Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-1909 EXPLOITDB text VERIFIED
PHPKB Knowledge Base 1.5 and 2.0 - SQL Injection via ID Parameter
SQL injection vulnerability in comment.php in PHP Knowledge Base (PHPKB) 1.5 and 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by parad0x
CVE-2008-1847 EXPLOITDB text VERIFIED
CoronaMatrix phpAddressBook <2.11 - SQL Injection
SQL injection vulnerability in view.php in CoronaMatrix phpAddressBook 2.11 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Cr@zy_King
CVE-2008-1903 EXPLOITDB text VERIFIED
Newanz NewsOffice 1.0 and 1.1 - Remote Code Execution via news_show.php newsoffice_directory Parameter
PHP remote file inclusion vulnerability in news_show.php in Newanz NewsOffice 1.0 and 1.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the newsoffice_directory parameter.
by RoMaNcYxHaCkEr
CVE-2008-1849 EXPLOITDB text VERIFIED
Mambo/Joomla! <1.6.2 - Path Traversal
Directory traversal vulnerability in index.php in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter in a show_error action.
by Houssamix
CVE-2008-6563 EXPLOITDB text VERIFIED
Trillian 3.1.9.0 - Buffer Overflow in XML Parser via Crafted DTD File
Buffer overflow in the XML parser in Trillian 3.1.9.0, and possibly earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DTD file.
by david130490
EIP-2026-103925 EXPLOITDB text VERIFIED
HP OpenView Network Node Manager 7.53 - Multiple Vulnerabilities
by Luigi Auriemma
CVE-2008-4912 EXPLOITDB text VERIFIED
RS MAXSOFT fotogalerie - SQL Injection via popup_img.php fotoID Parameter
SQL injection vulnerability in popup_img.php in the fotogalerie module in RS MAXSOFT allows remote attackers to execute arbitrary SQL commands via the fotoID parameter. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.
by S@BUN
CVE-2008-1751 EXPLOITDB text VERIFIED
Ksemail - Path Traversal via Language Parameter
Multiple directory traversal vulnerabilities in index.php in Ksemail allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) language and (2) lang parameters.
by dun
CVE-2007-5301 EXPLOITDB text VERIFIED
AlsaPlayer < 0.99.80-rc2 - Buffer Overflow in Vorbis Input Plugin
Buffer overflow in the vorbis_stream_info function in input/vorbis/vorbis_engine.c (aka the vorbis input plugin) in AlsaPlayer before 0.99.80-rc3 allows remote attackers to execute arbitrary code via a .OGG file with long comments.
by Albert Sellares
CVE-2008-1888 EXPLOITDB text VERIFIED
Microsoft Windows SharePoint Services 2.0 - XSS
Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor.
by OneIdBeagl3
CVE-2008-1733 EXPLOITDB text VERIFIED
Joomla! PU Arcade <2.2 - SQL Injection
SQL injection vulnerability in puarcade.class.php 2.2 and earlier in the Pragmatic Utopia PU Arcade (com_puarcade) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter to index.php.
by MantiS
CVE-2008-1755 EXPLOITDB text VERIFIED
World of Phaos 4.0.1 - Path Traversal
Directory traversal vulnerability in the showSource function in showSource.php in World of Phaos 4.0.1 allows remote attackers to read arbitrary files via directory traversal sequences in the file parameter.
by HaCkeR_EgY
CVE-2008-1726 EXPLOITDB text VERIFIED
KnowledgeQuest 2.6 - SQL Injection via kqid or username Parameter
Multiple SQL injection vulnerabilities in KnowledgeQuest 2.6, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kqid parameter to (a) articletext.php and (b) articletextonly.php and the (2) username parameter to (c) logincheck.php.
by Virangar Security
CVE-2008-1730 EXPLOITDB text VERIFIED
ARWScripts Gallery Script Lite - Path Traversal
Directory traversal vulnerability in download.html in ARWScripts Gallery Script Lite (aka gallery-script-lite or Free Photo Gallery Site Script), as of 20080411, allows remote attackers to read arbitrary local files via directory traversal sequences in the path parameter.
by JIKO
CVE-2008-1861 EXPLOITDB text VERIFIED
exbb_italia < 0.2.2 - Remote File Inclusion via exbb[default_lang] Parameter
Directory traversal vulnerability in modules/threadstop/threadstop.php in ExBB Italia 0.22 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the exbb[default_lang] parameter.
by The:Paradox
CVE-2008-1842 EXPLOITDB text VERIFIED
HP OpenView Network Node Manager <8.01 - Buffer Overflow
Integer signedness error in ovspmd.exe in HP OpenView Network Node Manager (OV NNM) 8.01, and 7.53 and earlier, allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a long request to TCP port 8886 that begins with a certain negative integer, which passes a signed comparison and triggers a heap-based buffer overflow.
by Luigi Auriemma
CVE-2008-6200 EXPLOITDB text VERIFIED
Swiki 1.5 - Cross-Site Scripting via Query String and New Wiki Entry
Multiple cross-site scripting (XSS) vulnerabilities in Swiki 1.5 allow remote attackers to inject arbitrary web script or HTML via (1) the query string and (2) a new wiki entry.
by Brad Antoniewicz
CVE-2008-1732 EXPLOITDB text VERIFIED
Prediction Football <1.x - SQL Injection
SQL injection vulnerability in showpredictionsformatch.php in Prediction Football 1.x allows remote attackers to execute arbitrary SQL commands via the matchid parameter in a dupa action.
by 0in
CVE-2008-1774 EXPLOITDB text VERIFIED
Pligg CMS 9.9.0 - SQL Injection via Editlink.php ID Parameter
SQL injection vulnerability in editlink.php in Pligg 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Guido Landi
CVE-2008-1862 EXPLOITDB text VERIFIED
exbb_italia < 0.2.2 - Remote File Inclusion via new_exbb[home_path] or exbb[home_path] Parameter
ExBB Italia 0.22 and earlier only checks GET requests that use the QUERY_STRING for certain path manipulations, which allows remote attackers to bypass this check via (1) POST or (2) COOKIE variables, a different vector than CVE-2006-4488. NOTE: this can be leveraged to conduct PHP remote file inclusion attacks via a URL in the (a) new_exbb[home_path] or (b) exbb[home_path] parameter to modules/threadstop/threadstop.php.
by The:Paradox
CVE-2008-4778 EXPLOITDB text VERIFIED
Koobi CMS 4.3.0 - SQL Injection via Gallery Module galid Parameter
SQL injection vulnerability in the gallery module in Koobi CMS 4.3.0 allows remote attackers to execute arbitrary SQL commands via the galid parameter in a showimages action.
by S@BUN
EIP-2026-106570 EXPLOITDB text VERIFIED
Dream4 Koobi Pro 6.25 Shop - 'categ' SQL Injection
by S@BUN
EIP-2026-106569 EXPLOITDB text VERIFIED
Dream4 Koobi Pro 6.25 Links - 'categ' SQL Injection
by S@BUN
EIP-2026-106568 EXPLOITDB text VERIFIED
Dream4 Koobi Pro 6.25 Gallery - 'galid' SQL Injection
by S@BUN
CVE-2008-6210 EXPLOITDB text VERIFIED
dream4 Koobi 4.4 and 5.4 - SQL Injection via img_id Parameter
SQL injection vulnerability in index.php in dream4 Koobi 4.4 and 5.4 allows remote attackers to execute arbitrary SQL commands via the img_id parameter in the gallerypic page.
by S@BUN