Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-2202 EXPLOITDB text VERIFIED
Maian Uploader 4.0 - Stored Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter to upload/admin/index.php in a search action, the (2) msg_charset and (3) msg_header9 parameters to admin/inc/header.php, and the (4) keywords parameter to index.php in a search action.
by Khashayar Fereidani
CVE-2008-2202 EXPLOITDB text VERIFIED
Maian Uploader 4.0 - Stored Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter to upload/admin/index.php in a search action, the (2) msg_charset and (3) msg_header9 parameters to admin/inc/header.php, and the (4) keywords parameter to index.php in a search action.
by Khashayar Fereidani
CVE-2008-2202 EXPLOITDB text VERIFIED
Maian Uploader 4.0 - Stored Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter to upload/admin/index.php in a search action, the (2) msg_charset and (3) msg_header9 parameters to admin/inc/header.php, and the (4) keywords parameter to index.php in a search action.
by Khashayar Fereidani
CVE-2008-2198 EXPLOITDB text VERIFIED
Kmita Tellfriend < 2.0 - Remote Code Execution via htmlcode.php file Parameter
PHP remote file inclusion vulnerability in kmitaadmin/kmitat/htmlcode.php in Kmita Tellfriend 2.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
by K-159
CVE-2008-2199 EXPLOITDB text VERIFIED
Kmita Mail < 3.0 - Remote Code Execution via HTML Code File Parameter
PHP remote file inclusion vulnerability in kmitaadmin/kmitam/htmlcode.php in Kmita Mail 3.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
by K-159
CVE-2008-6655 EXPLOITDB text VERIFIED
gedcom_to_mysl 2 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in GEDCOM_TO_MYSQL 2 allow remote attackers to inject arbitrary web script or HTML via the (1) nom_branche and (2) nom parameters to php/prenom.php; the (3) nom_branche parameter to php/index.php; and the (4) nom_branche, (5) nom, and (6) prenom parameters to php/info.php.
by ZoRLu
CVE-2008-6655 EXPLOITDB text VERIFIED
gedcom_to_mysl 2 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in GEDCOM_TO_MYSQL 2 allow remote attackers to inject arbitrary web script or HTML via the (1) nom_branche and (2) nom parameters to php/prenom.php; the (3) nom_branche parameter to php/index.php; and the (4) nom_branche, (5) nom, and (6) prenom parameters to php/info.php.
by ZoRLu
CVE-2008-6655 EXPLOITDB text VERIFIED
gedcom_to_mysl 2 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in GEDCOM_TO_MYSQL 2 allow remote attackers to inject arbitrary web script or HTML via the (1) nom_branche and (2) nom parameters to php/prenom.php; the (3) nom_branche parameter to php/index.php; and the (4) nom_branche, (5) nom, and (6) prenom parameters to php/info.php.
by ZoRLu
CVE-2008-6640 EXPLOITDB text VERIFIED
BatmanPorTaL - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in BatmanPorTaL allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) uyeadmin.asp and (2) profil.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by U238
CVE-2008-6640 EXPLOITDB text VERIFIED
BatmanPorTaL - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in BatmanPorTaL allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) uyeadmin.asp and (2) profil.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by U238
CVE-2008-2096 EXPLOITDB text VERIFIED
BackLinkSpider - SQL Injection via cat_id Parameter
SQL injection vulnerability in BackLinkSpider allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to a site-specific component name such as link.php or backlinkspider.php.
by K-159
CVE-2008-2189 EXPLOITDB text VERIFIED
AnServ Auction XL - SQL Injection via viewfaqs.php cat Parameter
SQL injection vulnerability in viewfaqs.php in AnServ Auction XL allows remote attackers to execute arbitrary SQL commands via the cat parameter.
by K-159
CVE-2008-2180 EXPLOITDB text VERIFIED
cpLinks 1.03 - SQL Injection via Admin Username or Search Parameters
Multiple SQL injection vulnerabilities in cpLinks 1.03, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) admin_username parameter (aka the username field) to admin/index.php and the (2) search_text and (3) search_category parameters to search.php. NOTE: some of these details are obtained from third party information.
by InjEctOr5
CVE-2008-2193 EXPLOITDB text VERIFIED
ScorpNews 2.0 - Remote Code Execution via example.php site Parameter
PHP remote file inclusion vulnerability in example.php in Thomas Gossmann ScorpNews 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the site parameter.
by Silver
CVE-2008-2181 EXPLOITDB text VERIFIED
cpLinks 1.03 - Cross-Site Scripting via search_text and search_category Parameters
Multiple cross-site scripting (XSS) vulnerabilities in search.php in cpLinks 1.03 allow remote attackers to inject arbitrary web script or HTML via the (1) search_text and (2) search_category parameters. NOTE: the XSS reportedly occurs in a forced SQL error message. NOTE: some of these details are obtained from third party information.
by InjEctOr5
CVE-2008-2183 EXPLOITDB text VERIFIED
SMartBlog 1.3 - SQL Injection via idt Parameter
SQL injection vulnerability in index.php in SMartBlog (aka SMBlog) 1.3 allows remote attackers to execute arbitrary SQL commands via the idt parameter.
by His0k4
CVE-2008-2185 EXPLOITDB text VERIFIED
SMartBlog 1.3 - Path Traversal via Page Parameter
Directory traversal vulnerability in index.php in SMartBlog (aka SMBlog) 1.3 allows remote attackers to include arbitrary local files via directory traversal sequences in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by His0k4
CVE-2008-2177 EXPLOITDB text VERIFIED
phpDirectorySource 1.1.06 - SQL Injection via lid or login Parameter
Multiple SQL injection vulnerabilities in phpDirectorySource 1.1.06, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to show.php and the (2) login parameter to admin.php.
by InjEctOr5
CVE-2008-2175 EXPLOITDB text VERIFIED
Gamma Scripts BlogMe PHP 1.1 - SQL Injection via id Parameter
SQL injection vulnerability in comments.php in Gamma Scripts BlogMe PHP 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by His0k4
EIP-2026-103922 EXPLOITDB text VERIFIED
HLDS WebMod 0.48 - Multiple Remote Vulnerabilities
by Luigi Auriemma
CVE-2008-6615 EXPLOITDB text VERIFIED
Zen Cart 2008 - SQL Injection via Advanced Search Keyword Parameter
SQL injection vulnerability in index.php in Zen Software Zen Cart 2008 allows remote attackers to execute arbitrary SQL commands via the keyword parameter in the advanced_search_result page. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Ivan Sanchez
CVE-2008-6616 EXPLOITDB text VERIFIED
Zen Cart 2008 - Cross-Site Scripting via Advanced Search Keyword Parameter
Cross-site scripting (XSS) vulnerability in index.php in Zen Software Zen Cart 2008 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in the advanced_search_result page. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Ivan Sanchez
EIP-2026-111623 EXPLOITDB text VERIFIED
QT-cute QuickTalk Guestbook 1.6 - Multiple Cross-Site Scripting Vulnerabilities
by ZoRLu
CVE-2008-6656 EXPLOITDB text VERIFIED
Open Auto Classifieds 1.4.3b - SQL Injection via Listings ID Parameter or Login Username Field
Multiple SQL injection vulnerabilities in Open Auto Classifieds 1.4.3b allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to listings.php and (2) the username field to login.php.
by InjEctOr5
CVE-2008-2192 EXPLOITDB text VERIFIED
Itcms - Code Injection
Static code injection vulnerability in box/minichat/boxpop.php in IT!CMS (aka itcms) 1.9 allows remote attackers to inject arbitrary PHP code into box/MiniChat/data/shouts.php via the shout parameter.
by Cod3rZ