Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-7184 EXPLOITDB text VERIFIED
Diigo Toolbar and Diigolet - Stored Cross-Site Scripting via Public Comment
Cross-site scripting (XSS) vulnerability in Diigo Toolbar and Diigolet allows remote attackers to inject arbitrary web script or HTML via a public comment.
by Ferruh Mavituna
CVE-2008-2894 EXPLOITDB text VERIFIED
NCH Software Classic FTP 1.02 - Path Traversal via FTP LIST Command Response
Directory traversal vulnerability in the FTP client in NCH Software Classic FTP 1.02 for Windows allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345.
by Tan Chew Keong
EIP-2026-100603 EXPLOITDB text VERIFIED
Virtual Support Office XP 3.0.29 - Multiple Vulnerabilities
by BugReport.IR
CVE-2008-2863 EXPLOITDB text VERIFIED
elinestudio site_composer < 2.6 - Path Traversal via inpCurrFolder Parameter
Multiple absolute path traversal vulnerabilities in eLineStudio Site Composer (ESC) 2.6 allow remote attackers to create or delete arbitrary directories via a full pathname in the inpCurrFolder parameter to (1) folderdel_.asp or (2) foldernew.asp in cms/assetmanager/.
by BugReport.IR
CVE-2008-2862 EXPLOITDB text VERIFIED
eLineStudio Site Composer < 2.6 - SQL Injection via id or template_id Parameter
Multiple SQL injection vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to ansFAQ.asp and the (2) template_id parameter to preview.asp.
by BugReport.IR
CVE-2008-2861 EXPLOITDB text VERIFIED
eLineStudio Site Composer <= 2.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topic and (2) button parameters to ansFAQ.asp and the (3) id and (4) txtEmail parameters to login.asp.
by BugReport.IR
CVE-2008-2855 EXPLOITDB text VERIFIED
OwnRS Beta 3 - Cross-Site Scripting via Clanek.php ID Parameter
Cross-site scripting (XSS) vulnerability in clanek.php in OwnRS Beta 3 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
by CWH Underground
CVE-2008-2970 EXPLOITDB text VERIFIED
Academic Web Tools < 1.4.2.8 - Session Fixation via PHPSESSID Parameter
Multiple session fixation vulnerabilities in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to hijack web sessions by setting the PHPSESSID parameter to (1) index.php and (2) login.php in homepg/.
by BugReport.IR
EIP-2026-112992 EXPLOITDB text VERIFIED
vBulletin 3.7.1 - Moderation Control Panel 'redirect' Cross-Site Scripting
by Jessica Hope
EIP-2026-111882 EXPLOITDB text VERIFIED
samart-cms 2.0 - 'contentsid' SQL Injection
by dun
CVE-2008-2856 EXPLOITDB text VERIFIED
OwnRS Beta 3 - SQL Injection via clanek.php id Parameter
SQL injection vulnerability in clanek.php in OwnRS Beta 3 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by CWH Underground
CVE-2008-2854 EXPLOITDB text VERIFIED
Orlando CMS 0.6 - Remote Code Execution via GLOBALS[preloc] Parameter
Multiple PHP remote file inclusion vulnerabilities in Orlando CMS 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[preloc] parameter to (1) modules/core/logger/init.php and (2) AJAX/newscat.php.
by Ciph3r
EIP-2026-109216 EXPLOITDB text VERIFIED
Lotus Core CMS 1.0.1 - Remote File Inclusion
by Ciph3r
CVE-2008-2864 EXPLOITDB text VERIFIED
eLineStudio Site Composer <= 2.6 - Exposure of Sensitive Information via Direct Request
eLineStudio Site Composer (ESC) 2.6 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) trigger.asp or (2) common2.asp in cms/include/, which reveals the database path.
by BugReport.IR
CVE-2008-2837 EXPLOITDB text VERIFIED
CMS-BRD - SQL Injection via Menuclick Parameter
SQL injection vulnerability in index.php in CMS-BRD allows remote attackers to execute arbitrary SQL commands via the menuclick parameter.
by dun
CVE-2008-2860 EXPLOITDB text VERIFIED
AJSquare AJ Auction Pro 2.0 - SQL Injection via category.php cate_id Parameter
SQL injection vulnerability in category.php in AJSquare AJ Auction Pro web 2.0 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.
by Hussin X
EIP-2026-105040 EXPLOITDB text VERIFIED
AJ Auction 1.0 - 'id' SQL Injection
by Hussin X
CVE-2008-2830 EXPLOITDB text VERIFIED
Mac OS X 10.4.11 and 10.5.4 - Privilege Escalation via Scripting Addition Commands
Open Scripting Architecture in Apple Mac OS X 10.4.11 and 10.5.4, and some other 10.4 and 10.5 versions, does not properly restrict the loading of scripting addition plugins, which allows local users to gain privileges via scripting addition commands to a privileged application, as originally demonstrated by an osascript tell command to ARDAgent.
by anonymous
CVE-2008-6668 EXPLOITDB text VERIFIED
nweb2fax <= 0.2.7 - Path Traversal via id or var_filename Parameter
Multiple directory traversal vulnerabilities in nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) id parameter to comm.php and (2) var_filename parameter to viewrq.php.
by dun
CVE-2008-2842 EXPLOITDB text VERIFIED
doitlive/cms < 2.50 - Cross-Site Scripting via FILE Parameter
Cross-site scripting (XSS) vulnerability in edit/showmedia.asp in doITLive CMS 2.50 and earlier allows remote attackers to inject arbitrary web script or HTML via the FILE parameter.
by BugReport.IR
CVE-2008-2838 EXPLOITDB text VERIFIED
traindepot 0.1 - Path Traversal via Module Parameter
Directory traversal vulnerability in index.php in Traindepot 0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter.
by CWH Underground
CVE-2008-2959 EXPLOITDB text VERIFIED
Microsoft Visual Basic Enterprise Edition 6.0 SP6 - Buffer Overflow via fCreateShellLink lpstrLinkPath Argument
Buffer overflow in a certain ActiveX control (vb6skit.dll) in Microsoft Visual Basic Enterprise Edition 6.0 SP6 might allow remote attackers to execute arbitrary code via a long lpstrLinkPath argument to the fCreateShellLink function.
by shinnai
CVE-2008-2839 EXPLOITDB text VERIFIED
Traindepot 0.1 - Cross-Site Scripting via Search Query Parameter
Cross-site scripting (XSS) vulnerability in the search module in Traindepot 0.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter to index.php.
by CWH Underground
CVE-2008-6669 EXPLOITDB text VERIFIED
nweb2fax <= 0.2.7 - Remote Code Execution via viewrq.php var_filename Parameter
viewrq.php in nweb2fax 0.2.7 and earlier allows remote attackers to execute arbitrary code via shell metacharacters in the var_filename parameter in a (1) tif or (2) pdf format action.
by dun
EIP-2026-109878 EXPLOITDB text VERIFIED
netBIOS - 'newsid' SQL Injection
by security fears team