Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-2393 EXPLOITDB text VERIFIED
EntertainmentScript 1.4.0 - SQL Injection via play.php id Parameter
SQL injection vulnerability in play.php in EntertainmentScript 1.4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Mr.SQL
CVE-2008-2478 EXPLOITDB text VERIFIED
cPanel < 11.8.6 and < 11.23.1 - Authenticated Remote Code Execution via Email Address Field
scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field (aka Email text box). NOTE: the vendor disputes this, stating "I'm unable to reproduce such an issue on multiple servers running different versions of cPanel.
by Ali Jasbi
CVE-2008-2350 EXPLOITDB text VERIFIED
bcoos 1.0.9-1.0.13 - Path Traversal via File Parameter
Directory traversal vulnerability in highlight.php in bcoos 1.0.9 through 1.0.13 allows remote attackers to read arbitrary files via (1) .. (dot dot) or (2) C: folder sequences in the file parameter.
by Lostmon
CVE-2008-2394 EXPLOITDB text VERIFIED
TAGWORX.CMS 3.00.02 - SQL Injection via cid or nid Parameter
Multiple SQL injection vulnerabilities in TAGWORX.CMS 3.00.02 allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter to contact.php and the (2) nid parameter to news.php.
by dun
EIP-2026-109223 EXPLOITDB text VERIFIED
Lulieblog 1.2 - Multiple Vulnerabilities
by Cod3rZ
CVE-2008-2353 EXPLOITDB text VERIFIED
gnugallery < 1.1.1.0 - Path Traversal via show Parameter
Directory traversal vulnerability in admin.php in GNU/Gallery 1.1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the show parameter.
by t0pP8uZz
EIP-2026-106710 EXPLOITDB text VERIFIED
Easycms 0.4.2 - Multiple Vulnerabilities
by t0pP8uZz
CVE-2008-2351 EXPLOITDB text VERIFIED
CMS WebManager-Pro - SQL Injection via lang_id or menu_id Parameters
Multiple SQL injection vulnerabilities in index.php in CMS WebManager-Pro allow remote attackers to execute arbitrary SQL commands via the (1) lang_id and (2) menu_id parameters.
by dun
CVE-2008-2346 EXPLOITDB text VERIFIED
AlkalinePHP < 0.77.35 - Unauthenticated Admin Account Creation via Direct Request to adduser.php
AlkalinePHP 0.77.35 and earlier allows remote attackers to bypass authentication and gain administrative access by creating an admin account via a direct request to adduser.php.
by t0pP8uZz
EIP-2026-105054 EXPLOITDB text VERIFIED
Ajax Framework - 'lang' Local File Inclusion
by dun
CVE-2008-2355 EXPLOITDB text VERIFIED
WR-Meeting 1.0 - Path Traversal via msnum Parameter
Directory traversal vulnerability in index.php in WR-Meeting 1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the msnum parameter in a coment event.
by Cr@zy_King
EIP-2026-110825 EXPLOITDB text VERIFIED
PHP-Nuke 'KuiraniKerim' Module - 'sid' SQL Injection
by Lovebug
CVE-2008-2417 EXPLOITDB text VERIFIED
How2ASP.net Webboard 4.1 - SQL Injection via qNo Parameter
SQL injection vulnerability in showQAnswer.asp in How2ASP.net Webboard 4.1 allows remote attackers to execute arbitrary SQL commands via the qNo parameter.
by CWH Underground
EIP-2026-114633 EXPLOITDB text VERIFIED
Zomplog 3.8.2 - 'force_download.php' File Disclosure
by Stack
CVE-2008-2415 EXPLOITDB text VERIFIED
DigitalHive 2.0 RC2 - Path Traversal via Page Parameter
Directory traversal vulnerability in template/purpletech/base_include.php in DigitalHive (aka hive) 2.0 RC2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
by ZoRLu
CVE-2008-2414 EXPLOITDB text VERIFIED
AN Guestbook 0.4 - Cross-Site Scripting via send_email.php postid Parameter
Cross-site scripting (XSS) vulnerability in send_email.php in AN Guestbook (ANG) 0.4 allows remote attackers to inject arbitrary web script or HTML via the postid parameter.
by ZoRLu
CVE-2008-2412 EXPLOITDB text VERIFIED
ACGV News 0.9.1 - SQL Injection via glossaire.php id Parameter
SQL injection vulnerability in glossaire.php in ACGV News 0.9.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by ZoRLu
CVE-2008-2413 EXPLOITDB text VERIFIED
ACGV News 0.9.1 - Cross-Site Scripting via glossaire.php id Parameter
Cross-site scripting (XSS) vulnerability in glossaire.php in ACGV News 0.9.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
by ZoRLu
CVE-2008-2342 EXPLOITDB text VERIFIED
News Manager 2.0 - Path Traversal via Attachments.php ID Parameter
Directory traversal vulnerability in attachments.php in News Manager 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
by GoLd_M
CVE-2008-2341 EXPLOITDB text VERIFIED
News Manager 2.0 - Remote Code Execution via ch_readalso.php read_xml_include Parameter
PHP remote file inclusion vulnerability in ch_readalso.php in News Manager 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the read_xml_include parameter.
by GoLd_M
CVE-2008-2340 EXPLOITDB text VERIFIED
News Manager 2.0 - SQL Injection via lang or pid Parameter
Multiple SQL injection vulnerabilities in News Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) lang parameter to (a) advsearch.php, (b) archive.php, and (c) index.php, and the (2) pid parameter to (d) list_tagitems.php.
by GoLd_M
CVE-2008-2298 EXPLOITDB text VERIFIED
Web Slider 0.6 - Unauthenticated Privilege Escalation via Admin Cookie
Admin.php in Web Slider 0.6 allows remote attackers to bypass authentication and gain privileges by setting the admin cookie to 1.
by t0pP8uZz
CVE-2008-2297 EXPLOITDB text VERIFIED
Rantx - Unauthenticated Authentication Bypass via logininfo Cookie
The admin.php file in Rantx allows remote attackers to bypass authentication and gain privileges by setting the logininfo cookie to "<?php" or "?>", which is present in the password file and probably passes an insufficient comparison.
by t0pP8uZz
CVE-2008-2343 EXPLOITDB text VERIFIED
News Manager 2.0 - Information Disclosure via Direct Request
News Manager 2.0 allows remote attackers to bypass restrictions and obtain sensitive information via a direct request to (1) db/connect_str.php and (2) login/info.php.
by GoLd_M
CVE-2008-2293 EXPLOITDB text VERIFIED
Tpvgames Mpcs - Access Control
admin.php in Multi-Page Comment System (MPCS) 1.0 and 1.1 allows remote attackers to bypass authentication and gain privileges by setting the CommentSystemAdmin cookie to 1.
by t0pP8uZz