Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-5201 EXPLOITDB text VERIFIED
OTManager CMS 24a - Remote File Inclusion via Conteudo Parameter
Directory traversal vulnerability in index.php in OTManager CMS 24a allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conteudo parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
by CWH Underground
CVE-2008-5192 EXPLOITDB text VERIFIED
Philboard 1.14 and 1.2 - SQL Injection via forum.asp forumid Parameter
SQL injection vulnerability in forum.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: this might overlap CVE-2008-2334, CVE-2008-1939, CVE-2007-2641, or CVE-2007-0920.
by Bl@ckbe@rD
CVE-2008-2949 EXPLOITDB text VERIFIED
Microsoft Internet Explorer 6-7 - XSS
Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to change the location property of a frame via the String data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener. NOTE: according to Microsoft, this is a duplicate of CVE-2008-2947, possibly a different attack vector.
by Eduardo Vela
CVE-2008-5175 EXPLOITDB text VERIFIED
AceFTP Freeware/AceFTP Pro 3.80.3 - Path Traversal
Directory traversal vulnerability in the FTP client in AceFTP Freeware 3.80.3 and AceFTP Pro 3.80.3 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345.
by Tan Chew Keong
CVE-2008-5193 EXPLOITDB text VERIFIED
Philboard 1.14 and 1.2 - Cross-Site Scripting via search.asp searchterms Parameter
Cross-site scripting (XSS) vulnerability in search.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. NOTE: this might overlap CVE-2007-4024.
by Bl@ckbe@rD
CVE-2008-5191 EXPLOITDB text VERIFIED
SePortal 2.4 - SQL Injection via poll_id or sp_id Parameter
Multiple SQL injection vulnerabilities in SePortal 2.4 allow remote attackers to execute arbitrary SQL commands via the (1) poll_id parameter to poll.php and the (2) sp_id parameter to staticpages.php.
by Mr.SQL
CVE-2008-5197 EXPLOITDB text VERIFIED
php-fusion - SQL Injection via Classifieds Detail Adverts lid Parameter
SQL injection vulnerability in classifieds.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the lid parameter in a detail_adverts action.
by boom3rang
CVE-2008-5202 EXPLOITDB text VERIFIED
OTManager CMS 24a - Cross-Site Scripting via Conteudo Parameter
Cross-site scripting (XSS) vulnerability in index.php in OTManager CMS 24a allows remote attackers to inject arbitrary web script or HTML via the conteudo parameter.
by CWH Underground
CVE-2008-7179 EXPLOITDB text VERIFIED
OTManager CMS 2.4 - Unauthenticated Authentication Bypass via Cookie Manipulation
OTManager CMS 2.4 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN_Hora, ADMIN_Logado, and ADMIN_Nome cookies to certain values, as reachable in Admin/index.php.
by Virangar Security
EIP-2026-102688 EXPLOITDB text VERIFIED
Mozilla Firefox 3.0 - '.JPEG' File Denial of Service
by Beenu Arora
CVE-2008-3505 EXPLOITDB text VERIFIED
polypager < 1.0 - Cross-Site Scripting via nr Parameter
Cross-site scripting (XSS) vulnerability in PolyPager 1.0 rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via the nr parameter to the default URI.
by CWH Underground
CVE-2008-5168 EXPLOITDB text VERIFIED
Tips Complete Website 1.2.0 - SQL Injection
SQL injection vulnerability in tip.php in Tips Complete Website 1.2.0 allows remote attackers to execute arbitrary SQL commands via the tipid parameter.
by InjEctOr5
CVE-2008-5163 EXPLOITDB text VERIFIED
The Rat CMS Pre-Alpha 2 - SQL Injection
Multiple SQL injection vulnerabilities in The Rat CMS Pre-Alpha 2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewarticle.php and (2) viewarticle2.php.
by CWH Underground
CVE-2008-5164 EXPLOITDB text VERIFIED
The Rat CMS Pre-Alpha 2 - Cross-Site Scripting via id Parameter or PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in The Rat CMS Pre-Alpha 2 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) viewarticle.php and (b) viewarticle2.php and the (2) PATH_INFO to viewarticle.php.
by CWH Underground
CVE-2008-5163 EXPLOITDB text VERIFIED
The Rat CMS Pre-Alpha 2 - SQL Injection
Multiple SQL injection vulnerabilities in The Rat CMS Pre-Alpha 2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewarticle.php and (2) viewarticle2.php.
by CWH Underground
CVE-2008-5164 EXPLOITDB text VERIFIED
The Rat CMS Pre-Alpha 2 - Cross-Site Scripting via id Parameter or PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in The Rat CMS Pre-Alpha 2 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) viewarticle.php and (b) viewarticle2.php and the (2) PATH_INFO to viewarticle.php.
by CWH Underground
EIP-2026-111960 EXPLOITDB text VERIFIED
Seagull PHP Framework 0.6.4 - 'FCKeditor' Arbitrary File Upload
by EgiX
CVE-2008-5166 EXPLOITDB text VERIFIED
Riddles Website 1.2.1 - SQL Injection
SQL injection vulnerability in riddle.php in Riddles Website 1.2.1 allows remote attackers to execute arbitrary SQL commands via the riddleid parameter.
by InjEctOr5
CVE-2008-3506 EXPLOITDB text VERIFIED
polypager < 1.0 - SQL Injection via nr Parameter
SQL injection vulnerability in PolyPager 1.0 rc2 and earlier allows remote attackers to execute arbitrary SQL commands via the nr parameter to the default URI.
by CWH Underground
CVE-2008-5171 EXPLOITDB text VERIFIED
phpBLASTER CMS 1.0 RC1 - Path Traversal
Multiple directory traversal vulnerabilities in admin/minibb/index.php in phpBLASTER CMS 1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) DB, (2) lang, and (3) skin parameters.
by CraCkEr
CVE-2008-5196 EXPLOITDB text VERIFIED
Kroax (the_kroax) 4.42 - SQL Injection
SQL injection vulnerability in kroax.php in the Kroax (the_kroax) 4.42 and earlier module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the category parameter.
by boom3rang
CVE-2008-5167 EXPLOITDB text VERIFIED
Boonex Orca 2.0 and 2.0.2 - Remote Code Execution via gConf[dir][layouts] Parameter
PHP remote file inclusion vulnerability in layout/default/params.php in Boonex Orca 2.0 and 2.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gConf[dir][layouts] parameter.
by Ciph3r
CVE-2008-6734 EXPLOITDB text VERIFIED
Keller Web Admin CMS 0.94 Pro - Path Traversal via Action Parameter
Directory traversal vulnerability in Public/index.php in Keller Web Admin CMS 0.94 Pro allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter.
by StAkeR
CVE-2008-6734 EXPLOITDB text VERIFIED
Keller Web Admin CMS 0.94 Pro - Path Traversal via Action Parameter
Directory traversal vulnerability in Public/index.php in Keller Web Admin CMS 0.94 Pro allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter.
by CWH Underground
EIP-2026-107338 EXPLOITDB text VERIFIED
Galmeta Post CMS 0.2 - Multiple Local File Inclusions
by CWH Underground