Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-6637 EXPLOITDB text VERIFIED
SAFARI Montage < 3.1.3 - Cross-Site Scripting via School and Email Parameters
Multiple cross-site scripting (XSS) vulnerabilities in forgotPW.php in Library Video Company SAFARI Montage 3.1.x allow remote attackers to inject arbitrary web script or HTML via the (1) school and (2) email parameters.
by Omer Singer
CVE-2008-6572 EXPLOITDB text VERIFIED
AbleDating 2.4 - SQL Injection via search_results.php Keyword Parameter
SQL injection vulnerability in search_results.php in ABK-Soft AbleDating 2.4 allows remote attackers to execute arbitrary SQL commands via the keyword parameter.
by Ali Jasbi
CVE-2008-6439 EXPLOITDB text VERIFIED
AbleDating 2.4 - Cross-Site Scripting via search_results.php Keyword Parameter
Cross-site scripting (XSS) vulnerability in search_results.php in ABK-Soft AbleDating 2.4 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.
by Ali Jasbi
CVE-2008-2333 EXPLOITDB text VERIFIED
Barracuda Spam Firewall < 3.5.11.025 - Cross-Site Scripting via LDAP Test Email Parameter
Cross-site scripting (XSS) vulnerability in ldap_test.cgi in Barracuda Spam Firewall (BSF) before 3.5.11.025 allows remote attackers to inject arbitrary web script or HTML via the email parameter.
by Information Risk Management Plc
CVE-2008-2505 EXPLOITDB text VERIFIED
Simpel Side Weblosning 1-4 - Cross-Site Scripting via Search Parameter
Cross-site scripting (XSS) vulnerability in result.php in Simpel Side Weblosning 1 through 4 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
by Mr.SQL
CVE-2008-2506 EXPLOITDB text VERIFIED
Simpel Side Weblosning 1-4 - SQL Injection via mainid or id Parameter
Multiple SQL injection vulnerabilities in Simpel Side Weblosning 1 through 4 allow remote attackers to execute arbitrary SQL commands via the (1) mainid and (2) id parameters to index2.php.
by Mr.SQL
CVE-2008-2461 EXPLOITDB text VERIFIED
Netious CMS 0.4 - SQL Injection via Pageid Parameter
SQL injection vulnerability in index.php in Netious CMS 0.4 allows remote attackers to execute arbitrary SQL commands via the pageid parameter, a different vector than CVE-2006-4047.
by InjEctOr5
CVE-2008-2504 EXPLOITDB text VERIFIED
Simpel Side Netbutik 1-4 - SQL Injection via cat or id Parameter
Multiple SQL injection vulnerabilities in Simpel Side Netbutik 1 through 4 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to netbutik.php and the (2) id parameter to product.php.
by Mr.SQL
EIP-2026-104867 EXPLOITDB text VERIFIED
6rbScript - 'news.php' SQL Injection
by Hussin X
CVE-2008-2421 EXPLOITDB text VERIFIED
SAP Web Application Server 7.0 - Cross-Site Scripting via PATH_INFO to Web GUI
Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web Application Server (WAS) 7.0, Web Dynpro for ABAP (aka WD4A or WDA), and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under bc/gui/sap/its/webgui/.
by DSecRG
CVE-2008-1331 EXPLOITDB text VERIFIED
OmniPCX Office OXO210 < 210/091.001 and OXO600 < 610/014.001 - Remote Command Execution via FastJSData.cgi id2 Parameter
cgi-data/FastJSData.cgi in OmniPCX Office with Internet Access services OXO210 before 210/091.001, OXO600 before 610/014.001, and other versions, allows remote attackers to execute arbitrary commands and "obtain OXO resources" via shell metacharacters in the id2 parameter.
by DSecRG
CVE-2008-3331 EXPLOITDB text VERIFIED
Mantis < 1.1.2 - Cross-Site Scripting via return_dynamic_filters.php filter_target Parameter
Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter.
by USH
CVE-2008-2276 EXPLOITDB text VERIFIED
Mantis 1.1.1 - Cross-Site Request Forgery via manage_user_create.php
Cross-site request forgery (CSRF) vulnerability in manage_user_create.php in Mantis 1.1.1 allows remote attackers to create new administrative users via a crafted link.
by USH
CVE-2008-2422 EXPLOITDB text VERIFIED
Webslider - SQL Injection
SQL injection vulnerability in index.php in Web Slider 0.6 allows remote attackers to execute arbitrary SQL commands via the slide parameter in a slides action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by fahn zichler
CVE-2008-2458 EXPLOITDB text VERIFIED
Starsgames Control Panel < 4.6.2 - Cross-Site Scripting via st Parameter
Cross-site scripting (XSS) vulnerability in index.php in Starsgames Control Panel 4.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the st parameter.
by CWH Underground
CVE-2008-2457 EXPLOITDB text VERIFIED
bitmixsoft php-jokesite 2.0 - SQL Injection via cat_id Parameter
SQL injection vulnerability in jokes_category.php in PHP-Jokesite 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
by InjEctOr5
CVE-2008-2477 EXPLOITDB text VERIFIED
MxBB Portal 2.7.3 - SQL Injection via Page Parameter
SQL injection vulnerability in index.php in MxBB (aka MX-System) Portal 2.7.3 allows remote attackers to execute arbitrary SQL commands via the page parameter.
by cOndemned
CVE-2008-3332 EXPLOITDB text VERIFIED
Mantis < 1.1.2 - Authenticated Remote Code Execution via adm_config_set.php Value Parameter
Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter.
by USH
EIP-2026-106755 EXPLOITDB text VERIFIED
eCMS 0.4.2 - SQL Injection / Security Bypass
by Virangar Security
EIP-2026-106754 EXPLOITDB text VERIFIED
eCMS 0.4.2 - Multiple Vulnerabilities
by hadihadi
CVE-2008-2456 EXPLOITDB text VERIFIED
ComicShout < 2.5 - SQL Injection via comic_id Parameter
SQL injection vulnerability in index.php in ComicShout 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the comic_id parameter.
by Niiub
CVE-2008-2398 EXPLOITDB text VERIFIED
AppServ < 2.5.10 - Cross-Site Scripting via appservlang Parameter
Cross-site scripting (XSS) vulnerability in index.php in AppServ Open Project 2.5.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter.
by CWH Underground
EIP-2026-100548 EXPLOITDB text VERIFIED
Site Tanitimlari Scripti - Multiple SQL Injections
by fahn zichler
EIP-2026-100249 EXPLOITDB text VERIFIED
DizaynPlus Nobetci Eczane Takip 1.0 - 'ayrinti.asp' SQL Injection
by U238
CVE-2008-2396 EXPLOITDB text VERIFIED
microSSys CMS < 1.5 - Remote Code Execution via PAGES Array Parameter
PHP remote file inclusion vulnerability in index.php in Wajox Software microSSys CMS 1.5 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in an arbitrary element of the PAGES array parameter.
by Raz0r