Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-112226 EXPLOITDB text VERIFIED
SmallBiz eShop - 'content_id' SQL Injection
by Stack
EIP-2026-112225 EXPLOITDB text VERIFIED
SmallBiz 4 Seasons CMS - SQL Injection
by cO2
CVE-2008-2036 EXPLOITDB text VERIFIED
dream4 Koobi Pro 6.25 - SQL Injection via poll_id Parameter
SQL injection vulnerability in index.php in dream4 Koobi Pro 6.25 allows remote attackers to execute arbitrary SQL commands via the poll_id parameter in a poll action.
by S@BUN
CVE-2008-4778 EXPLOITDB text VERIFIED
Koobi CMS 4.3.0 - SQL Injection via Gallery Module galid Parameter
SQL injection vulnerability in the gallery module in Koobi CMS 4.3.0 allows remote attackers to execute arbitrary SQL commands via the galid parameter in a showimages action.
by JosS
CVE-2008-4703 EXPLOITDB text VERIFIED
BosDev BosNews 4.0 - SQL Injection via news.php article Parameter
SQL injection vulnerability in news.php in BosDev BosNews 4.0 allows remote attackers to execute arbitrary SQL commands via the article parameter.
by Crackers_Child
CVE-2008-1838 EXPLOITDB text VERIFIED
BosClassifieds Classified Ads System 3.0 - SQL Injection
SQL injection vulnerability in BosClassifieds Classified Ads System 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php.
by SoSo H H
EIP-2026-102362 EXPLOITDB text VERIFIED
Business Objects Infoview - 'cms' Cross-Site Scripting
by Sebastien gioria
CVE-2008-1967 EXPLOITDB text VERIFIED
Cezanne 6.5.1 and 7 - Cross-Site Scripting via SleUserName Parameter
Cross-site scripting (XSS) vulnerability in CFLogon/CFLogon.asp in Cezanne 6.5.1 and 7 allows remote attackers to inject arbitrary web script or HTML via the SleUserName parameter.
by Juan de la Fuente Costa
CVE-2008-1968 EXPLOITDB text VERIFIED
Cezanne 7 - Authenticated SQL Injection via FUNID Parameter
Multiple SQL injection vulnerabilities in Cezanne 7 allow remote authenticated users to execute arbitrary SQL commands via the FUNID parameter to (1) CFLookup.asp and (2) CznCommon/CznCustomContainer.asp.
by Juan de la Fuente Costa
CVE-2008-1968 EXPLOITDB text VERIFIED
Cezanne 7 - Authenticated SQL Injection via FUNID Parameter
Multiple SQL injection vulnerabilities in Cezanne 7 allow remote authenticated users to execute arbitrary SQL commands via the FUNID parameter to (1) CFLookup.asp and (2) CznCommon/CznCustomContainer.asp.
by Juan de la Fuente Costa
CVE-2008-1969 EXPLOITDB text VERIFIED
Cezanne 6.5.1 and 7 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Cezanne 6.5.1 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) LookUPId and (2) CbFun parameters to (a) CFLookUP.asp; (3) TitleParms, (4) WidgetsHeights, (5) WidgetsLinks, and (6) WidgetsTitles parameters to (b) CznCommon/CznCustomContainer.asp, (7) CFTARGET parameter to (c) home.asp, (8) PersonOid parameter to (d) PeopleWeb/Cards/CVCard.asp, (9) DESTLINKOID and PersonOID parameters to (e) PeopleWeb/Cards/PayrollCard.asp, and the (10) FolderTemplateId and (11) FolderTemplateName parameters to (f) PeopleWeb/CznDocFolder/CznDFStartProcess.asp.
by Juan de la Fuente Costa
CVE-2008-1969 EXPLOITDB text VERIFIED
Cezanne 6.5.1 and 7 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Cezanne 6.5.1 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) LookUPId and (2) CbFun parameters to (a) CFLookUP.asp; (3) TitleParms, (4) WidgetsHeights, (5) WidgetsLinks, and (6) WidgetsTitles parameters to (b) CznCommon/CznCustomContainer.asp, (7) CFTARGET parameter to (c) home.asp, (8) PersonOid parameter to (d) PeopleWeb/Cards/CVCard.asp, (9) DESTLINKOID and PersonOID parameters to (e) PeopleWeb/Cards/PayrollCard.asp, and the (10) FolderTemplateId and (11) FolderTemplateName parameters to (f) PeopleWeb/CznDocFolder/CznDFStartProcess.asp.
by Juan de la Fuente Costa
CVE-2008-1969 EXPLOITDB text VERIFIED
Cezanne 6.5.1 and 7 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Cezanne 6.5.1 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) LookUPId and (2) CbFun parameters to (a) CFLookUP.asp; (3) TitleParms, (4) WidgetsHeights, (5) WidgetsLinks, and (6) WidgetsTitles parameters to (b) CznCommon/CznCustomContainer.asp, (7) CFTARGET parameter to (c) home.asp, (8) PersonOid parameter to (d) PeopleWeb/Cards/CVCard.asp, (9) DESTLINKOID and PersonOID parameters to (e) PeopleWeb/Cards/PayrollCard.asp, and the (10) FolderTemplateId and (11) FolderTemplateName parameters to (f) PeopleWeb/CznDocFolder/CznDFStartProcess.asp.
by Juan de la Fuente Costa
CVE-2008-1907 EXPLOITDB text VERIFIED
cpCommerce 1.1.0 - SQL Injection via id_product, id_manufacturer, or id_category Parameter
Multiple SQL injection vulnerabilities in functions/display_page.func.php in cpCommerce 1.1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id_product, (2) id_manufacturer, and (3) id_category parameters to unspecified components. NOTE: this probably overlaps CVE-2007-2959 and CVE-2007-2890.
by BugReport.IR
CVE-2008-1906 EXPLOITDB text VERIFIED
cpCommerce 1.1.0 - Cross-Site Scripting via Calendar Year Parameter
Cross-site scripting (XSS) vulnerability in calendar.php in cpCommerce 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the year parameter in a view.year action.
by BugReport.IR
EIP-2026-111423 EXPLOITDB text VERIFIED
PostCard 1.0 - Remote Insecure Cookie Handling
by t0pP8uZz
CVE-2008-4765 EXPLOITDB text VERIFIED
osCommerce Poll Booth Add-On 2.0 - SQL Injection via pollID Parameter
SQL injection vulnerability in pollBooth.php in osCommerce Poll Booth Add-On 2.0 allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results operation. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.
by S@BUN
CVE-2008-4765 EXPLOITDB text VERIFIED
osCommerce Poll Booth Add-On 2.0 - SQL Injection via pollID Parameter
SQL injection vulnerability in pollBooth.php in osCommerce Poll Booth Add-On 2.0 allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results operation. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.
by S@BUN
CVE-2008-4764 EXPLOITDB text VERIFIED
com_extplorer < 2.0.0 - Path Traversal via Dir Parameter in Show Error Action
Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.
by Houssamix
CVE-2008-1908 EXPLOITDB text VERIFIED
cpCommerce 1.1.0 - Path Traversal via Language or Action Parameter
Multiple directory traversal vulnerabilities in cpCommerce 1.1.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the language parameter in a language action to the default URI, which is not properly handled in actions/language.act.php, or (2) the action parameter to category.php.
by BugReport.IR
CVE-2008-1904 EXPLOITDB text VERIFIED
Cicoandcico CcMail <1.0.1 - Auth Bypass
Cicoandcico CcMail 1.0.1 and earlier does not verify that the this_cookie cookie corresponds to an authenticated session, which allows remote attackers to obtain access to the "admin area" via a modified this_cookie cookie.
by t0pP8uZz
CVE-2008-1848 EXPLOITDB text VERIFIED
JoomlaXplorer <1.6.2 - XSS
Cross-site scripting (XSS) vulnerability in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter in a show_error action to index.php.
by Houssamix
CVE-2008-0068 EXPLOITDB text VERIFIED
HP OpenView Network Node Manager 7.01, 7.51, 7.53 - Path Traversal via Action Parameter
Directory traversal vulnerability in OpenView5.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to read arbitrary files via directory traversal sequences in the Action parameter.
by Luigi Auriemma
CVE-2008-1844 EXPLOITDB text VERIFIED
W2B phpHotResources - SQL Injection
SQL injection vulnerability in cat.php in W2B phpHotResources allows remote attackers to execute arbitrary SQL commands via the kind parameter.
by The-0utl4w
CVE-2008-1843 EXPLOITDB text VERIFIED
W2B DatingClub - SQL Injection via browse.php age_to Parameter
SQL injection vulnerability in browse.php in W2B DatingClub (aka Dating Club) allows remote attackers to execute arbitrary SQL commands via the age_to parameter in a browsebyCat action.
by The-0utl4w