Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-6550 EXPLOITDB text VERIFIED
Glossaire 2.0 - Cross-Site Scripting via Letter Parameter
Cross-site scripting (XSS) vulnerability in glossaire.php in Glossaire 2.0 allows remote attackers to inject arbitrary web script or HTML via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
CVE-2008-1798 EXPLOITDB text VERIFIED
Dragoon 0.1 - Path Traversal via cal[lng] Parameter
Directory traversal vulnerability in forum/kietu/libs/calendrier.php in Dragoon 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cal[lng] parameter.
by w0cker
CVE-2008-1872 EXPLOITDB text VERIFIED
Comdev News Publisher 4.1.2 - SQL Injection
SQL injection vulnerability in home.news.php in Comdev News Publisher 4.1.2 allows remote attackers to execute arbitrary SQL commands via the arcmonth parameter. NOTE: some of these details are obtained from third party information.
by t0pP8uZz
CVE-2008-1760 EXPLOITDB text VERIFIED
blogator-script < 1.00 - Remote Code Execution via incl_page Parameter
Multiple PHP remote file inclusion vulnerabilities in Blogator-script before 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the incl_page parameter in (1) struct_admin.php, (2) struct_admin_blog.php, and (3) struct_main.php in _blogadata/include.
by JIKO
CVE-2008-1763 EXPLOITDB text VERIFIED
Blogator-script 0.95 - SQL Injection
SQL injection vulnerability in _blogadata/include/sond_result.php in Blogator-script 0.95 allows remote attackers to execute arbitrary SQL commands via the id_art parameter.
by Virangar Security
EIP-2026-105010 EXPLOITDB text VERIFIED
Affiliate Directory - 'cat_id' SQL Injection
by t0pP8uZz
CVE-2008-6211 EXPLOITDB text VERIFIED
mcgallery 1.1 - Cross-Site Scripting via lang Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PhpForums.net mcGallery 1.1 allow remote attackers to inject arbitrary web script or HTML via the lang parameter to (1) admin.php, (2) index.php, (3) sess.php, (4) stats.php, (5) detail.php, (6) resize.php, and (7) show.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by K-9999
CVE-2008-6211 EXPLOITDB text VERIFIED
mcgallery 1.1 - Cross-Site Scripting via lang Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PhpForums.net mcGallery 1.1 allow remote attackers to inject arbitrary web script or HTML via the lang parameter to (1) admin.php, (2) index.php, (3) sess.php, (4) stats.php, (5) detail.php, (6) resize.php, and (7) show.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by K-9999
CVE-2008-6211 EXPLOITDB text VERIFIED
mcgallery 1.1 - Cross-Site Scripting via lang Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PhpForums.net mcGallery 1.1 allow remote attackers to inject arbitrary web script or HTML via the lang parameter to (1) admin.php, (2) index.php, (3) sess.php, (4) stats.php, (5) detail.php, (6) resize.php, and (7) show.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by K-9999
CVE-2008-6211 EXPLOITDB text VERIFIED
mcgallery 1.1 - Cross-Site Scripting via lang Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PhpForums.net mcGallery 1.1 allow remote attackers to inject arbitrary web script or HTML via the lang parameter to (1) admin.php, (2) index.php, (3) sess.php, (4) stats.php, (5) detail.php, (6) resize.php, and (7) show.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by K-9999
CVE-2008-6211 EXPLOITDB text VERIFIED
mcgallery 1.1 - Cross-Site Scripting via lang Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PhpForums.net mcGallery 1.1 allow remote attackers to inject arbitrary web script or HTML via the lang parameter to (1) admin.php, (2) index.php, (3) sess.php, (4) stats.php, (5) detail.php, (6) resize.php, and (7) show.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by K-9999
CVE-2008-6211 EXPLOITDB text VERIFIED
mcgallery 1.1 - Cross-Site Scripting via lang Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PhpForums.net mcGallery 1.1 allow remote attackers to inject arbitrary web script or HTML via the lang parameter to (1) admin.php, (2) index.php, (3) sess.php, (4) stats.php, (5) detail.php, (6) resize.php, and (7) show.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by K-9999
CVE-2008-6211 EXPLOITDB text VERIFIED
mcgallery 1.1 - Cross-Site Scripting via lang Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PhpForums.net mcGallery 1.1 allow remote attackers to inject arbitrary web script or HTML via the lang parameter to (1) admin.php, (2) index.php, (3) sess.php, (4) stats.php, (5) detail.php, (6) resize.php, and (7) show.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by K-9999
CVE-2008-1759 EXPLOITDB text VERIFIED
jeuxflash_module for KwsPHP - SQL Injection via cat Parameter
SQL injection vulnerability in the jeuxflash module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php, a different vector than CVE-2007-4922.
by Houssamix
CVE-2008-1758 EXPLOITDB text VERIFIED
KwsPHP ConcoursPhoto Module - SQL Injection via C_ID Parameter
SQL injection vulnerability in the ConcoursPhoto module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the C_ID parameter to index.php.
by Stack
CVE-2008-6197 EXPLOITDB text VERIFIED
KwsPHP galerie_module - SQL Injection via id_gal Parameter
SQL injection vulnerability in index.php in the galerie module for KwsPHP 1.3.456 allows remote attackers to execute arbitrary SQL commands via the id_gal parameter in a gal action.
by S@BUN
EIP-2026-109056 EXPLOITDB text VERIFIED
KwsPHP 1.3.456 Module Archives - 'id' SQL Injection
by S@BUN
CVE-2008-4777 EXPLOITDB text VERIFIED
Joomlearn LMS (com_lms) - SQL Injection via cat Parameter
SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task.
by The-0utl4w
EIP-2026-115729 EXPLOITDB text VERIFIED
Microsoft Internet Explorer 8 Beta 1 - XDR Prototype Hijacking Denial of Service
by The Hacker Webzine
EIP-2026-115728 EXPLOITDB text VERIFIED
Microsoft Internet Explorer 8 Beta 1 - 'ieframe.dll' Script Injection
by The Hacker Webzine
CVE-2008-1776 EXPLOITDB text VERIFIED
phpblock A8.4 - Remote Code Execution via PATH_TO_CODE Parameter
PHP remote file inclusion vulnerability in modules/basicfog/basicfogfactory.class.php in PhpBlock A8.4 allows remote attackers to execute arbitrary PHP code via a URL in the PATH_TO_CODE parameter.
by w0cker
CVE-2008-1682 EXPLOITDB text VERIFIED
Joomla! com_onlineflashquiz 1.0.2 - RCE
PHP remote file inclusion vulnerability in quiz/common/db_config.inc.php in the Online FlashQuiz (com_onlineflashquiz) 1.0.2 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the base_dir parameter.
by NoGe
CVE-2008-6196 EXPLOITDB text VERIFIED
Philippe CROCHAT EasySite 2.0 - Remote Code Execution via EASYSITE_BASE Parameter
Multiple PHP remote file inclusion vulnerabilities in Philippe CROCHAT EasySite 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the EASYSITE_BASE parameter to (1) browser.php, (2) image_editor.php and (3) skin_chooser.php in configuration/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
CVE-2008-6196 EXPLOITDB text VERIFIED
Philippe CROCHAT EasySite 2.0 - Remote Code Execution via EASYSITE_BASE Parameter
Multiple PHP remote file inclusion vulnerabilities in Philippe CROCHAT EasySite 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the EASYSITE_BASE parameter to (1) browser.php, (2) image_editor.php and (3) skin_chooser.php in configuration/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
CVE-2008-6196 EXPLOITDB text VERIFIED
Philippe CROCHAT EasySite 2.0 - Remote Code Execution via EASYSITE_BASE Parameter
Multiple PHP remote file inclusion vulnerabilities in Philippe CROCHAT EasySite 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the EASYSITE_BASE parameter to (1) browser.php, (2) image_editor.php and (3) skin_chooser.php in configuration/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu