Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-6198 EXPLOITDB text VERIFIED
Custom Pages 1.0 plugin for MyBulletinBoard - SQL Injection via Page Parameter
SQL injection vulnerability in pages.php in Custom Pages 1.0 plugin for MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the page parameter.
by Lidloses_Auge
CVE-2008-1868 EXPLOITDB text VERIFIED
Blog Pixel Motion - Info Disclosure
admin/sauvBase.php in Blog Pixel Motion (aka Blog PixelMotion) does not require authentication, which allows remote attackers to trigger a database backup dump, and obtain the resulting blogPM.sql file that contains sensitive information.
by JIKO
CVE-2008-1867 EXPLOITDB text VERIFIED
pixel_motion_blog - SQL Injection via categorie Parameter
SQL injection vulnerability in Blog Pixel Motion (aka Blog PixelMotion) allows remote attackers to execute arbitrary SQL commands via the categorie parameter to index.php, possibly related to include/requetesIndex.php.
by parad0x
CVE-2007-6258 EXPLOITDB text VERIFIED
mod_jk2 < 2.0.3-DEV - Remote Code Execution via Long Host Header
Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
by INetCop Security
CVE-2008-1876 EXPLOITDB text VERIFIED
VisualPic 0.3.1 - Remote Code Execution via _CONFIG[files][functions_page] Parameter
PHP remote file inclusion vulnerability in index.php in VisualPic 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the _CONFIG[files][functions_page] parameter.
by Cr@zy_King
EIP-2026-112336 EXPLOITDB text VERIFIED
Software Index 1.1 - 'cid' SQL Injection
by t0pP8uZz
EIP-2026-111560 EXPLOITDB text VERIFIED
Prozilla Software Index 1.1 - SQL Injection
by t0pP8uZz
EIP-2026-111558 EXPLOITDB text VERIFIED
Prozilla Gaming Directory 1.0 - SQL Injection
by t0pP8uZz
CVE-2008-1871 EXPLOITDB text VERIFIED
Scriptsagent.com Links Directory 1.1 - SQL Injection
SQL injection vulnerability in links.php in Scriptsagent.com Links Directory 1.1 allows remote authenticated users to execute arbitrary SQL commands via the cat_id parameter in a list action.
by t0pP8uZz
EIP-2026-107343 EXPLOITDB text VERIFIED
Gaming Directory 1.0 - 'cat_id' SQL Injection
by t0pP8uZz
CVE-2008-1788 EXPLOITDB text VERIFIED
Prozilla Entertainers <1.1 - SQL Injection
SQL injection vulnerability in directory.php in Prozilla Entertainers 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: some of these details are obtained from third party information.
by t0pP8uZz
EIP-2026-106723 EXPLOITDB text VERIFIED
Easynet Forum Host - 'forum.php' SQL Injection
by t0pP8uZz
CVE-2008-6473 EXPLOITDB text VERIFIED
Blogator-script 0.95 - Unauthenticated Arbitrary Password Change via Wildcard Parameter Injection
_blogadata/include/init_pass2.php in Blogator-script 0.95 allows remote attackers to change the password for arbitrary users via a modified "a" parameter with a "%" wildcard symbol in the b parameter.
by Virangar Security
CVE-2008-6202 EXPLOITDB text VERIFIED
CoBaLT 1.0 - SQL Injection via id Parameter
SQL injection vulnerability in CoBaLT 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) urun.asp, (2) admin/bayi_listele.asp, (3) admin/urun_grup_listele.asp, and (4) admin/urun_listele.asp.
by U238
CVE-2008-1711 EXPLOITDB text VERIFIED
Terong PHP Photo Gallery 1.0 - Info Disclosure
Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.
by t0pP8uZz
CVE-2008-6545 EXPLOITDB text VERIFIED
Web Server Creator Web Portal 0.1 - Remote Code Execution via langfile Parameter
PHP remote file inclusion vulnerability in news/include/createdb.php in Web Server Creator Web Portal 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the langfile parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
CVE-2008-6209 EXPLOITDB text VERIFIED
Vastal I-Tech Software Zone - SQL Injection via view_product.php cat_id Parameter
SQL injection vulnerability in view_product.php in Vastal I-Tech Software Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
by t0pP8uZz
EIP-2026-112699 EXPLOITDB text VERIFIED
Tiny Portal 1.0 - 'shouts' Cross-Site Scripting
by Y433r
CVE-2008-1799 EXPLOITDB text VERIFIED
sabros.us 1.75 - Path Traversal via thumbnails.php img Parameter
Directory traversal vulnerability in thumbnails.php in sabros.us 1.75 allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter.
by HaCkeR_EgY
CVE-2008-6206 EXPLOITDB text VERIFIED
RobotStats 0.1 - Remote Code Execution via DOCUMENT_ROOT Parameter
Multiple PHP remote file inclusion vulnerabilities in RobotStats 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter to (1) graph.php and (2) robotstats.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
CVE-2008-6206 EXPLOITDB text VERIFIED
RobotStats 0.1 - Remote Code Execution via DOCUMENT_ROOT Parameter
Multiple PHP remote file inclusion vulnerabilities in RobotStats 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter to (1) graph.php and (2) robotstats.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
CVE-2008-1787 EXPLOITDB text VERIFIED
Poplar Gedcom Viewer 2.0 - Cross-Site Scripting via Text and UL Parameters
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Poplar Gedcom Viewer 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) text and (2) ul parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
CVE-2008-1875 EXPLOITDB text VERIFIED
Terong PHP Photo Gallery 1.0 - SQL Injection
SQL injection vulnerability in index.php in Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 allows remote attackers to execute arbitrary SQL commands via the photo_id parameter.
by t0pP8uZz
CVE-2008-1873 EXPLOITDB text VERIFIED
NukeET 3.2 and 3.4 - Authenticated Cross-Site Scripting via Private Message STYLE Attribute
Cross-site scripting (XSS) vulnerability in the private message feature in Nuke ET 3.2 and 3.4, when using Internet Explorer, allows remote authenticated users to inject arbitrary web script or HTML via a CSS property in the STYLE attribute of a DIV element in the mensaje parameter. NOTE: some of these details are obtained from third party information.
by Jose Luis Zayas
CVE-2008-1757 EXPLOITDB text VERIFIED
KwsPHP 1.0 - Cross-Site Scripting via ConcoursPhoto VIEW Parameter
Cross-site scripting (XSS) vulnerability in index.php in the ConcoursPhoto module for KwsPHP 1.0 allows remote attackers to inject arbitrary web script or HTML via the VIEW parameter.
by H-T Team