Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-104874 EXPLOITDB text VERIFIED
A+ PHP Scripts News Management System 0.3 - Multiple Input Validation Vulnerabilities
by CraCkEr
CVE-2008-6713 EXPLOITDB text VERIFIED
Massive Entertainment Wic < 1.008 - Resource Management Error
World in Conflict (WIC) 1.008 and earlier allows remote attackers to cause a denial of service (access violation and crash) via a zero-byte data block to TCP port 48000, which triggers a NULL pointer dereference.
by Luigi Auriemma
CVE-2008-6670 EXPLOITDB text VERIFIED
Vertex4 SunAge < 1.08.1 - Denial of Service via Crafted UDP Packet
Integer overflow in Vertex4 SunAge 1.08.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted packet to UDP port 27960.
by Luigi Auriemma
CVE-2008-2827 EXPLOITDB text VERIFIED
perl - Arbitrary File Permission Modification via Symlink Attack in rmtree Function
The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452.
by Frans Pop
EIP-2026-100446 EXPLOITDB text VERIFIED
MVC-Web CMS 1.0/1.2 - 'newsid' SQL Injection
by Bl@ckbe@rD
CVE-2008-2873 EXPLOITDB text VERIFIED
sHibby sHop < 2.2 - Unauthenticated Sensitive Information Exposure via Direct Database Access
sHibby sHop 2.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request to Db/urun.mdb.
by KnocKout
CVE-2008-2872 EXPLOITDB text VERIFIED
shibby_shop < 2.2 - SQL Injection via sayfa Parameter
SQL injection vulnerability in default.asp in sHibby sHop 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sayfa parameter.
by KnocKout
CVE-2008-2984 EXPLOITDB text VERIFIED
CMReams CMS 1.3.1.1 Beta 2 - Cross-Site Scripting via lang[be_red_text] Parameter
Cross-site scripting (XSS) vulnerability in backend/umleitung.php in CMReams CMS 1.3.1.1 Beta 2 allows remote attackers to inject arbitrary web script or HTML via the lang[be_red_text] parameter.
by CraCkEr
CVE-2008-2981 EXPLOITDB text VERIFIED
HomePH Design 2.10 RC2 - Remote Code Execution via Template Thumbnail Parameter
PHP remote file inclusion vulnerability in admin/templates/template_thumbnail.php in HomePH Design 2.10 RC2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the thumb_template parameter.
by CraCkEr
CVE-2008-2980 EXPLOITDB text VERIFIED
HomePH Design 2.10 RC2 - Cross-Site Scripting via Multiple Admin Parameters
Multiple cross-site scripting (XSS) vulnerabilities in HomePH Design 2.10 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) error_meldung parameter to admin/features/register/register.php, the (2) feature_language[ueberschrift] parameter to admin/features/memberlist/memberlist.php, the (3) language_array[ueberschrift] parameter to admin/features/lostpassword/lostpassword.php, the (4) language_feature[titel] parameter to admin/features/kalender/eingabe.php, and the (5) language_feature[bildmenu] parameter to admin/features/fotogalerie/eingabe.php.
by CraCkEr
CVE-2008-2882 EXPLOITDB text VERIFIED
sHibby sHop < 2.2 - Unauthenticated Arbitrary File Write via upgrade.asp
upgrade.asp in sHibby sHop 2.2 and earlier does not require administrative authentication, which allows remote attackers to update a file or have unspecified other impact via a direct request.
by KnocKout
CVE-2008-2884 EXPLOITDB text VERIFIED
rss_aggregator - Remote Code Execution via Path Parameter
PHP remote file inclusion vulnerability in display.php in RSS-aggregator allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: some of these details are obtained from third party information.
by Ghost Hacker
CVE-2008-2986 EXPLOITDB text VERIFIED
phpdmca 1.0.0 - Remote File Inclusion via ourlinux_root_path Parameter
Multiple PHP remote file inclusion vulnerabilities in phpDMCA 1.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the ourlinux_root_path parameter to (1) adodb-errorpear.inc.php and (2) adodb-pear.inc.php in adodb/.
by CraCkEr
CVE-2008-2897 EXPLOITDB text VERIFIED
PageSquid CMS 0.3 Beta - SQL Injection via Page Parameter
SQL injection vulnerability in index.php in PageSquid CMS 0.3 Beta allows remote attackers to execute arbitrary SQL commands via the page parameter.
by CWH Underground
EIP-2026-110226 EXPLOITDB text VERIFIED
Open Digital Assets Repository System 1.0.2 - Remote File Inclusion
by CraCkEr
CVE-2008-2885 EXPLOITDB text VERIFIED
Odars - Code Injection
PHP remote file inclusion vulnerability in src/browser/resource/categories/resource_categories_view.php in Open Digital Assets Repository System (ODARS) 1.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CLASSES_ROOT parameter.
by CraCkEr
CVE-2008-2888 EXPLOITDB text VERIFIED
MiGCMS 2.0.5 - Remote Code Execution via GLOBALS[application][app_root] Parameter
Multiple PHP remote file inclusion vulnerabilities in MiGCMS 2.0.5, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[application][app_root] parameter to (1) collection.class.php and (2) content_image.class.php in lib/obj/.
by CraCkEr
EIP-2026-108644 EXPLOITDB text VERIFIED
Joomla! Component EXP Shop 1.0 - SQL Injection
by His0k4
CVE-2008-2892 EXPLOITDB text VERIFIED
EXP Shop Component 1.0 for Joomla! - SQL Injection via catid Parameter
SQL injection vulnerability in the EXP Shop (com_expshop) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_payment action to index.php.
by His0k4
CVE-2008-2982 EXPLOITDB text VERIFIED
HomePH Design 2.10 RC2 - Path Traversal via Multiple Parameters
Multiple directory traversal vulnerabilities in HomePH Design 2.10 RC2, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) thumb_template parameter to (a) admin/templates/template_thumbnail.php, and the (2) language parameter to (b) account/account.php, (c) downloads/downloads.php, (d) forum/forum.php, (e) fotogalerie/delete.php, and (f) fotogalerie/fotogalerie.php in admin/features/.
by CraCkEr
CVE-2008-6740 EXPLOITDB text VERIFIED
HoMaP-CMS 0.1 - Remote Code Execution via _settings[pluginpath] Parameter
PHP remote file inclusion vulnerability in html/admin/modules/plugin_admin.php in HoMaP-CMS 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the _settings[pluginpath] parameter.
by CraCkEr
CVE-2008-2898 EXPLOITDB text VERIFIED
hedgehog-cms 1.21 - Path Traversal and Arbitrary File Execution via c_temp_path Parameter
Directory traversal vulnerability in includes/header.php in Hedgehog-CMS 1.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the c_temp_path parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
by CraCkEr
CVE-2008-2961 EXPLOITDB text VERIFIED
CMS Mini 0.2.2 - Path Traversal via Path or P Parameter
Multiple directory traversal vulnerabilities in view/index.php in CMS Mini 0.2.2 allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) path and (2) p parameter.
by CWH Underground
CVE-2008-2985 EXPLOITDB text VERIFIED
CMReams CMS 1.3.1.1 Beta 2 - Path Traversal via load_language.php page_language Parameter
Directory traversal vulnerability in load_language.php in CMReams CMS 1.3.1.1 Beta 2, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page_language parameter.
by CraCkEr
EIP-2026-100284 EXPLOITDB text VERIFIED
DUdForum 3.0 - 'iFor' SQL Injection
by Bl@ckbe@rD