Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-2022 EXPLOITDB text VERIFIED
MegaBBS 2.2 - Cross-Site Scripting via toid Parameter
Mulatiple cross-site scripting (XSS) vulnerabilities in PD9 Software MegaBBS 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) toid parameter to send-private-message.asp and the (2) redirect parameter to admin/impersonate.asp. NOTE: vector 2 requires authentication.
by BugReport.IR
CVE-2008-2065 EXPLOITDB text VERIFIED
YourFreeWorld Jokes Site Script - SQL Injection via Jokes.php Catagorie Parameter
SQL injection vulnerability in jokes.php in YourFreeWorld Jokes Site Script allows remote attackers to execute arbitrary SQL commands via the catagorie parameter.
by ProgenTR
CVE-2008-6642 EXPLOITDB text VERIFIED
DotContent FluentCMS 4.x - SQL Injection via view.php sid Parameter
SQL injection vulnerability in view.php in DotContent FluentCMS 4.x allows remote attackers to execute arbitrary SQL commands via the sid parameter. NOTE: some of these details are obtained from third party information.
by cO2
CVE-2008-2217 EXPLOITDB text VERIFIED
Content Management System 0.6.1 - Path Traversal via cm_imgpath Parameter
Directory traversal vulnerability in cm/graphie.php in Content Management System 0.6.1 for Phprojekt allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cm_imgpath parameter.
by Houssamix
CVE-2008-2023 EXPLOITDB text VERIFIED
PD9 Software MegaBBS 2.2 - SQL Injection
Multiple SQL injection vulnerabilities in PD9 Software MegaBBS 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) invisible and (2) timeoffset parameters to profile/controlpanel.asp and the (3) attachmentid parameter to forums/attach-file.asp.
by BugReport.IR
CVE-2008-2081 EXPLOITDB text VERIFIED
Siteman 2.0.x2 - Authenticated Path Traversal via Module Parameter
Directory traversal vulnerability in index.php in Siteman 2.0.x2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the module parameter.
by Khashayar Fereidani
CVE-2008-2047 EXPLOITDB text VERIFIED
Angelo-Emlak 1.0 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in Angelo-Emlak 1.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) hpz/profil.asp and (2) hpz/prodetail.asp.
by U238
CVE-2008-2082 EXPLOITDB text VERIFIED
Siteman 2.0.x2 - Cross-Site Scripting via Module Parameter
Cross-site scripting (XSS) vulnerability in index.php in Siteman 2.0.x2 allows remote attackers to inject arbitrary web script or HTML via the module parameter, which leaks the path in an error message.
by Khashayar Fereidani
CVE-2008-2082 EXPLOITDB text VERIFIED
Siteman 2.0.x2 - Cross-Site Scripting via Module Parameter
Cross-site scripting (XSS) vulnerability in index.php in Siteman 2.0.x2 allows remote attackers to inject arbitrary web script or HTML via the module parameter, which leaks the path in an error message.
by Khashayar Fereidani
CVE-2008-2084 EXPLOITDB text VERIFIED
MyArticles 0.6 beta-1 - SQL Injection via topic_id Parameter
SQL injection vulnerability in topics.php in the MyArticles 0.6 beta-1 module for RunCMS allows remote attackers to execute arbitrary SQL commands via the topic_id parameter in a listarticles action.
by Cr@zy_King
CVE-2008-2013 EXPLOITDB text VERIFIED
pnflashgames 1.5-2.5 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in the pnFlashGames 1.5 through 2.5 module for PostNuke, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a display action.
by Kacper
CVE-2008-2018 EXPLOITDB text VERIFIED
PHPizabi 0.848b C1 HFP3 - Authenticated Exposure of Sensitive Information via Macro Expansion
The AssignUser function in template.class.php in PHPizabi 0.848b C1 HFP3 performs unsafe macro expansions on strings delimited by '{' and '}' characters, which allows remote authenticated users to obtain sensitive information via a comment containing a macro, as demonstrated by a "{user.password}" comment in the profile of the admin user.
by YOUCODE
CVE-2008-2088 EXPLOITDB text VERIFIED
PHP Forge 3.0 beta 2 - SQL Injection via News Module id Parameter
SQL injection vulnerability in admin/news.php in PHP Forge 3.0 beta 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in the news module to admin.php.
by JIKO
CVE-2010-2918 EXPLOITDB text VERIFIED
Visites (com_joomla-visites) 1.1 RC2 - Remote Code Execution via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
by NoGe
EIP-2026-106144 EXPLOITDB text VERIFIED
Content Management System for Phprojekt 0.6.1 - Remote File Inclusion
by RoMaNcYxHaCkEr
EIP-2026-104527 EXPLOITDB text VERIFIED
Novell Groupwise 7.0 - HTML Injection / Denial of Service
by Juan Pablo Lopez Yacubian
CVE-2008-2048 EXPLOITDB text VERIFIED
Angelo-Emlak 1.0 - Cross-Site Scripting via sayfa Parameter
Cross-site scripting (XSS) vulnerability in hpz/admin/Default.asp in Angelo-Emlak 1.0 allows remote attackers to inject arbitrary web script or HTML via the sayfa parameter.
by U238
CVE-2008-2028 EXPLOITDB text VERIFIED
miniBB < 2.2 - Exposure of Sensitive Information via glang Parameter
miniBB 2.2, and possibly earlier, when register_globals is enabled, allows remote attackers to obtain the full path via a direct request to the glang parameter in a registernew action to index.php, which leaks the path in an error message.
by girex
CVE-2008-2024 EXPLOITDB text VERIFIED
miniBB < 2.2 - Cross-Site Scripting via glang[] Parameter
Cross-site scripting (XSS) vulnerability in index.php in miniBB 2.2, and possibly earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the glang[] parameter in a registernew action.
by girex
CVE-2008-2012 EXPLOITDB text VERIFIED
PostNuke PostSchedule 1.0 - SQL Injection
SQL injection vulnerability in index.php in the PostSchedule 1.0 module for PostNuke allows remote attackers to execute arbitrary SQL commands via the eid parameter in an event action.
by Kacper
CVE-2008-2029 EXPLOITDB text VERIFIED
miniBB < 2.2 - SQL Injection via xtr Parameter
Multiple SQL injection vulnerabilities in (1) setup_mysql.php and (2) setup_options.php in miniBB 2.2 and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary SQL commands via the xtr parameter in a userinfo action to index.php.
by girex
EIP-2026-108741 EXPLOITDB text VERIFIED
Joomla! Component Joomla-Visites 1.1 RC2 - Remote File Inclusion
by NoGe
CVE-2008-1979 EXPLOITDB text VERIFIED
CA ARCserve Backup <12.0.5454.0 - DoS
The Discovery Service (casdscvc) in CA ARCserve Backup 12.0.5454.0 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large integer value used in an increment to TCP port 41523, which triggers a buffer over-read.
by Luigi Auriemma
CVE-2008-1965 EXPLOITDB text VERIFIED
IBM Lotus Expeditor Client for Desktop <6.1.2 - Command Injection
Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2, as used by Lotus Symphony and possibly other products, allows remote attackers to execute arbitrary code by injecting a -launcher option via a cai: URI, as demonstrated by a reference to a UNC share pathname.
by Thomas Pollet
CVE-2008-1986 EXPLOITDB text VERIFIED
pixel_motion_blog - Cross-Site Scripting via jours Parameter
Cross-site scripting (XSS) vulnerability in liste_article.php in Blog Pixel Motion (aka PixelMotion) allows remote attackers to inject arbitrary web script or HTML via the jours parameter.
by ZoRLu