition (com_beamospetition) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pet parameter to index.php.
by His0k4
CVE-2008-6703 EXPLOITDB text VERIFIED
Stalker-game S.t.a.l.k.e.r. < 1.0006 - Memory Corruption
Stack-based buffer overflow in the IPureServer::_Recieve function in S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to execute arbitrary code via a compressed 0x39 packet, which is decompressed by the NET_Compressor::Decompress function.
by Luigi Auriemma