Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-5174 EXPLOITDB text VERIFIED
Jokes Complete Website 2.1.3 - SQL Injection
SQL injection vulnerability in joke.php in Jokes Complete Website 2.1.3 allows remote attackers to execute arbitrary SQL commands via the jokeid parameter.
by InjEctOr5
CVE-2008-5169 EXPLOITDB text VERIFIED
Drinks Complete Website 2.1.0 - SQL Injection
SQL injection vulnerability in drinks/drink.php in Drinks Complete Website 2.1.0 allows remote attackers to execute arbitrary SQL commands via the drinkid parameter.
by InjEctOr5
CVE-2008-5170 EXPLOITDB text VERIFIED
Cheats Complete Website 1.1.1 - SQL Injection
SQL injection vulnerability in item.php in Cheats Complete Website 1.1.1 allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
by InjEctOr5
CVE-2008-6667 EXPLOITDB text VERIFIED
A+ PHP Scripts News Management System - Unauthenticated Authentication Bypass via Cookie Manipulation
A+ PHP Scripts News Management System (NMS) allows remote attackers to bypass authentication and gain administrator privileges by setting the mobsuser and mobspass cookies to 1.
by Virangar Security
CVE-2008-7185 EXPLOITDB text VERIFIED
GNOME Rhythmbox 0.11.5 - Denial of Service via Long Title Field in Playlist File
GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of service (segmentation fault and crash) via a playlist (.pls) file with a long Title field, possibly related to the g_hash_table_lookup function in b-playlist-manager.c.
by Juan Pablo Lopez Yacubian
EIP-2026-100225 EXPLOITDB text VERIFIED
Commtouch Anti-Spam Enterprise Gateway - Cross-Site Scripting
by Erez Metula
CVE-2008-3116 EXPLOITDB text VERIFIED
Snail Game 5th Street - Remote Code Execution via Chat Message Format String
Format string vulnerability in dx8render.dll in Snail Game (aka Suzhou Snail Electronic Company) 5th street (aka Hot Step or High Street 5) allows remote attackers to execute arbitrary code via format string specifiers in a chat message.
by superkhung
CVE-2008-2875 EXPLOITDB text VERIFIED
Webdevindo-CMS 1.0.0 - SQL Injection via hal Parameter
SQL injection vulnerability in index.php in Webdevindo-CMS 1.0.0 allows remote attackers to execute arbitrary SQL commands via the hal parameter.
by CWH Underground
CVE-2008-7167 EXPLOITDB text VERIFIED
Page Manager 2006-02-04 - Unauthenticated Arbitrary File Upload via upload.php
Unrestricted file upload vulnerability in upload.php in Page Manager 2006-02-04 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
by CWH Underground
CVE-2008-3497 EXPLOITDB text VERIFIED
MyPHP CMS 0.3.1 - SQL Injection via pid Parameter
SQL injection vulnerability in pages.php in MyPHP CMS 0.3.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
by CWH Underground
CVE-2008-2876 EXPLOITDB text VERIFIED
munky 0.0.1 - Remote File Inclusion via Zone Parameter Path Traversal
Directory traversal vulnerability in index.php in mUnky 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the zone parameter.
by StAkeR
CVE-2008-3498 EXPLOITDB text VERIFIED
nBill (com_netinvoice) 1.2.0 SP1 - SQL Injection
SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in an orders action to index.php. NOTE: some of these details are obtained from third party information.
by His0k4
CVE-2008-2874 EXPLOITDB text VERIFIED
Softbiz Jokes & Funny Pics Script - SQL Injection via sbjoke_id Parameter
SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics Script allows remote attackers to execute arbitrary SQL commands via the sbjoke_id parameter, a different vector than CVE-2008-1050.
by Hussin X
CVE-2008-2881 EXPLOITDB text VERIFIED
Relative Real Estate Systems < 3.0 - Cleartext Password Storage
Relative Real Estate Systems 3.0 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.
by K-159
CVE-2008-1247 EXPLOITDB text VERIFIED
Linksys WRT54g 1.00.9 - Unauthenticated Arbitrary Administrative Actions via Direct Script Request
The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1) Advanced.tri, (2) AdvRoute.tri, (3) Basic.tri, (4) ctlog.tri, (5) ddns.tri, (6) dmz.tri, (7) factdefa.tri, (8) filter.tri, (9) fw.tri, (10) manage.tri, (11) ping.tri, (12) PortRange.tri, (13) ptrigger.tri, (14) qos.tri, (15) rstatus.tri, (16) tracert.tri, (17) vpn.tri, (18) WanMac.tri, (19) WBasic.tri, or (20) WFilter.tri. NOTE: the Security.tri vector is already covered by CVE-2006-5202.
by meathive
CVE-2008-2870 EXPLOITDB text VERIFIED
ShareCMS 0.1 Beta - SQL Injection via eventID or userID Parameter
Multiple SQL injection vulnerabilities in ShareCMS 0.1 Beta allow remote attackers to execute arbitrary SQL commands via the (1) eventID parameter to event_info.php and the (2) userID parameter to list_user.php.
by CWH Underground
CVE-2008-3185 EXPLOITDB text VERIFIED
Relative Real Estate Systems <3.0 - SQL Injection
SQL injection vulnerability in index.php in Relative Real Estate Systems 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the listing_id parameter in a listings action.
by K-159
CVE-2008-2869 EXPLOITDB text VERIFIED
E-topbiz Link ADS 1 - SQL Injection via linkid Parameter
SQL injection vulnerability in out.php in E-topbiz Link ADS 1 allows remote attackers to execute arbitrary SQL commands via the linkid parameter.
by Hussin X
CVE-2008-6427 EXPLOITDB text VERIFIED
hivemaker < 1.0.2 - SQL Injection via cid Parameter
SQL injection vulnerability in index.php in Hivemaker Professional 1.0.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by security fears team
CVE-2008-2867 EXPLOITDB text VERIFIED
E-topbiz Viral DX 1 2.07 - SQL Injection via adclick.php bannerid Parameter
SQL injection vulnerability in adclick.php in E-topbiz Viral DX 1 2.07 allows remote attackers to execute arbitrary SQL commands via the bannerid parameter.
by Hussin X
CVE-2006-5202 EXPLOITDB text VERIFIED
Linksys WRT54g firmware 1.00.9 - RCE
Linksys WRT54g firmware 1.00.9 does not require credentials when making configuration changes, which allows remote attackers to modify arbitrary configurations via a direct request to Security.tri, as demonstrated using the SecurityMode and layout parameters, a different issue than CVE-2006-2559.
by meathive
CVE-2008-2868 EXPLOITDB text VERIFIED
DUcalendar < 1.0 - SQL Injection via iEve Parameter
SQL injection vulnerability in detail.asp in DUware DUcalendar 1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the iEve parameter.
by Bl@ckbe@rD
CVE-2008-6635 EXPLOITDB text VERIFIED
Geody Dagger r12feb2008 - Remote Code Execution via dir_inc Parameter
PHP remote file inclusion vulnerability in skins/default.php in Geody Labs Dagger - The Cutting Edge r12feb2008, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir_inc parameter.
by CraCkEr
CVE-2008-2978 EXPLOITDB text VERIFIED
Ourvideo CMS 9.5 - Path Traversal via RSS Prefix Parameter
Directory traversal vulnerability in phpi/rss.php in Ourvideo CMS 9.5, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the prefix parameter.
by CraCkEr
CVE-2008-2977 EXPLOITDB text VERIFIED
Ourvideo CMS 9.5 - Remote Code Execution via include_connection Parameter
Multiple PHP remote file inclusion vulnerabilities in Ourvideo CMS 9.5 allow remote attackers to execute arbitrary PHP code via a URL in the include_connection parameter to (1) edit_top_feature.php and (2) edit_topics_feature.php in phpi/.
by CraCkEr