Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2007-6019 EXPLOITDB text VERIFIED
Adobe Flash Player <9.0.115.0 & <8.0.39.0 - RCE
Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly.
by Javier Vicente Vallejo
CVE-2008-6204 EXPLOITDB text VERIFIED
SuperNET Shop < 1.0 - SQL Injection via id, kulad, sifre, username, or password Parameters
Multiple SQL injection vulnerabilities in SuperNET Shop 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to secure/admin/guncelle.asp, (2) kulad and sifre parameters to secure/admin/giris.asp, and (3) username and password to secure/admin/default.asp.
by U238
CVE-2008-1885 EXPLOITDB text VERIFIED
NeffyLauncher 1.0.5 - Path Traversal
Directory traversal vulnerability in the NeffyLauncher 1.0.5 ActiveX control (NeffyLauncher.dll) in CDNetworks Nefficient Download allows remote attackers to download arbitrary code onto a client system via a .. (dot dot) in the SkinPath parameter and a .zip URL in the HttpSkin parameter. NOTE: this can be leveraged for code execution by writing to a Startup folder.
by Simon Ryeo
CVE-2008-1772 EXPLOITDB text VERIFIED
iScripts SocialWare - Info Disclosure
iScripts SocialWare stores passwords in cleartext in a database, which allows context-dependent attackers to obtain sensitive information.
by t0pP8uZz
CVE-2008-1790 EXPLOITDB text VERIFIED
iScripts SocialWare - Authenticated Arbitrary File Upload via Logo File
Unrestricted file upload vulnerability in iScripts SocialWare allows remote authenticated administrators to upload arbitrary files via a crafted logo file in the "Manage Settings" functionality. NOTE: remote exploitation is facilitated by a separate SQL injection vulnerability.
by t0pP8uZz
EIP-2026-118848 EXPLOITDB text VERIFIED
Microsoft Internet Explorer 7 - Header Handling 'res://' Information Disclosure
by The Hacker Webzine
CVE-2008-1886 EXPLOITDB text VERIFIED
CDNetworks Nefficient Download - Weak Cryptography in NeffyLauncher ActiveX KeyCode
The NeffyLauncher 1.0.5 ActiveX control (NeffyLauncher.dll) in CDNetworks Nefficient Download uses weak cryptography for a KeyCode that blocks unauthorized use of the control, which allows remote attackers to bypass this protection mechanism by calculating the required KeyCode. NOTE: this can be used by arbitrary web sites to host exploit code that targets this control.
by Simon Ryeo
CVE-2008-3544 EXPLOITDB text VERIFIED
HP OpenView Network Node Manager <7.51 - Buffer Overflow
Multiple stack-based buffer overflows in ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, and possibly 7.01, 7.50, and 7.53, allow remote attackers to execute arbitrary code via a long (1) REQUEST_SEV_CHANGE (aka number 47), (2) REQUEST_SAVE_STATE (aka number 61), or (3) REQUEST_RESTORE_STATE (aka number 62) request to TCP port 2954.
by Luigi Auriemma
EIP-2026-113424 EXPLOITDB text VERIFIED
Wikepage Opus 13 2007.2 - 'index.php' Multiple Directory Traversal Vulnerabilities
by A.nosrati
CVE-2008-6205 EXPLOITDB text VERIFIED
URLStreet 1.0 - Cross-Site Scripting via Language, Order, or Filter Parameters
Cross-site scripting (XSS) vulnerability in seeurl.php in Xavier Flahaut URLStreet 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) language, (2) order, and (3) filter parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
CVE-2008-1864 EXPLOITDB text VERIFIED
Prozilla Freelancers - SQL Injection
SQL injection vulnerability in project.php in Prozilla Freelancers allows remote attackers to execute arbitrary SQL commands via the project parameter.
by t0pP8uZz
CVE-2008-1791 EXPLOITDB text VERIFIED
My Gaming Ladder <7.5 - SQL Injection
SQL injection vulnerability in ladder.php in My Gaming Ladder 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the ladderid parameter.
by t0pP8uZz
CVE-2008-1857 EXPLOITDB text VERIFIED
Make our Life Easy Mole <2.1.0 - Path Traversal
Multiple directory traversal vulnerabilities in viewsource.php in Make our Life Easy (Mole) 2.1.0 allow remote attackers to read arbitrary files via directory traversal sequences in the (1) dirn and (2) fname parameters.
by GoLd_M
CVE-2008-1859 EXPLOITDB text VERIFIED
iScripts SocialWare - SQL Injection
SQL injection vulnerability in events.php in iScripts SocialWare allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action.
by t0pP8uZz
CVE-2008-1773 EXPLOITDB text VERIFIED
Dragoon 0.1 - Remote Code Execution
PHP remote file inclusion vulnerability in includes/header.inc.php in Dragoon 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
by RoMaNcYxHaCkEr
CVE-2008-1782 EXPLOITDB text VERIFIED
Advanced Software Engineering ChartDirector 4.1 - Info Disclosure
phpdemo/viewsource.php in Advanced Software Engineering ChartDirector 4.1 allows remote attackers to read sensitive files via the file parameter.
by Stack
CVE-2008-1858 EXPLOITDB text VERIFIED
724Networks 724CMS <4.01 - SQL Injection
SQL injection vulnerability in index.php in 724Networks 724CMS 4.01 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by Lidloses_Auge
EIP-2026-102427 EXPLOITDB text VERIFIED
Sun Java System Messenger Express 6.1-13-15 - 'sid' Cross-Site Scripting
by syniack
CVE-2008-1866 EXPLOITDB text VERIFIED
PixelMotion Blog - Authenticated PHP ZIP Upload Code Execution
admin/modif_config.php in Blog Pixel Motion (aka PixelMotion) does not require admin authentication, which allows remote authenticated users to upload arbitrary PHP scripts in a ZIP archive, which is written to templateZip/ and then automatically extracted under templates/ for execution via a direct request.
by JIKO
CVE-2008-1869 EXPLOITDB text VERIFIED
Site Sift Listings - SQL Injection via id Parameter
SQL injection vulnerability in Site Sift Listings allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: this issue might be site-specific.
by S@BUN
CVE-2008-1784 EXPLOITDB text VERIFIED
Prozilla Topsites 1.0 - Unauthenticated Administrative Action Execution via Direct Request
Prozilla Topsites 1.0 allows remote attackers to perform administrative actions via a direct request to (1) addu.php, (2) editu.php, and (3) uidx.php in siteadmin/.
by t0pP8uZz
CVE-2008-1785 EXPLOITDB text VERIFIED
Prozilla Top 100 1.2 - Authenticated Arbitrary Account Deletion via Modified s Parameter
delete.php in Prozilla Top 100 1.2 allows remote authenticated users to delete statistics and accounts of arbitrary users via a modified s parameter.
by t0pP8uZz
CVE-2008-1783 EXPLOITDB text VERIFIED
Prozilla Reviews 1.0 - Unauthenticated Arbitrary User Deletion via UserID Parameter
Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users via a modified UserID parameter in a direct request to siteadmin/DeleteUser.php.
by t0pP8uZz
CVE-2008-1789 EXPLOITDB text VERIFIED
Prozilla Forum - SQL Injection via Forum Parameter
SQL injection vulnerability in forum.php in Prozilla Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter.
by t0pP8uZz
CVE-2008-1863 EXPLOITDB text VERIFIED
Prozilla Cheat Script 2.0 - SQL Injection
SQL injection vulnerability in view_reviews.php in Prozilla Cheat Script (aka Cheats) 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by t0pP8uZz