Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-1800 EXPLOITDB text VERIFIED
DivXDB 2002 0.94b - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in index.php in DivXDB 2002 0.94b allow remote attackers to inject arbitrary web script or HTML via the (1) choice, (2) _page_, (3) zone_admin, (4) general_search, and (5) import parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
CVE-2008-1696 EXPLOITDB text VERIFIED
DaZPHPNews 0.1-1 - Path Traversal via makepost.php prefixdir Parameter
Directory traversal vulnerability in makepost.php in DaZPHPNews 0.1-1, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the prefixdir parameter.
by w0cker
CVE-2008-6195 EXPLOITDB text VERIFIED
LANDesk Management Suite < 8.80.1.1 - Unauthenticated Path Traversal via PXE TFTP Service
Directory traversal vulnerability in the PXE TFTP Service (PXEMTFTP.exe) in LANDesk Management Suite (LDMS) 8.80.1.1 and earlier allows remote attackers to read arbitrary files via a subdirectory name followed by ".." sequences, a different vulnerability than CVE-2008-1643.
by Luigi Auriemma
CVE-2008-1349 EXPLOITDB text VERIFIED
bamaGalerie 3.03-3.041 - SQL Injection
SQL injection vulnerability in viewcat.php in the bamaGalerie (Bama Galerie) 3.03 and 3.041 module for eXV2 2.0.6 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by DreamTurk
CVE-2008-6522 EXPLOITDB text VERIFIED
OpenTerracotta 0.6.1 - Path Traversal via CurrentDirectory or File Parameter
Multiple directory traversal vulnerabilities in the RenderFile function in ContentRender.class.php in Terracotta (aka OpenTerracotta) 0.6.1, and possibly other versions, allow remote attackers to list arbitrary directories and read arbitrary files via a .. (dot dot) in the (1) CurrentDirectory and (2) File parameters to index.php.
by Joseph Giron
EIP-2026-109281 EXPLOITDB text VERIFIED
Mambo Component Ahsshop 1.51 - 'vara' SQL Injection
by S@BUN
CVE-2008-4617 EXPLOITDB text VERIFIED
pyxicom actualite 1.0 - SQL Injection via id Parameter
SQL injection vulnerability in the actualite module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Stack
CVE-2008-1714 EXPLOITDB text VERIFIED
FaScript FaPhoto 1.0 - SQL Injection
SQL injection vulnerability in show.php in FaScript FaPhoto 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Khashayar Fereidani
EIP-2026-118781 EXPLOITDB text VERIFIED
Microsoft Crypto API X.509 Certificate Validation - Remote Information Disclosure
by Alexander Klink
CVE-2008-1690 EXPLOITDB text VERIFIED
SLMail Pro <= 6.3.1.0 - Denial of Service via Long URI in HTTP Request
WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a long URI in HTTP requests to TCP port 801. NOTE: some of these details are obtained from third party information.
by Luigi Auriemma
EIP-2026-115793 EXPLOITDB text VERIFIED
Microsoft Windows Explorer - '.doc' File Denial of Service
by Iron Team
CVE-2008-1646 EXPLOITDB text VERIFIED
WP-Download 1.2 - SQL Injection via dl_id Parameter
SQL injection vulnerability in wp-download.php in the WP-Download 1.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the dl_id parameter.
by BL4CK
CVE-2008-1640 EXPLOITDB text VERIFIED
JGS-XA JGS-Treffen <2.0.2 - SQL Injection
SQL injection vulnerability in jgs_treffen.php in the JGS-XA JGS-Treffen 2.0.2 and earlier addon for Woltlab Burning Board (wBB) allows remote attackers to execute arbitrary SQL commands via the view_id parameter in an ansicht action.
by anonymous
CVE-2008-1645 EXPLOITDB text VERIFIED
phpSpamManager 0.53 beta - Path Traversal
Directory traversal vulnerability in body.php in phpSpamManager (phpSM) 0.53 beta allows remote attackers to read arbitrary local files via a .. (dot dot) in the filename parameter.
by GoLd_M
CVE-2008-6491 EXPLOITDB text VERIFIED
phpgkit 0.9 - Remote Code Execution via DOCUMENT_ROOT Parameter
PHP remote file inclusion vulnerability in connexion.php in PHPGKit 0.9 allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
EIP-2026-110668 EXPLOITDB text VERIFIED
PHP Classifieds 6.20 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabilities
by ZoRLu
CVE-2005-4879 EXPLOITDB text VERIFIED
Jax Guestbook 3.1, 3.31, 3.50 - Cross-Site Scripting via gmt_ofs and language Parameters
Multiple cross-site scripting (XSS) vulnerabilities in jax_guestbook.php in Jax Guestbook 3.1 and 3.31 allow remote attackers to inject arbitrary web script or HTML via the (1) gmt_ofs and (2) language parameters. NOTE: the page parameter is already covered by CVE-2006-1913. NOTE: it was later reported that 3.50 is also affected.
by ZoRLu
CVE-2008-6562 EXPLOITDB text VERIFIED
Jax LinkLists 1.00 - Cross-Site Scripting via cat Parameter
Cross-site scripting (XSS) vulnerability in jax_linklists.php in Jack (tR) Jax LinkLists 1.00 allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
CVE-2008-7141 EXPLOITDB text VERIFIED
@lex_poll 2.1 - Cross-Site Scripting via Language Setup Parameter
Cross-site scripting (XSS) vulnerability in setup.php in @lex Poll 2.1 allows remote attackers to inject arbitrary web script or HTML via the language_setup parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
CVE-2008-7140 EXPLOITDB text VERIFIED
@lex_guestbook <= 4.0.5 - Cross-Site Scripting via Language Setup or Test Parameter
Multiple cross-site scripting (XSS) vulnerabilities in @lex Guestbook 4.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) language_setup parameter to setup.php or (2) test parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: a third party has been reported that the test parameter is not used in @lex Guestbook.
by ZoRLu
CVE-2008-7140 EXPLOITDB text VERIFIED
@lex_guestbook <= 4.0.5 - Cross-Site Scripting via Language Setup or Test Parameter
Multiple cross-site scripting (XSS) vulnerabilities in @lex Guestbook 4.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) language_setup parameter to setup.php or (2) test parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: a third party has been reported that the test parameter is not used in @lex Guestbook.
by ZoRLu
CVE-2008-1641 EXPLOITDB text VERIFIED
EfesTECH Video 5.0 - SQL Injection via catID Parameter
SQL injection vulnerability in default.asp in EfesTECH Video 5.0 allows remote attackers to execute arbitrary SQL commands via the catID parameter.
by RMx
CVE-2008-0118 EXPLOITDB text VERIFIED
Microsoft Office 2000/2003/XP, Excel Viewer 2003, Office 2004 for Mac - RCE via Crafted Document
Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability."
by Marsu
EIP-2026-116499 EXPLOITDB text VERIFIED
Visual Basic - 'vbe6.dll' Local Stack Overflow (PoC) / Denial of Service
by Marsu
CVE-2008-1623 EXPLOITDB text VERIFIED
Smoothflash <admin_view_image.php - SQL Injection
SQL injection vulnerability in admin_view_image.php in Smoothflash allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by S@BUN