Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-111885 EXPLOITDB text VERIFIED
SamTodo 1.1 - 'tid' Cross-Site Scripting
by David Sopas Ferreira
EIP-2026-111884 EXPLOITDB text VERIFIED
SamTodo 1.1 - 'completed' Cross-Site Scripting
by David Sopas Ferreira
CVE-2008-5269 EXPLOITDB text VERIFIED
powie psys 0.7.0 alpha - SQL Injection via shownews Parameter
SQL injection vulnerability in index.php in pSys 0.7.0 alpha allows remote attackers to execute arbitrary SQL commands via the shownews parameter.
by anonymous
CVE-2008-2562 EXPLOITDB text VERIFIED
PowerPhlogger < 2.2.5 - Authenticated SQL Injection via css_str Parameter
SQL injection vulnerability in edCss.php in PowerPhlogger 2.2.5 and earlier allows remote authenticated users to execute arbitrary SQL commands via the css_str parameter in an edit action.
by MustLive
CVE-2008-2568 EXPLOITDB text VERIFIED
Joomla com_simpleshop < 3.4 - SQL Injection via catid Parameter
SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component 3.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a browse action to index.php.
by His0k4
CVE-2008-6068 EXPLOITDB text VERIFIED
Joomla! com_joomladate 1.2 - SQL Injection
SQL injection vulnerability in the JoomlaDate (com_joomladate) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a viewProfile action to index.php.
by His0k4
CVE-2008-2561 EXPLOITDB text VERIFIED
427BB 2.3.1 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in 427BB 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to (a) register.php, (b) reminder.php, and (c) search.php; the (2) uname, (3) email, and (4) email2 parameters to register.php; the (5) email parameter to reminder.php; and the (6) keywords parameter to search.php.
by CWH Underground
CVE-2008-2637 EXPLOITDB text VERIFIED
F5 FirePass SSL VPN 6.0.2 hotfix 3 - Cross-Site Scripting via css_exceptions or sql_matchscope Parameter
Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the sql_matchscope parameter in vdesk/admincon/index.php.
by nnposter
CVE-2008-2637 EXPLOITDB text VERIFIED
F5 FirePass SSL VPN 6.0.2 hotfix 3 - Cross-Site Scripting via css_exceptions or sql_matchscope Parameter
Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the sql_matchscope parameter in vdesk/admincon/index.php.
by nnposter
EIP-2026-101038 EXPLOITDB text VERIFIED
Linksys WRH54G 1.1.3 Wireless-G Router - HTTP Request Denial of Service
by dubingyao
CVE-2008-2566 EXPLOITDB text VERIFIED
php-address_book < 3.1.5 - Cross-Site Scripting via Group Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the group parameter to (1) index.php or (2) the default URI.
by CWH Underground
CVE-2008-2565 EXPLOITDB text VERIFIED
php-address_book < 4.0 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected.
by CWH Underground
EIP-2026-114397 EXPLOITDB text VERIFIED
WyMIEN PHP 1.0 - 'index.php' Cross-Site Scripting
by ZoRLu
CVE-2013-1748 EXPLOITDB text VERIFIED
PHP Address Book 8.2.5 - SQL Injection via edit.php or import.php Parameters
Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php. NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by CVE-2008-2565.2.
by CWH Underground
EIP-2026-110637 EXPLOITDB text VERIFIED
PHP Address Book 3.1.5 - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities
by CWH Underground
CVE-2008-6678 EXPLOITDB text VERIFIED
QuickerSite 1.8.5 - SQL Injection via sNickName Parameter
SQL injection vulnerability in asp/includes/contact.asp in QuickerSite 1.8.5 allows remote attackers to execute arbitrary SQL commands via the sNickName parameter in a profile action to default.asp.
by BugReport.IR
CVE-2008-2633 EXPLOITDB text VERIFIED
Joomla com_joomradio 1.0 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in the EXP JoomRadio (com_joomradio) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) show_radio or (2) show_video action to index.php.
by His0k4
CVE-2008-2627 EXPLOITDB text VERIFIED
Joomla com_idoblog <= b24 - SQL Injection via UserID Parameter
SQL injection vulnerability in the IDoBlog (com_idoblog) component b24 and earlier and 1.0, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the userid parameter in a userblog action to index.php.
by His0k4
CVE-2008-2574 EXPLOITDB text VERIFIED
FlashBlog 0.31 beta - Unauthenticated Arbitrary File Upload via imgupload.php
Unrestricted file upload vulnerability in admin/Editor/imgupload.php in FlashBlog 0.31 beta allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the file in tus_imagenes/.
by ilker Kandemir
CVE-2008-2626 EXPLOITDB text VERIFIED
battleblog <= 1.25 - SQL Injection via comment.asp Entry Parameter
SQL injection vulnerability in comment.asp in Battle Blog 1.25 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter.
by Bl@ckbe@rD
CVE-2008-2638 EXPLOITDB text VERIFIED
1-script 1-book < 1.0.1 - Remote Code Execution via Guestbook Message Parameter
Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php.
by JIKO
CVE-2008-2644 EXPLOITDB text VERIFIED
SMEWeb 1.4b and 1.4f - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in SMEWeb 1.4b and 1.4f allow remote attackers to inject arbitrary web script or HTML via the (1) data parameter to catalog.php, the (2) keyword parameter to search.php, the (3) page parameter to bb.php, and the (4) new_s parameter to order.php.
by CWH Underground
CVE-2008-2652 EXPLOITDB text VERIFIED
SMEWeb 1.4b and 1.4f - SQL Injection via idp and category Parameters
Multiple SQL injection vulnerabilities in catalog.php in SMEWeb 1.4b and 1.4f allow remote attackers to execute arbitrary SQL commands via the (1) idp and (2) category parameters.
by CWH Underground
CVE-2008-2629 EXPLOITDB text VERIFIED
LifeType - SQL Injection via albumId Parameter
SQL injection vulnerability in the LifeType (formerly pLog) module for Drupal allows remote attackers to execute arbitrary SQL commands via the albumId parameter in a ViewAlbum action to index.php.
by DreamTurk
EIP-2026-110409 EXPLOITDB text VERIFIED
OtomiGenX 2.2 - 'userAccount' SQL Injection
by hadihadi