Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-5264 EXPLOITDB text VERIFIED
Tornado Knowledge Retrieval System <4.2 - XSS
Cross-site scripting (XSS) vulnerability in searcher.exe in Tornado Knowledge Retrieval System 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the p parameter in a root action.
by Unohope
CVE-2008-5274 EXPLOITDB text VERIFIED
Todd Woolums ASP News Management 2.2 - Info Disclosure
Todd Woolums ASP News Management 2.2 allows remote attackers to obtain news items via a direct request to (1) rss.asp, (2) viewheadings.asp, or (3) viewnews.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Bl@ckbe@rD
CVE-2008-5268 EXPLOITDB text VERIFIED
ASPPortal - SQL Injection via Topic_Id Parameter
SQL injection vulnerability in content/forums/reply.asp in ASPPortal allows remote attackers to execute arbitrary SQL commands via the Topic_Id parameter.
by JosS
CVE-2008-6739 EXPLOITDB text VERIFIED
Todd Woolums ASP Download 1.03 - Unauthenticated Privilege Escalation via setupdownload.asp
Todd Woolums ASP Download management script 1.03 does not require authentication for setupdownload.asp, which allows remote attackers to gain administrator privileges via a direct request.
by Zigma
CVE-2008-2681 EXPLOITDB text VERIFIED
Realm CMS < 2.3 - Exposure of Sensitive Information via Direct Request to _db/compact.asp
Realm CMS 2.3 and earlier allows remote attackers to obtain sensitive information via a direct request to _db/compact.asp, which reveals the database path in an error message.
by BugReport.IR
CVE-2008-2680 EXPLOITDB text VERIFIED
Realm CMS < 2.3 - Cross-Site Scripting via CmpctedDB or Boyut Parameters
Multiple cross-site scripting (XSS) vulnerabilities in _db/compact.asp in Realm CMS 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) CmpctedDB and (2) Boyut parameters.
by BugReport.IR
CVE-2008-2679 EXPLOITDB text VERIFIED
Realm CMS < 2.3 - SQL Injection via KeyWordsList kwrd Parameter
SQL injection vulnerability in the KeyWordsList function in _includes/inc_routines.asp in Realm CMS 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the kwrd parameter in a kwl action to the default URI.
by BugReport.IR
CVE-2008-2677 EXPLOITDB text VERIFIED
Telephone Directory 2008 - Cross-Site Scripting via edit1.php action parameter
Cross-site scripting (XSS) vulnerability in edit1.php in Telephone Directory 2008 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
by CWH Underground
CVE-2008-2678 EXPLOITDB text VERIFIED
Telephone Directory 2008 - SQL Injection via code or id Parameter
Multiple SQL injection vulnerabilities in Telephone Directory 2008, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) code parameter in a confirm_data action to edit1.php and the (2) id parameter to view_more.php.
by CWH Underground
CVE-2008-2682 EXPLOITDB text VERIFIED
Realm CMS 2.3 - Unauthenticated Authentication Bypass via Cookie Manipulation
_RealmAdmin/login.asp in Realm CMS 2.3 and earlier allows remote attackers to bypass authentication and access admin pages via certain modified cookies, probably including (1) cUserRole, (2) cUserName, and (3) cUserID.
by BugReport.IR
CVE-2008-2687 EXPLOITDB text VERIFIED
ProManager 0.73 - Remote File Inclusion via Language Parameter Path Traversal
Directory traversal vulnerability in inc/config.php in ProManager 0.73 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
by Stack
CVE-2008-2673 EXPLOITDB text VERIFIED
powie pNews 2.08 and 2.10 - SQL Injection via shownews Parameter
SQL injection vulnerability in index.php in Powie pNews 2.08 and 2.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the shownews parameter.
by Cr@zy_King
EIP-2026-100521 EXPLOITDB text VERIFIED
Real Estate Website 1.0 - 'location.asp' Multiple Input Validation Vulnerabilities
by JosS
EIP-2026-100520 EXPLOITDB text VERIFIED
real estate Web site 1.0 - SQL Injection / Cross-Site Scripting
by JosS
CVE-2008-2688 EXPLOITDB text VERIFIED
pilot_cart 7.3 - SQL Injection via Article Parameter
SQL injection vulnerability in pilot.asp in ASPilot Pilot Cart 7.3 allows remote attackers to execute arbitrary SQL commands via the article parameter in a kb action.
by Bl@ckbe@rD
CVE-2008-2694 EXPLOITDB text VERIFIED
phpinv 0.8.0 - Cross-Site Scripting via Search Keyword Parameter
Cross-site scripting (XSS) vulnerability in search.php in phpInv 0.8.0 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.
by CWH Underground
CVE-2008-2689 EXPLOITDB text VERIFIED
BrowserCRM 5.002.00 - Remote Code Execution via bcrm_pub_root Parameter
PHP remote file inclusion vulnerability in pub/clients.php in BrowserCRM 5.002.00 allows remote attackers to execute arbitrary PHP code via a URL in the bcrm_pub_root parameter.
by ahmadbady
CVE-2008-7178 EXPLOITDB text VERIFIED
XOOPS Uploader 1.1 - Path Traversal
Directory traversal vulnerability in Uploader module 1.1 for XOOPS allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a downloadfile action to index.php.
by MEEKAAH
CVE-2008-2695 EXPLOITDB text VERIFIED
phpinv 0.8.0 - Remote File Inclusion via Action Parameter Path Traversal
Directory traversal vulnerability in entry.php in phpInv 0.8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter.
by CWH Underground
CVE-2008-2697 EXPLOITDB text VERIFIED
Joomla com_rapidrecipe 1.6.6-1.6.7 - SQL Injection via recipe_id Parameter
SQL injection vulnerability in the Rapid Recipe (com_rapidrecipe) component 1.6.6 and 1.6.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php.
by His0k4
CVE-2008-2690 EXPLOITDB text VERIFIED
BrowserCRM 5.002.00 - Remote Code Execution via bcrm_pub_root Parameter
Multiple PHP remote file inclusion vulnerabilities in BrowserCRM 5.002.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the bcrm_pub_root parameter to (1) kb.php, (2) login.php, (3) index.php, (4) contact_view.php, and (5) contact.php in pub/, different vectors than CVE-2008-2689. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ahmadbady
CVE-2008-2691 EXPLOITDB text VERIFIED
JiRo FAQ Manager eXperience 1.0 - SQL Injection via fID Parameter
SQL injection vulnerability in read.asp in JiRo's FAQ Manager eXperience 1.0 allows remote attackers to execute arbitrary SQL commands via the fID parameter.
by Zigma
EIP-2026-111934 EXPLOITDB text VERIFIED
SchoolCenter 7.5 - Multiple Cross-Site Scripting Vulnerabilities
by Doz
CVE-2008-2702 EXPLOITDB text VERIFIED
ESTsoft ALFTP 4.1 beta 2 and 5.0 - Path Traversal via FTP LIST Response
Directory traversal vulnerability in the FTP client in ALTools ESTsoft ALFTP 4.1 beta 2 and 5.0 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.
by Tan Chew Keong
CVE-2008-2560 EXPLOITDB text VERIFIED
427BB 2.3.1 - SQL Injection via showpost.php post Parameter
SQL injection vulnerability in showpost.php in 427BB 2.3.1 allows remote attackers to execute arbitrary SQL commands via the post parameter.
by CWH Underground