Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-5123 EXPLOITDB text VERIFIED
CCleague Pro 1.2 - SQL Injection via admin.php u Parameter
SQL injection vulnerability in admin.php in CCleague Pro 1.2 allows remote attackers to execute arbitrary SQL commands via the u parameter.
by t0pP8uZz
CVE-2008-2046 EXPLOITDB text VERIFIED
Softpedia SiteXS CMS 0.1.1 Pre-Alpha - Cross-Site Scripting via User Parameter
Cross-site scripting (XSS) vulnerability in index.php in Softpedia SiteXS CMS 0.1.1 Pre-Alpha allows remote attackers to inject arbitrary web script or HTML via the user parameter.
by CWH Underground
CVE-2008-2900 EXPLOITDB text VERIFIED
PHPAuction 3.2 - SQL Injection via item.php id Parameter
SQL injection vulnerability in item.php in PHPAuction 3.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Hussin X
EIP-2026-110923 EXPLOITDB text VERIFIED
phpAuction - 'profile.php' SQL Injection (2)
by Mr.SQL
CVE-2008-2972 EXPLOITDB text VERIFIED
KbLance - SQL Injection via cat_id Parameter
SQL injection vulnerability in index.php in KbLance allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a comment action.
by S.L TEAM
CVE-2008-2890 EXPLOITDB text VERIFIED
Online Fantasy Football League <= 0.2.6 - SQL Injection via fflteam_id, league_id, or player_id Parameter
Multiple SQL injection vulnerabilities in Online Fantasy Football League (OFFL) 0.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fflteam_id parameter to teams.php, the (2) league_id parameter to leagues.php, and the (3) player_id parameter to players.php.
by t0pP8uZz
EIP-2026-106879 EXPLOITDB text VERIFIED
eNews 0.1 - 'delete.php' Arbitrary Delete Post
by ilker Kandemir
CVE-2008-5125 EXPLOITDB text VERIFIED
CCleague Pro 1.2 - Unauthenticated Authentication Bypass via Type Cookie
admin.php in CCleague Pro 1.2 allows remote attackers to bypass authentication by setting the type cookie value to admin.
by t0pP8uZz
CVE-2008-2895 EXPLOITDB text VERIFIED
AproxEngine 5.1.0.4 - Path Traversal via Page Parameter
Directory traversal vulnerability in index.php in AproxEngine 5.1.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
by SkyOut
CVE-2008-2893 EXPLOITDB text VERIFIED
AJ Square aj-hyip - SQL Injection via news.php id Parameter
SQL injection vulnerability in news.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-2532.
by Hussin X
EIP-2026-104871 EXPLOITDB text VERIFIED
@CMS 2.1.1 - SQL Injection
by Mr.SQL
CVE-2008-7171 EXPLOITDB text VERIFIED
Lightweight news portal 1.0b - Cross-Site Scripting via Photo or POTD Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Lightweight news portal (LNP) 1.0b allow remote attackers to inject arbitrary web script or HTML via the (1) photo parameter to show_photo.php, (2) potd parameter to show_potd.php, or (3) the Current question field in a vote action to admin.php.
by storm
CVE-2008-2883 EXPLOITDB text VERIFIED
Jamroom 3.3.0-3.3.5 - Remote Code Execution via jamroom[jm_dir] Parameter
PHP remote file inclusion vulnerability in include/plugins/jrBrowser/payment.php in Jamroom 3.3.0 through 3.3.5 allows remote attackers to execute arbitrary PHP code via a URL in the jamroom[jm_dir] parameter. NOTE: some of these details are obtained from third party information.
by cyberlog
CVE-2008-2965 EXPLOITDB text VERIFIED
JaxUltraBB < 2.0 - Cross-Site Scripting via Forum Parameter
Cross-site scripting (XSS) vulnerability in viewforum.php in JaxUltraBB (JUBB) 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the forum parameter.
by CWH Underground
CVE-2008-6663 EXPLOITDB text VERIFIED
PHPAuctions - SQL Injection via profile.php auction_id Parameter
SQL injection vulnerability in profile.php in PHPAuctions.info PHPAuctions (aka PHPAuctionSystem) allows remote attackers to execute arbitrary SQL commands via the auction_id parameter, a different vector than CVE-2009-0106.
by Mr.SQL
CVE-2008-7172 EXPLOITDB text VERIFIED
Lightweight news portal 1.0b - Privilege Escalation
Lightweight news portal (LNP) 1.0b does not properly restrict access to administrator functionality, which allows remote attackers to gain administrator privileges via direct requests to admin.php with the (1) potd_delete, (2) potd, (3) vote_update, (4) vote, or (5) modifynews actions.
by storm
CVE-2008-2966 EXPLOITDB text VERIFIED
JaxUltraBB < 2.0 - Path Traversal via User Parameter
Directory traversal vulnerability in viewprofile.php in JaxUltraBB 2.0 and earlier allows remote attackers to read arbitrary local files via a .. (dot dot) in the user parameter. party information.
by CWH Underground
CVE-2008-2886 EXPLOITDB text VERIFIED
Jamroom 3.3.0-3.3.5 - Remote Code Execution via jamroom[jm_dir] Parameter
PHP remote file inclusion vulnerability in include/plugins/jrBrowser/purchase.php in Jamroom 3.3.0 through 3.3.5, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the jamroom[jm_dir] parameter.
by cyberlog
EIP-2026-107949 EXPLOITDB text VERIFIED
IPTBB 0.5.6 - 'act' Local File Inclusion
by storm
CVE-2007-3535 EXPLOITDB text VERIFIED
GL-SH Deaf Forum < 6.4.4 - Remote File Inclusion via Directory Traversal
Multiple directory traversal vulnerabilities in GL-SH Deaf Forum 6.4.4 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) FORUM_LANGUAGE parameter to functions.php or the (2) style parameter to bottom.php.
by BugReport.IR
CVE-2008-2887 EXPLOITDB text VERIFIED
FubarForum 1.5 - Path Traversal via Page Parameter
Directory traversal vulnerability in index.php in chaozz@work FubarForum 1.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
by cOndemned
CVE-2008-2896 EXPLOITDB text VERIFIED
FireAnt 1.3 - Remote Code Execution via Page Parameter Path Traversal
Directory traversal vulnerability in index.php in FireAnt 1.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
by cOndemned
CVE-2008-2891 EXPLOITDB text VERIFIED
emusoft emuCMS 0.3 - SQL Injection via cat_id Parameter
SQL injection vulnerability in index.php in eMuSOFT emuCMS 0.3 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a category action.
by TurkishWarriorr
CVE-2008-2971 EXPLOITDB text VERIFIED
CiBlog 3.1 - SQL Injection via id Parameter
SQL injection vulnerability in links-extern.php in CiBlog 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Mr.SQL
CVE-2008-2889 EXPLOITDB text VERIFIED
AceBIT WISE-FTP 4.1.0 and 5.5.8 - Path Traversal via FTP LIST Command Response
Directory traversal vulnerability in the FTP client in AceBIT WISE-FTP 4.1.0 and 5.5.8 allows remote FTP servers to create or overwrite arbitrary files via a ..\ (dot dot backslash) in a response to a LIST command, a related issue to CVE-2002-1345.
by Tan Chew Keong