Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-2975 EXPLOITDB text VERIFIED
TinX/cms 1.1 - Cross-Site Scripting via Language Parameter
Cross-site scripting (XSS) vulnerability in admin/objects/obj_image.php in TinX/cms 1.1 allows remote attackers to inject arbitrary web script or HTML via the language parameter.
by CraCkEr
CVE-2008-2973 EXPLOITDB text VERIFIED
MM Chat 1.5 - Cross-Site Scripting via sitename or wmessage Parameter
Multiple cross-site scripting (XSS) vulnerabilities in chathead.php in MM Chat 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) sitename and (2) wmessage parameters.
by CraCkEr
CVE-2008-2963 EXPLOITDB text VERIFIED
MyBlog - SQL Injection via View Parameter or ID Parameter
Multiple SQL injection vulnerabilities in MyBlog allow remote attackers to execute arbitrary SQL commands via the (1) view parameter to (a) index.php, and the (2) id parameter to (b) member.php and (c) post.php.
by CWH Underground
CVE-2008-2962 EXPLOITDB text VERIFIED
MyBlog - Cross-Site Scripting via s, sort, or id Parameters
Multiple cross-site scripting (XSS) vulnerabilities in MyBlog allow remote attackers to inject arbitrary web script or HTML via the (1) s and (2) sort parameters to index.php, and the (3) id parameter to post.php.
by CWH Underground
CVE-2008-2976 EXPLOITDB text VERIFIED
TinX/cms 1.1 - Path Traversal via Language or Prefix Parameter
Multiple directory traversal vulnerabilities in TinX/cms 1.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) language parameter to (a) include_me.php, (b) admin/ajax.php, and (c) admin/objects/catalog.ajaxhandler.php; and the (2) prefix parameter to (d) admin/inc/config.php.
by CraCkEr
CVE-2008-2964 EXPLOITDB text VERIFIED
ResearchGuide 0.5 - SQL Injection via id Parameter
SQL injection vulnerability in guide.php in ResearchGuide 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by dun
EIP-2026-111699 EXPLOITDB text VERIFIED
Ready2Edit - 'menuid' SQL Injection
by Mr.SQL
CVE-2008-2871 EXPLOITDB text VERIFIED
PEGames - Cross-Site Scripting via sitetitle sitenav sitemain or sitealt Parameters
Multiple cross-site scripting (XSS) vulnerabilities in template2.php in PEGames allow remote attackers to inject arbitrary web script or HTML via the (1) sitetitle, (2) sitenav, (3) sitemain, and (4) sitealt parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by CraCkEr
CVE-2008-2979 EXPLOITDB text VERIFIED
Ourvideo CMS 9.5 - Cross-Site Scripting via top_page and end_page Parameters
Multiple cross-site scripting (XSS) vulnerabilities in phpi/login.php in Ourvideo CMS 9.5 allow remote attackers to inject arbitrary web script or HTML via the (1) top_page and (2) end_page parameters.
by CraCkEr
CVE-2008-6193 EXPLOITDB text VERIFIED
MyBlog - Cleartext Password Storage
Sam Crew MyBlog stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.
by CWH Underground
CVE-2008-2974 EXPLOITDB text VERIFIED
MM Chat 1.5 - Path Traversal via currentlang Parameter
Directory traversal vulnerability in chatconfig.php in MM Chat 1.5, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the currentlang parameter.
by CraCkEr
CVE-2008-2990 EXPLOITDB text VERIFIED
com_facileforms - Remote Code Execution via ff_compath Parameter
PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter.
by Kacak
EIP-2026-107759 EXPLOITDB text VERIFIED
IDMOS 1.0 - 'site_absolute_path' Multiple Remote File Inclusions
by CraCkEr
CVE-2008-2989 EXPLOITDB text VERIFIED
HoMaP-CMS 0.1 - SQL Injection via Index.php Go Parameter
SQL injection vulnerability in index.php in HoMaP-CMS 0.1 allows remote attackers to execute arbitrary SQL commands via the go parameter.
by SxCx
CVE-2008-2983 EXPLOITDB text VERIFIED
Demo4 CMS 01 Beta - SQL Injection via id Parameter
SQL injection vulnerability in index.php in Demo4 CMS 01 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter.
by CWH Underground
CVE-2008-6636 EXPLOITDB text VERIFIED
Geody Dagger r12feb2008 - Remote Code Execution via dir_edge_skins Parameter
PHP remote file inclusion vulnerability in skins/default.php in Geody Labs Dagger - The Cutting Edge r12feb2008, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir_edge_skins parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by CraCkEr
CVE-2008-2877 EXPLOITDB text VERIFIED
cmsWorks 2.2 RC4 - Remote Code Execution via mod_root Parameter
PHP remote file inclusion vulnerability in admin/include/lib.module.php in cmsWorks 2.2 RC4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mod_root parameter.
by CraCkEr
CVE-2008-3186 EXPLOITDB text VERIFIED
Chipmunk Blogger - Cross-Site Scripting via Membername Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blog (Blogger) allow remote attackers to inject arbitrary web script or HTML via the membername parameter to (1) members.php, (2) comments.php, (3) photos.php, (4) archive.php, or (5) cat.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by sl4xUz
CVE-2008-3186 EXPLOITDB text VERIFIED
Chipmunk Blogger - Cross-Site Scripting via Membername Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blog (Blogger) allow remote attackers to inject arbitrary web script or HTML via the membername parameter to (1) members.php, (2) comments.php, (3) photos.php, (4) archive.php, or (5) cat.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by sl4xUz
CVE-2008-3186 EXPLOITDB text VERIFIED
Chipmunk Blogger - Cross-Site Scripting via Membername Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blog (Blogger) allow remote attackers to inject arbitrary web script or HTML via the membername parameter to (1) members.php, (2) comments.php, (3) photos.php, (4) archive.php, or (5) cat.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by sl4xUz
CVE-2008-3186 EXPLOITDB text VERIFIED
Chipmunk Blogger - Cross-Site Scripting via Membername Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blog (Blogger) allow remote attackers to inject arbitrary web script or HTML via the membername parameter to (1) members.php, (2) comments.php, (3) photos.php, (4) archive.php, or (5) cat.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by sl4xUz
CVE-2008-3186 EXPLOITDB text VERIFIED
Chipmunk Blogger - Cross-Site Scripting via Membername Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blog (Blogger) allow remote attackers to inject arbitrary web script or HTML via the membername parameter to (1) members.php, (2) comments.php, (3) photos.php, (4) archive.php, or (5) cat.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by sl4xUz
CVE-2008-2987 EXPLOITDB text VERIFIED
Benja CMS 0.1 - Cross-Site Scripting via PATH_INFO to Admin Menu Pages
Multiple cross-site scripting (XSS) vulnerabilities in Benja CMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin_edit_submenu.php, (2) admin_new_submenu.php, and (3) admin_edit_topmenu.php in admin/.
by CWH Underground
CVE-2008-2987 EXPLOITDB text VERIFIED
Benja CMS 0.1 - Cross-Site Scripting via PATH_INFO to Admin Menu Pages
Multiple cross-site scripting (XSS) vulnerabilities in Benja CMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin_edit_submenu.php, (2) admin_new_submenu.php, and (3) admin_edit_topmenu.php in admin/.
by CWH Underground
CVE-2008-2987 EXPLOITDB text VERIFIED
Benja CMS 0.1 - Cross-Site Scripting via PATH_INFO to Admin Menu Pages
Multiple cross-site scripting (XSS) vulnerabilities in Benja CMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin_edit_submenu.php, (2) admin_new_submenu.php, and (3) admin_edit_topmenu.php in admin/.
by CWH Underground