Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-2491 EXPLOITDB text VERIFIED
AbleSpace 1.0 - SQL Injection via cat_id Parameter
SQL injection vulnerability in adv_cat.php in AbleSpace 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
by Jasbi
CVE-2008-2509 EXPLOITDB text VERIFIED
excuse_online - SQL Injection via pwd.asp pID Parameter
SQL injection vulnerability in pwd.asp in Excuse Online allows remote attackers to execute arbitrary SQL commands via the pID parameter.
by Unohope
CVE-2008-2492 EXPLOITDB text VERIFIED
Campus Bulletin Board 3.4 - SQL Injection via id or review Parameter
Multiple SQL injection vulnerabilities in Campus Bulletin Board 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to post3/view.asp and the (2) review parameter to post3/book.asp.
by Unohope
CVE-2008-2492 EXPLOITDB text VERIFIED
Campus Bulletin Board 3.4 - SQL Injection via id or review Parameter
Multiple SQL injection vulnerabilities in Campus Bulletin Board 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to post3/view.asp and the (2) review parameter to post3/book.asp.
by Unohope
CVE-2008-2493 EXPLOITDB text VERIFIED
Campus Bulletin Board 3.4 - Cross-Site Scripting via Review Parameter
Cross-site scripting (XSS) vulnerability in post3/Book.asp in Campus Bulletin Board 3.4 allows remote attackers to inject arbitrary web script or HTML via the review parameter.
by Unohope
CVE-2008-2483 EXPLOITDB text VERIFIED
Xomol CMS 1.20071213 - Path Traversal via 'op' Parameter
Directory traversal vulnerability in index.php in Xomol CMS 1.20071213 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the op parameter.
by DNX
CVE-2008-2484 EXPLOITDB text VERIFIED
Xomol CMS 1.20071213 - SQL Injection via Email Parameter
SQL injection vulnerability in index.php in Xomol CMS 1.20071213, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the email parameter.
by DNX
CVE-2008-2480 EXPLOITDB text VERIFIED
plusphp_short_url_multi-user_script 1.6 - Remote Code Execution via _pages_dir Parameter
PHP remote file inclusion vulnerability in plus.php in plusPHP Short URL Multi-User Script 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the _pages_dir parameter.
by DR.TOXIC
CVE-2008-2510 EXPLOITDB text VERIFIED
Upload File Plugin for WordPress - SQL Injection via f_id Parameter
SQL injection vulnerability in wp-uploadfile.php in the Upload File plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the f_id parameter.
by eserg.ru
CVE-2008-6633 EXPLOITDB text VERIFIED
RoomPHPlanning 1.5 - SQL Injection via idresa Parameter
SQL injection vulnerability in RoomPHPlanning 1.5 allows remote attackers to execute arbitrary SQL commands via the idresa parameter to resaopen.php.
by His0k4
CVE-2008-2481 EXPLOITDB text VERIFIED
phpraider 1.0.7 and 1.0.7a - Remote Code Execution via pConfig_auth[phpbb_path] Parameter
PHP remote file inclusion vulnerability in authentication/phpbb3/phpbb3.functions.php in phpRaider 1.0.7 and 1.0.7a, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pConfig_auth[phpbb_path] parameter.
by Kacak
CVE-2008-2783 EXPLOITDB text VERIFIED
Horde Groupware - Cross-Site Scripting via Timestamp Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware, Groupware Webmail Edition, and Kronolith allow remote attackers to inject arbitrary web script or HTML via the timestamp parameter to (1) week.php, (2) workweek.php, and (3) day.php; and (4) the horde parameter in the PATH_INFO to the default URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Ivan Sanchez
CVE-2008-2783 EXPLOITDB text VERIFIED
Horde Groupware - Cross-Site Scripting via Timestamp Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware, Groupware Webmail Edition, and Kronolith allow remote attackers to inject arbitrary web script or HTML via the timestamp parameter to (1) week.php, (2) workweek.php, and (3) day.php; and (4) the horde parameter in the PATH_INFO to the default URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Ivan Sanchez
CVE-2008-2783 EXPLOITDB text VERIFIED
Horde Groupware - Cross-Site Scripting via Timestamp Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware, Groupware Webmail Edition, and Kronolith allow remote attackers to inject arbitrary web script or HTML via the timestamp parameter to (1) week.php, (2) workweek.php, and (3) day.php; and (4) the horde parameter in the PATH_INFO to the default URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Ivan Sanchez
CVE-2008-2781 EXPLOITDB text VERIFIED
DZOIC Handshakes 3.5 - SQL Injection via fname Parameter
SQL injection vulnerability in index.php in DZOIC Handshakes 3.5 allows remote attackers to execute arbitrary SQL commands via the fname parameter in a members search action.
by Ali Jasbi
CVE-2008-2496 EXPLOITDB text VERIFIED
Quate CMS 0.3.4 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in Quate CMS 0.3.4 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) login.php, and (3) credits.php in admin/, and (4) upgrade/index.php.
by DSecRG
CVE-2008-2482 EXPLOITDB text VERIFIED
insanevisions OneCMS 2.5 - Path Traversal via install_mod.php load Parameter
Directory traversal vulnerability in install_mod.php in insanevisions OneCMS 2.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the load parameter in a go action.
by DSecRG
CVE-2008-6435 EXPLOITDB text VERIFIED
phpSQLiteCMS 1 RC2 - Cross-Site Scripting via Multiple Language Parameters
Multiple cross-site scripting (XSS) vulnerabilities in phpSQLiteCMS 1 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) lang[home], (2) lang[admin_menu], and (3) lang[admin_menu_page_overview] parameters to cms/includes/header.inc.php; and the (4) lang[login_username] and (5) lang[login_password] parameters to cms/includes/login.inc.php.
by CWH Underground
CVE-2008-6435 EXPLOITDB text VERIFIED
phpSQLiteCMS 1 RC2 - Cross-Site Scripting via Multiple Language Parameters
Multiple cross-site scripting (XSS) vulnerabilities in phpSQLiteCMS 1 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) lang[home], (2) lang[admin_menu], and (3) lang[admin_menu_page_overview] parameters to cms/includes/header.inc.php; and the (4) lang[login_username] and (5) lang[login_password] parameters to cms/includes/login.inc.php.
by CWH Underground
CVE-2008-6437 EXPLOITDB text VERIFIED
PHPFreeForum < 1.0 - Cross-Site Scripting via Error Message or Menu Parameters
Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeForum 1.0 RC2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) message parameter to error.php, and the (2) nickname and (3) randomid parameters to part/menu.php.
by tan_prathan
CVE-2008-6437 EXPLOITDB text VERIFIED
PHPFreeForum < 1.0 - Cross-Site Scripting via Error Message or Menu Parameters
Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeForum 1.0 RC2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) message parameter to error.php, and the (2) nickname and (3) randomid parameters to part/menu.php.
by tan_prathan
CVE-2008-6438 EXPLOITDB text VERIFIED
MacGuru BLOG Engine Plugin 2.1.4-2.2 - SQL Injection via uid Parameter
SQL injection vulnerability in macgurublog_menu/macgurublog.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2008-2455. NOTE: it was later reported that 2.1.4 is also affected.
by Virangar Security
CVE-2008-6431 EXPLOITDB text VERIFIED
BMForum 5.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in BMForum 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) outpused parameter to index.php, the (2) footer_copyright and (3) verandproname parameters to newtem/footer/bsd01footer.php, and the (4) topads and (5) myplugin parameters to newtem/header/bsd01header.php.
by CWH Underground
CVE-2008-6431 EXPLOITDB text VERIFIED
BMForum 5.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in BMForum 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) outpused parameter to index.php, the (2) footer_copyright and (3) verandproname parameters to newtem/footer/bsd01footer.php, and the (4) topads and (5) myplugin parameters to newtem/header/bsd01header.php.
by CWH Underground
CVE-2008-6431 EXPLOITDB text VERIFIED
BMForum 5.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in BMForum 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) outpused parameter to index.php, the (2) footer_copyright and (3) verandproname parameters to newtem/footer/bsd01footer.php, and the (4) topads and (5) myplugin parameters to newtem/header/bsd01header.php.
by CWH Underground