Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-4767 EXPLOITDB text VERIFIED
PHP-Nuke DownloadsPlus Module - Unrestricted File Upload and Remote Code Execution via .htm .html or .txt Extensions
Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: it is unclear how allowing the upload of .html or .txt files supports arbitrary code execution; this might be legitimate functionality.
by ZoRLu
CVE-2008-6597 EXPLOITDB text VERIFIED
PHCDownload 1.1 - Cross-Site Scripting via Step Parameter
Cross-site scripting (XSS) vulnerability in upload/install/index.php in PHCDownload 1.1 allows remote attackers to inject arbitrary web script or HTML via the step parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
CVE-2008-6596 EXPLOITDB text VERIFIED
PHCDownload 1.1 - SQL Injection via Admin Index Hash Parameter
SQL injection vulnerability in admin/index.php in PHCDownload 1.1 allows remote attackers to execute arbitrary SQL commands via the hash parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
CVE-2008-4715 EXPLOITDB text VERIFIED
jpad 1.0 - SQL Injection via cid Parameter
SQL injection vulnerability in the Jpad (com_jpad) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php.
by His0k4
EIP-2026-106665 EXPLOITDB text VERIFIED
e107 CMS 0.7 - Multiple Cross-Site Scripting Vulnerabilities
by ZoRLu
CVE-2008-1985 EXPLOITDB text VERIFIED
DigitalHive 2.0 RC2 - Cross-Site Scripting via mt Parameter
Cross-site scripting (XSS) vulnerability in base.php in DigitalHive 2.0 RC2 allows remote attackers to inject arbitrary web script or HTML via the mt parameter, possibly related to membres.php.
by ZoRLu
CVE-2008-7271 EXPLOITDB text VERIFIED
Eclipse IDE - Cross-Site Scripting via Help Contents Search or Working Set Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647.
by Rob
CVE-2008-7271 EXPLOITDB text VERIFIED
Eclipse IDE - Cross-Site Scripting via Help Contents Search or Working Set Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647.
by Rob
EIP-2026-119093 EXPLOITDB text VERIFIED
RSA Authentication Agent for Web 5.3 - Open Redirection
by Richard Brain
CVE-2008-1935 EXPLOITDB text VERIFIED
Joomla Filiale 1.0.4 - SQL Injection via idFiliale Parameter
SQL injection vulnerability in the Filiale 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the idFiliale parameter.
by str0xo
CVE-2008-2093 EXPLOITDB text VERIFIED
Community Builder for Joomla! and Mambo - SQL Injection via User Parameter
SQL injection vulnerability in the Profiler (com_comprofiler) component in Community Builder for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a userProfile action to index.php.
by $hur!k'n
CVE-2008-1974 EXPLOITDB text VERIFIED
Horde Kronolith <2.1.7, Horde Groupware <1.0.6 - XSS
Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
by Aria-Security Team
CVE-2008-1975 EXPLOITDB text VERIFIED
cogites e_reserve 2.1 - SQL Injection via ID_loc Parameter
SQL injection vulnerability in index.php in E-RESERV 2.1 allows remote attackers to execute arbitrary SQL commands via the ID_loc parameter.
by JIKO
CVE-2008-2030 EXPLOITDB text VERIFIED
F5 FirePass 4100 SSL VPN <6.2 - XSS
Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 and 6.0-6.2 allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Alberto Cuesta Partida
EIP-2026-115074 EXPLOITDB text VERIFIED
Computer Associates eTrust Secure Content Manager 8.0 - 'eCSqdmn' Remote Denial of Service
by Luigi Auriemma
CVE-2008-1982 EXPLOITDB text VERIFIED
Spreadsheet (wpSS) <0.6 - SQL Injection
SQL injection vulnerability in ss_load.php in the Spreadsheet (wpSS) 0.6 and earlier plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter.
by 1ten0.0net1
CVE-2008-1385 EXPLOITDB text VERIFIED
Serendipity < 1.3.1 - Cross-Site Scripting via Referer HTTP Header
Cross-site scripting (XSS) vulnerability in the Top Referrers (aka referrer) plugin in Serendipity (S9Y) before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header.
by Hanno Boeck
CVE-2008-2095 EXPLOITDB text VERIFIED
Joomla com_flippingbook 1.0.4 - SQL Injection via book_id Parameter
SQL injection vulnerability in index.php in the FlippingBook (com_flippingbook) 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter.
by cO2
CVE-2008-1957 EXPLOITDB text VERIFIED
Tr Script News 2.1 - SQL Injection via nb Parameter in news.php
SQL injection vulnerability in news.php in Tr Script News 2.1 allows remote attackers to execute arbitrary SQL commands via the nb parameter in voir mode.
by His0k4
CVE-2008-1765 EXPLOITDB text VERIFIED
Adobe Photoshop Album Starter Edition 3.2 - Buffer Overflow
Buffer overflow in Adobe Photoshop Album Starter Edition 3.2, and possibly After Effects CS3, allows user-assisted remote attackers and physically proximate attackers to execute arbitrary code via a BMP file with an invalid image header. NOTE: the related issue in Photoshop CS3 is already covered by CVE-2007-2244.
by c0ntex
CVE-2008-1958 EXPLOITDB text VERIFIED
Tr Script News 2.1 - Authenticated Remote Code Execution via File Upload
Unrestricted file upload vulnerability in the ajout_cat mode in admin/main.php in Tr Script News 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with a .php extension.
by His0k4
EIP-2026-112253 EXPLOITDB text VERIFIED
SMF 1.1.4 - Audio CAPTCHA Security Bypass
by Michael Brooks
CVE-2007-0820 EXPLOITDB text VERIFIED
Cedric CLAIRE PortailPhp 2 - Remote File Inclusion via chemin Parameter
Multiple PHP remote file inclusion vulnerabilities in Cedric CLAIRE PortailPhp 2 allow remote attackers to execute arbitrary PHP code via a URL in the chemin parameter to (1) mod_news/index.php, (2) mod_news/goodies.php, or (3) mod_search/index.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
CVE-2008-1934 EXPLOITDB text VERIFIED
Crazy Goomba 1.2.1 - SQL Injection via commentaires.php id Parameter
SQL injection vulnerability in commentaires.php in Crazy Goomba 1.2.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by ZoRLu
CVE-2008-1915 EXPLOITDB text VERIFIED
DevWorx BlogWorx 1.0 - SQL Injection
SQL injection vulnerability in view.asp in DevWorx BlogWorx 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by U238