Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-1541 EXPLOITDB text VERIFIED
HIS Webshop 2.50 - Path Traversal via t Parameter
Directory traversal vulnerability in cgi-bin/his-webshop.pl in HIS Webshop 2.50 allows remote attackers to read arbitrary files via a .. (dot dot) in the t parameter.
by Zero X
CVE-2008-1535 EXPLOITDB text VERIFIED
Matti Kiviharju rekry <1.0.0 - SQL Injection
SQL injection vulnerability in the Matti Kiviharju rekry (aka com_rekry or rekry!Joom) 1.0.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the op_id parameter in a view action to index.php.
by Sniper456
EIP-2026-108619 EXPLOITDB text VERIFIED
Joomla! Component d3000 1.0.0 - SQL Injection
by S@BUN
EIP-2026-108240 EXPLOITDB text VERIFIED
Joomla! Component Cinema 1.0 - SQL Injection
by S@BUN
EIP-2026-108161 EXPLOITDB text VERIFIED
Joomla! / Mambo Component Download3000 1.0 - 'id' SQL Injection
by S@BUN
EIP-2026-108134 EXPLOITDB text VERIFIED
Joomla! / Mambo Component Cinema 1.0 - 'id' SQL Injection
by S@BUN
CVE-2008-1500 EXPLOITDB text VERIFIED
TinyPortal 0.8.6 and 1.0.3 - Cross-Site Scripting via PHPSESSID Parameter
Cross-site scripting (XSS) vulnerability in index.php in TinyPortal 0.8.6 and 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the PHPSESSID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Y433r
CVE-2008-1504 EXPLOITDB text VERIFIED
phpMyChat 0.14.5 - Cross-Site Scripting via Lang Parameter
Cross-site scripting (XSS) vulnerability in setup.php3 in phpHeaven phpMyChat 0.14.5 allows remote attackers to inject arbitrary web script or HTML via the Lang parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
CVE-2008-1511 EXPLOITDB CRITICAL text VERIFIED
ooComments 1.0 - Remote File Inclusion via PathToComment Parameter
Multiple PHP remote file inclusion vulnerabilities in ooComments 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the PathToComment parameter for (1) classes/class_admin.php and (2) classes/class_comments.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
CVSS 9.8
CVE-2008-1511 EXPLOITDB CRITICAL text VERIFIED
ooComments 1.0 - Remote File Inclusion via PathToComment Parameter
Multiple PHP remote file inclusion vulnerabilities in ooComments 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the PathToComment parameter for (1) classes/class_admin.php and (2) classes/class_comments.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
CVSS 9.8
EIP-2026-109677 EXPLOITDB text VERIFIED
My Web Doc 2000 Administration Pages - Multiple Authentication Bypass Vulnerabilities
by ZoRLu
CVE-2008-1505 EXPLOITDB text VERIFIED
SSTREAMTV custompages < 1.1 - Remote Code Execution via cpage Parameter
PHP remote file inclusion vulnerability in the SSTREAMTV custompages (com_custompages) 1.1 and earlier component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the cpage parameter to index.php.
by Sniper456
CVE-2008-1493 EXPLOITDB text VERIFIED
Cuteflow Bin <1.5.0 - Path Traversal
Directory traversal vulnerability in login.php in Cuteflow Bin 1.5.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
by KnocKout
CVE-2008-1499 EXPLOITDB text VERIFIED
cPanel 11.18.3 and 11.21.0-BETA - Cross-Site Scripting via Query String
Cross-site scripting (XSS) vulnerability in frontend/x/manpage.html in cPanel 11.18.3 and 11.21.0-BETA allows remote attackers to inject arbitrary web script or HTML via the query string.
by Linux_Drox
CVE-2008-0117 EXPLOITDB text VERIFIED
Microsoft Excel <2000 SP3,2002 SP2,2004,2008 - RCE
Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability."
by zha0
CVE-2008-1551 EXPLOITDB text VERIFIED
RunCMS Photo Module 3.02 - SQL Injection via viewcat.php cid Parameter
SQL injection vulnerability in viewcat.php in the Photo 3.02 module for RunCMS allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by S@BUN
CVE-2008-1492 EXPLOITDB text VERIFIED
CoronaMatrix phpAddressBook <2.11 - Path Traversal
Multiple directory traversal vulnerabilities in CoronaMatrix phpAddressBook 2.11 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin parameter to (1) index.php and (2) install.php. NOTE: it was later reported that vector 1 is also present in 2.0.
by 0x90
EIP-2026-106331 EXPLOITDB text VERIFIED
D.E. Classifieds - 'cat_id' SQL Injection
by S@BUN
CVE-2008-1160 EXPLOITDB CRITICAL text VERIFIED
ZyXEL ZyWALL 1050 - Privilege Escalation
ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges.
by Pranav Joshi
CVSS 9.8
CVE-2008-6555 EXPLOITDB text VERIFIED
Puppet Master WebUtil - Remote Command Execution via Dig Command Shell Metacharacters
cgi-bin/webutil.pl in The Puppet Master WebUtil allows remote attackers to execute arbitrary commands via shell metacharacters in the dig command.
by Zero X
EIP-2026-114742 EXPLOITDB text VERIFIED
Sun Solaris 10 - 'rpc.ypupdated' Remote Code Execution
by kingcope
CVE-2008-1466 EXPLOITDB text VERIFIED
W-Agora 4.0 - Remote Code Execution
Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the bn_dir_default parameter to (1) add_user.php, (2) create_forum.php, (3) create_user.php, (4) delete_notes.php, (5) delete_user.php, (6) edit_forum.php, (7) mail_users.php, (8) moderate_notes.php, and (9) reorder_forums.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
CVE-2008-1466 EXPLOITDB text VERIFIED
W-Agora 4.0 - Remote Code Execution
Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the bn_dir_default parameter to (1) add_user.php, (2) create_forum.php, (3) create_user.php, (4) delete_notes.php, (5) delete_user.php, (6) edit_forum.php, (7) mail_users.php, (8) moderate_notes.php, and (9) reorder_forums.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
CVE-2008-1466 EXPLOITDB text VERIFIED
W-Agora 4.0 - Remote Code Execution
Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the bn_dir_default parameter to (1) add_user.php, (2) create_forum.php, (3) create_user.php, (4) delete_notes.php, (5) delete_user.php, (6) edit_forum.php, (7) mail_users.php, (8) moderate_notes.php, and (9) reorder_forums.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
CVE-2008-1466 EXPLOITDB text VERIFIED
W-Agora 4.0 - Remote Code Execution
Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the bn_dir_default parameter to (1) add_user.php, (2) create_forum.php, (3) create_user.php, (4) delete_notes.php, (5) delete_user.php, (6) edit_forum.php, (7) mail_users.php, (8) moderate_notes.php, and (9) reorder_forums.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu