Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-2265 EXPLOITDB text VERIFIED
EMO Realty Manager - SQL Injection via news.php ida Parameter
SQL injection vulnerability in news.php in EMO Realty Manager allows remote attackers to execute arbitrary SQL commands via the ida parameter.
by HaCkeR_EgY
CVE-2008-2455 EXPLOITDB text VERIFIED
e107_blog_engine 2.2 - SQL Injection via rid Parameter
SQL injection vulnerability in comment.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the rid parameter.
by Saime
CVE-2008-2447 EXPLOITDB text VERIFIED
Mytipper ZoGo-shop 1.15.5 and 1.16 Beta 13 - SQL Injection via cat Parameter
SQL injection vulnerability in products.php in the Mytipper ZoGo-shop plugin 1.15.5 and 1.16 Beta 13 for e107 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
by Cr@zy_King
CVE-2008-2444 EXPLOITDB text VERIFIED
CaLogic Calendars 1.2.2 - SQL Injection via langsel Parameter
SQL injection vulnerability in userreg.php in CaLogic Calendars 1.2.2 allows remote attackers to execute arbitrary SQL commands via the langsel parameter.
by His0k4
EIP-2026-103588 EXPLOITDB text VERIFIED
Multiple Platform IPv6 Address Publication - Denial of Service
by Tyler Reguly
CVE-2008-2448 EXPLOITDB text VERIFIED
Meto Forum 1.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Meto Forum 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) admin/duzenle.asp and (b) admin_oku.asp; the (2) kid parameter to (c) kategori.asp and (d) admin_kategori.asp; and unspecified parameters to (e) uye.asp and (f) oku.asp.
by U238
CVE-2008-5214 EXPLOITDB text VERIFIED
ClanLite 2.2006.05.20 - Cross-Site Scripting via annee Parameter
Cross-site scripting (XSS) vulnerability in service/calendrier.php in ClanLite 2.2006.05.20 allows remote attackers to inject arbitrary web script or HTML via the annee parameter.
by ZoRLu
CVE-2008-5216 EXPLOITDB text VERIFIED
AJ Square ZeusCart <2.0 - SQL Injection
SQL injection vulnerability in category_list.php in AJ Square ZeusCart 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by t0pP8uZz
EIP-2026-111141 EXPLOITDB text VERIFIED
phpMyAgenda 2.1 - 'infoevent.php3' Remote File Inclusion
by MajnOoNxHaCkEr
CVE-2008-2449 EXPLOITDB text VERIFIED
phpInstantGallery 2.0 - Cross-Site Scripting via Gallery and Imgnum Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Isaac McGowan phpInstantGallery 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) gallery parameter to (a) index.php and (b) image.php, and the (2) imgnum parameter to image.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
CVE-2008-2449 EXPLOITDB text VERIFIED
phpInstantGallery 2.0 - Cross-Site Scripting via Gallery and Imgnum Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Isaac McGowan phpInstantGallery 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) gallery parameter to (a) index.php and (b) image.php, and the (2) imgnum parameter to image.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
CVE-2008-2453 EXPLOITDB text VERIFIED
PHP Classifieds Script - SQL Injection via fatherID Parameter
Multiple SQL injection vulnerabilities in PHP Classifieds Script allow remote attackers to execute arbitrary SQL commands via the fatherID parameter to (1) browse.php and (2) search.php.
by InjEctOr5
CVE-2008-2521 EXPLOITDB text VERIFIED
YABSoft Mega File Hosting Script 1.2 - Authenticated SQL Injection via fid Parameter
SQL injection vulnerability in members.php in YABSoft Mega File Hosting Script (aka MFH or MFHS) 1.2 allows remote authenticated users to execute arbitrary SQL commands via the fid parameter.
by TurkishWarriorr
EIP-2026-107705 EXPLOITDB text VERIFIED
IBD Micro CMS 3.5 - 'microcms-admin-login.php' Multiple SQL Injections
by SkyOut
CVE-2008-2284 EXPLOITDB text VERIFIED
Fusebox 5.5.1 - Remote Code Execution via FUSEBOX_APPLICATION_PATH Parameter
PHP remote file inclusion vulnerability in fusebox5.php in Fusebox 5.5.1 allows remote attackers to execute arbitrary PHP code via a URL in the FUSEBOX_APPLICATION_PATH parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by MajnOoNxHaCkEr
CVE-2008-2264 EXPLOITDB text VERIFIED
CyrixMED 1.4 - Cross-Site Scripting via msg_erreur Parameter
Cross-site scripting (XSS) vulnerability in index.php in CyrixMED 1.4 allows remote attackers to inject arbitrary web script or HTML via the msg_erreur parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
EIP-2026-105884 EXPLOITDB text VERIFIED
Claroline 1.7.5 - Multiple Remote File Inclusions
by MajnOoNxHaCkEr
CVE-2008-5215 EXPLOITDB text VERIFIED
ClanLite 2.2006.05.20 - SQL Injection
SQL injection vulnerability in service/profil.php in ClanLite 2.2006.05.20 allows remote attackers to execute arbitrary SQL commands via the link parameter.
by ZoRLu
CVE-2008-2520 EXPLOITDB text VERIFIED
BigACE 2.4 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in BigACE 2.4, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[_BIGACE][DIR][addon] parameter to (a) addon/smarty/plugins/function.captcha.php and (b) system/classes/sql/AdoDBConnection.php; and the (2) GLOBALS[_BIGACE][DIR][admin] parameter to (c) item_information.php and (d) jstree.php in system/application/util/, and (e) system/admin/plugins/menu/menuTree/plugin.php, different vectors than CVE-2006-4423.
by BiNgZa
CVE-2008-2532 EXPLOITDB text VERIFIED
AJ Square aj-hyip - SQL Injection via forum/topic_detail.php id Parameter
SQL injection vulnerability in forum/topic_detail.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the id parameter.
by InjEctOr5
EIP-2026-105045 EXPLOITDB text VERIFIED
AJ Classifieds 2008 - 'index.php' SQL Injection
by t0pP8uZz
EIP-2026-105043 EXPLOITDB text VERIFIED
AJ Classifieds - 'index.php' SQL Injection
by t0pP8uZz
CVE-2008-5212 EXPLOITDB text VERIFIED
AJ Auction <= 6.2.1 - SQL Injection via item_id Parameter
SQL injection vulnerability in classifide_ad.php in AJ Auction 6.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
by t0pP8uZz
CVE-2008-5213 EXPLOITDB text VERIFIED
AJ Article 1.0 - SQL Injection via artid Parameter
SQL injection vulnerability in featured_article.php in AJ Article 1.0 allows remote attackers to execute arbitrary SQL commands via the artid parameter in a search detail action.
by t0pP8uZz
CVE-2008-3483 EXPLOITDB text VERIFIED
ScrewTurn Wiki <2.0.29-2.0.30 - XSS
Cross-site scripting (XSS) vulnerability in ScrewTurn Wiki 2.0.29 and 2.0.30 allows remote attackers to inject arbitrary web script or HTML via error messages in the "/admin.aspx - System Log" page.
by Portcullis