Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-2123 EXPLOITDB text VERIFIED
SAP Internet Transaction Server 6.20 - Cross-Site Scripting via WGate ~service Parameter
Cross-site scripting (XSS) vulnerability in WGate in SAP Internet Transaction Server (ITS) 6.20 allows remote attackers to inject arbitrary web script or HTML via (1) a "<>" sequence in the ~service parameter to wgate.dll, or (2) Javascript splicing in the query string, a different vector than CVE-2006-5114.
by Portcullis
CVE-2008-6641 EXPLOITDB text VERIFIED
Shader TV Beta - SQL Injection via sid Parameter or Authentication Fields
Multiple SQL injection vulnerabilities in Shader TV (Beta) allow remote authenticated administrators to execute arbitrary SQL commands via the sid parameter to (1) kanal.asp, (2) google.asp, and (3) hakk.asp in yonet/; and allow remote attackers to execute arbitrary SQL commands via the (4) username or (5) password fields to yonet/default.asp.
by U238
CVE-2008-2127 EXPLOITDB text VERIFIED
CMS Faethon 2.2 Ultimate - Cross-Site Scripting via Search Parameter
Cross-site scripting (XSS) vulnerability in search.php in CMS Faethon 2.2 Ultimate allows remote attackers to inject arbitrary web script or HTML via the what parameter. NOTE: some of these details are obtained from third party information.
by RoMaNcYxHaCkEr
CVE-2008-2126 EXPLOITDB text VERIFIED
Tux CMS 0.1 - Cross-Site Scripting via q Parameter or returnURL Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Tux CMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to index.php and the (2) returnURL parameter to tux-login.php.
by Hadi Kiamarsi
CVE-2008-2125 EXPLOITDB text VERIFIED
Musicbox 2.3.6-2.3.7 - SQL Injection via viewalbums.php artistId Parameter
SQL injection vulnerability in viewalbums.php in Musicbox 2.3.6 and 2.3.7 allows remote attackers to execute arbitrary SQL commands via the artistId parameter.
by HaCkeR_EgY
CVE-2008-2225 EXPLOITDB text VERIFIED
gameCMS Lite 1.0 - SQL Injection via systemId Parameter
SQL injection vulnerability in index.php in gameCMS Lite 1.0 allows remote attackers to execute arbitrary SQL commands via the systemId parameter.
by InjEctOr5
CVE-2008-2227 EXPLOITDB text VERIFIED
PHP-Fusion Forum Rank System 6 - Path Traversal via settings[locale] Parameter
Multiple directory traversal vulnerabilities in PHP-Fusion Forum Rank System 6 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the settings[locale] parameter to (1) forum.php and (2) profile.php in infusions/rank_system/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Matrix86
CVE-2008-2135 EXPLOITDB text VERIFIED
VisualShapers ezContents 2.0.0 - SQL Injection via contentname or article Parameter
Multiple SQL injection vulnerabilities in VisualShapers ezContents 2.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) contentname parameter to showdetails.php and the (2) article parameter to printer.php.
by Virangar Security
CVE-2008-2128 EXPLOITDB text VERIFIED
CMS Faethon 2.2 Ultimate - Remote Code Execution via mainpath Parameter
PHP remote file inclusion vulnerability in templates/header.php in CMS Faethon 2.2 Ultimate allows remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter, a different vulnerability than CVE-2006-5588 and CVE-2006-3185.
by RoMaNcYxHaCkEr
CVE-2008-2132 EXPLOITDB text VERIFIED
Systementor PostcardMentor - SQL Injection via cat_fldAuto Parameter
SQL injection vulnerability in step1.asp in Systementor PostcardMentor allows remote attackers to execute arbitrary SQL commands via the cat_fldAuto parameter.
by InjEctOr5
CVE-2008-2124 EXPLOITDB text VERIFIED
fipsASP fipsCMS - SQL Injection via lg Parameter
SQL injection vulnerability in modules/print.asp in fipsASP fipsCMS allows remote attackers to execute arbitrary SQL commands via the lg parameter.
by InjEctOr5
CVE-2008-2111 EXPLOITDB text VERIFIED
Yahoo! Assistant < 3.6 - Remote Code Execution via Ynoifier COM Object
The ActiveX Control (yNotifier.dll) in Yahoo! Assistant 3.6 and earlier allows remote attackers to execute arbitrary code via unspecified vectors in the Ynoifier COM object that trigger memory corruption.
by Sowhat
CVE-2008-5211 EXPLOITDB text VERIFIED
sphider 1.3.4 - Cross-Site Scripting via Search Query Parameter
Cross-site scripting (XSS) vulnerability in search.php in Sphider 1.3.4, when the search suggestion feature is enabled, allows remote attackers to inject arbitrary web script or HTML via the query parameter, a different vector than CVE-2006-2506.
by Christian Holler
CVE-2008-2110 EXPLOITDB text VERIFIED
QTOFileManager 1.0 - Unauthenticated Arbitrary File Upload via qtofm.php
Unrestricted file upload vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request.
by CrAzY CrAcKeR
CVE-2008-2114 EXPLOITDB text VERIFIED
Pre Shopping Mall 1.1 - SQL Injection via Search Parameter
SQL injection vulnerability in emall/search.php in Pre Shopping Mall 1.1 allows remote attackers to execute arbitrary SQL commands via the search parameter.
by t0pP8uZz
CVE-2008-2113 EXPLOITDB text VERIFIED
PHPEasyData 1.5.4 - SQL Injection via annuaire.php cat_id Parameter
SQL injection vulnerability in annuaire.php in PHPEasyData 1.5.4 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
by InjEctOr5
CVE-2008-2197 EXPLOITDB text VERIFIED
Miniweb2 blog_writer 2.0 - SQL Injection via Historymonth Parameter
SQL injection vulnerability in the blogwriter module 2.0 for Miniweb allows remote attackers to execute arbitrary SQL commands via the historymonth parameter to index.php.
by HaCkeR_EgY
CVE-2008-2115 EXPLOITDB text VERIFIED
ScriptsEZ.net Power Editor 2.0 - Cross-Site Scripting via te and dir Parameters
Multiple cross-site scripting (XSS) vulnerabilities in editor.php in ScriptsEZ.net Power Editor 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) te and (2) dir parameters in a tempedit action.
by Virangar Security
CVE-2008-0927 EXPLOITDB text VERIFIED
Microsoft Windows-nt - Resource Management Error
dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values. NOTE: this might be similar to CVE-2008-1777.
by Nicob
EIP-2026-112726 EXPLOITDB text VERIFIED
TLM CMS 1.1 - 'index.php' Multiple SQL Injections
by ZoRLu
CVE-2008-2116 EXPLOITDB text VERIFIED
ScriptsEZ.net Power Editor 2.0 - Path Traversal via te and dir Parameters
Multiple directory traversal vulnerabilities in editor.php in ScriptsEZ.net Power Editor 2.0 allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) te and (2) dir parameters in a tempedit action.
by Virangar Security
CVE-2008-2191 EXPLOITDB text VERIFIED
pnEncyclopedia < 0.2.0 - SQL Injection via id Parameter
SQL injection vulnerability in the pnEncyclopedia module 0.2.0 and earlier for PostNuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a display_term action to index.php.
by K-159
EIP-2026-110361 EXPLOITDB text VERIFIED
osCommerce 2.1/2.2 - Multiple Cross-Site Scripting Vulnerabilities
by David Sopas Ferreira
CVE-2008-2190 EXPLOITDB text VERIFIED
Online Rent Property Script <= 5.0 - SQL Injection via pid Parameter
SQL injection vulnerability in index.php in Online Rent (aka Online Rental Property Script) 4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter. NOTE: it was later reported that 5.0 and earlier are also affected.
by K-159
CVE-2008-6582 EXPLOITDB text VERIFIED
Miniweb 2.0 - SQL Injection via Username Parameter
SQL injection vulnerability in index.php in Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.
by HaCkeR_EgY