Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-105970 EXPLOITDB text VERIFIED
CMS from Scratch 1.1.3 - 'image.php' Directory Traversal
by Stack
CVE-2008-5223 EXPLOITDB text VERIFIED
Airaev Commerce 3.0 - SQL Injection
SQL injection vulnerability in index.php in Airvae Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
by QTRinux
CVE-2008-5225 EXPLOITDB text VERIFIED
Xerox DocuShare < 6 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare 6 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) SearchResults/ and (2) Services/ in dsdn/dsweb/, and (3) the default URI under unspecified docushare/dsweb/ServicesLib/Group-#/ directories.
by Doz
CVE-2008-5225 EXPLOITDB text VERIFIED
Xerox DocuShare < 6 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare 6 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) SearchResults/ and (2) Services/ in dsdn/dsweb/, and (3) the default URI under unspecified docushare/dsweb/ServicesLib/Group-#/ directories.
by Doz
CVE-2008-5225 EXPLOITDB text VERIFIED
Xerox DocuShare < 6 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare 6 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) SearchResults/ and (2) Services/ in dsdn/dsweb/, and (3) the default URI under unspecified docushare/dsweb/ServicesLib/Group-#/ directories.
by Doz
EIP-2026-100500 EXPLOITDB text VERIFIED
Proje ASP Portal 2.0 - 'id' Multiple SQL Injections
by Ugurcan Engin
EIP-2026-100383 EXPLOITDB text VERIFIED
JustPORTAL 1.0 - 'site' Multiple SQL Injections
by Ugurcan Engin
CVE-2008-5222 EXPLOITDB text VERIFIED
dvbbs 8.2.0 - SQL Injection via login.asp Username Parameter
SQL injection vulnerability in login.asp in Dvbbs 8.2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.
by hackerbinhphuoc
CVE-2008-2501 EXPLOITDB text VERIFIED
PHPhotoalbum 0.5 - SQL Injection via Album or PID Parameter
Multiple SQL injection vulnerabilities in PHPhotoalbum 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) album parameter to thumbnails.php and the (2) pid parameter to displayimage.php.
by cOndemned
EIP-2026-108213 EXPLOITDB text VERIFIED
Joomla! Component Artist - 'idgalery' SQL Injection
by Cr@zy_King
EIP-2026-108133 EXPLOITDB text VERIFIED
Joomla! / Mambo Component Artists - 'idgalery' SQL Injection
by Cr@zy_King
CVE-2008-2572 EXPLOITDB text VERIFIED
FlashBlog - SQL Injection via articulo_id Parameter
SQL injection vulnerability in php/leer_comentarios.php in FlashBlog allows remote attackers to execute arbitrary SQL commands via the articulo_id parameter.
by HER0
CVE-2008-2507 EXPLOITDB text VERIFIED
Calcium 3.10 and 4.0.4 - Cross-Site Scripting via CalendarName Parameter
Cross-site scripting (XSS) vulnerability in Calcium40.pl in Brown Bear Software Calcium 3.10 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the CalendarName parameter in a ShowIt action.
by Marvin Simkin
CVE-2008-2508 EXPLOITDB text VERIFIED
tr_script_news 2.1 - Cross-Site Scripting via nb Parameter
Cross-site scripting (XSS) vulnerability in news.php in Tr Script News 2.1 allows remote attackers to inject arbitrary web script or HTML via the "nb" parameter in voir mode.
by ZoRLu
CVE-2008-2782 EXPLOITDB text VERIFIED
OtomiGenX 2.2 - Directory Traversal and Arbitrary File Execution via Lang Parameter
Multiple directory traversal vulnerabilities in OtomiGenX 2.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) library_rss.php and (2) rss.php.
by Saime
CVE-2008-2774 EXPLOITDB text VERIFIED
CartKeeper CKGold Shopping Cart 2.5 and 2.7 - SQL Injection via item.php category_id Parameter
SQL injection vulnerability in item.php in CartKeeper CKGold Shopping Cart 2.5 and 2.7 allows remote attackers to execute arbitrary SQL commands via the category_id parameter, a different vector than CVE-2007-4736.
by Cr@zy_King
CVE-2008-6634 EXPLOITDB text VERIFIED
RoomPHPlanning 1.5 - SQL Injection via idroom Parameter
SQL injection vulnerability in RoomPHPlanning 1.5 allows remote attackers to execute arbitrary SQL commands via the idroom parameter to weekview.php.
by Virangar Security
CVE-2008-2488 EXPLOITDB text VERIFIED
RoomPHPlanning 1.5 - Authenticated Privilege Escalation via admin/userform.php
admin/userform.php in RoomPHPlanning 1.5 does not require administrative credentials, which allows remote authenticated users to create new admin accounts.
by Stack
CVE-2008-2479 EXPLOITDB text VERIFIED
phpFix 2.0 - SQL Injection via kind or account Parameter
Multiple SQL injection vulnerabilities in phpFix 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) kind parameter to fix/browse.php and the (2) account parameter to auth/00_pass.php.
by Unohope
CVE-2008-2479 EXPLOITDB text VERIFIED
phpFix 2.0 - SQL Injection via kind or account Parameter
Multiple SQL injection vulnerabilities in phpFix 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) kind parameter to fix/browse.php and the (2) account parameter to auth/00_pass.php.
by Unohope
CVE-2008-6620 EXPLOITDB text VERIFIED
GraFX miniCWB < 2.1.1 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in javascript/editor/editor/filemanager/browser/mcpuk/connectors/php/connector.php in GraFX miniCWB 2.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) errcontext, (2) _GET, (3) _POST, (4) _SESSION, (5) _SERVER, and (6) fckphp_config[Debug_SERVER] parameters.
by CWH Underground
CVE-2008-2487 EXPLOITDB text VERIFIED
maxsite < 1.10 - SQL Injection via Category Parameter
SQL injection vulnerability in index.php in MAXSITE 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter in a webboard action.
by Tesz
CVE-2008-6618 EXPLOITDB text VERIFIED
ClassSystem 2.3 - SQL Injection via teacher_id and message_id Parameters
Multiple SQL injection vulnerabilities in ClassSystem 2.3 allow remote attackers to execute arbitrary SQL commands via the teacher_id parameter in (1) class/HomepageMain.php and (2) class/HomepageTop.php, and (3) the message_id parameter in class/MessageReply.php.
by Unohope
CVE-2008-6618 EXPLOITDB text VERIFIED
ClassSystem 2.3 - SQL Injection via teacher_id and message_id Parameters
Multiple SQL injection vulnerabilities in ClassSystem 2.3 allow remote attackers to execute arbitrary SQL commands via the teacher_id parameter in (1) class/HomepageMain.php and (2) class/HomepageTop.php, and (3) the message_id parameter in class/MessageReply.php.
by Unohope
CVE-2008-6618 EXPLOITDB text VERIFIED
ClassSystem 2.3 - SQL Injection via teacher_id and message_id Parameters
Multiple SQL injection vulnerabilities in ClassSystem 2.3 allow remote attackers to execute arbitrary SQL commands via the teacher_id parameter in (1) class/HomepageMain.php and (2) class/HomepageTop.php, and (3) the message_id parameter in class/MessageReply.php.
by Unohope