Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-1466 EXPLOITDB text VERIFIED
W-Agora 4.0 - Remote Code Execution
Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the bn_dir_default parameter to (1) add_user.php, (2) create_forum.php, (3) create_user.php, (4) delete_notes.php, (5) delete_user.php, (6) edit_forum.php, (7) mail_users.php, (8) moderate_notes.php, and (9) reorder_forums.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
CVE-2008-1466 EXPLOITDB text VERIFIED
W-Agora 4.0 - Remote Code Execution
Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the bn_dir_default parameter to (1) add_user.php, (2) create_forum.php, (3) create_user.php, (4) delete_notes.php, (5) delete_user.php, (6) edit_forum.php, (7) mail_users.php, (8) moderate_notes.php, and (9) reorder_forums.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
CVE-2008-1466 EXPLOITDB text VERIFIED
W-Agora 4.0 - Remote Code Execution
Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the bn_dir_default parameter to (1) add_user.php, (2) create_forum.php, (3) create_user.php, (4) delete_notes.php, (5) delete_user.php, (6) edit_forum.php, (7) mail_users.php, (8) moderate_notes.php, and (9) reorder_forums.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
CVE-2008-1466 EXPLOITDB text VERIFIED
W-Agora 4.0 - Remote Code Execution
Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the bn_dir_default parameter to (1) add_user.php, (2) create_forum.php, (3) create_user.php, (4) delete_notes.php, (5) delete_user.php, (6) edit_forum.php, (7) mail_users.php, (8) moderate_notes.php, and (9) reorder_forums.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
CVE-2008-1466 EXPLOITDB text VERIFIED
W-Agora 4.0 - Remote Code Execution
Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the bn_dir_default parameter to (1) add_user.php, (2) create_forum.php, (3) create_user.php, (4) delete_notes.php, (5) delete_user.php, (6) edit_forum.php, (7) mail_users.php, (8) moderate_notes.php, and (9) reorder_forums.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
CVE-2008-1462 EXPLOITDB text VERIFIED
RunCMS - Section Module < SQL Injection
SQL injection vulnerability in the sections (Section) module in RunCMS allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle action.
by Cr@zy_King
EIP-2026-109914 EXPLOITDB text VERIFIED
News-Template 0.5beta - 'print.php' Multiple Cross-Site Scripting Vulnerabilities
by ZoRLu
CVE-2008-1540 EXPLOITDB text VERIFIED
Joomla! & Mambo com_datsogallery 1.3.1 - SQL Injection
SQL injection vulnerability in the Datsogallery (com_datsogallery) 1.3.1 module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Cr@zy_King
CVE-2008-1467 EXPLOITDB text VERIFIED
CenterIM <4.22.3 - Command Injection
CenterIM 4.22.3 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URI, related to "received URLs in the message window." NOTE: this issue has been disputed due to the user-assisted nature, since the URL must be selected and launched by the victim
by Brian Fonfara
CVE-2008-1606 EXPLOITDB text VERIFIED
Elastic Path <4.1-4.1.1 - Path Traversal
Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 and 4.1.1 allow remote attackers to (1) download arbitrary files via a .. (dot dot) in the file parameter to manager/getImportFileRedirect.jsp, (2) upload arbitrary files via a "..\" (dot dot backslash) in the file parameter to importData.jsp, and (3) list directory contents via a .. (dot dot) in the dir parameter to manager/fileManager.jsp.
by Daniel Martin Gomez
CVE-2008-1606 EXPLOITDB text VERIFIED
Elastic Path <4.1-4.1.1 - Path Traversal
Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 and 4.1.1 allow remote attackers to (1) download arbitrary files via a .. (dot dot) in the file parameter to manager/getImportFileRedirect.jsp, (2) upload arbitrary files via a "..\" (dot dot backslash) in the file parameter to importData.jsp, and (3) list directory contents via a .. (dot dot) in the dir parameter to manager/fileManager.jsp.
by Daniel Martin Gomez
EIP-2026-100360 EXPLOITDB text VERIFIED
Iatek Knowledge Base - 'content_by_cat.asp' SQL Injection
by xcorpitx
CVE-2008-1430 EXPLOITDB text VERIFIED
ASPapp - SQL Injection via CatId Parameter
SQL injection vulnerability in links.asp in ASPapp allows remote attackers to execute arbitrary SQL commands via the CatId parameter.
by xcorpitx
EIP-2026-109744 EXPLOITDB text VERIFIED
MyBlog 1.x - SQL Injection / Remote File Inclusion
by Cod3rZ
EIP-2026-109279 EXPLOITDB text VERIFIED
Mambo Component Accombo 1.x - 'id' SQL Injection
by S@BUN
CVE-2008-1465 EXPLOITDB text VERIFIED
Detodas Restaurante (com_restaurante) 1.0 - SQL Injection
SQL injection vulnerability in the Detodas Restaurante (com_restaurante) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php, a different product than CVE-2008-0562.
by S@BUN
CVE-2008-1460 EXPLOITDB text VERIFIED
com_joovideo 1.0 and 1.2.2 - SQL Injection via id Parameter
SQL injection vulnerability in the Joovideo (com_joovideo) 1.0 and 1.2.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
by S@BUN
CVE-2008-1459 EXPLOITDB text VERIFIED
com_alberghi 2.1.3 - SQL Injection via id Parameter
SQL injection vulnerability in the Alberghi (com_alberghi) 2.1.3 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
by S@BUN
CVE-2008-1458 EXPLOITDB text VERIFIED
CS-Cart 1.3.2 - Cross-Site Scripting via Search Query Parameter
Cross-site scripting (XSS) vulnerability in index.php in CS-Cart 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a products search action. NOTE: it was also reported that 1.3.5-SP2 trial edition is also affected.
by sasquatch
CVE-2007-4592 EXPLOITDB text VERIFIED
IBM Rational ClearQuest <2003.06.16 Patch 2008A-7.0.1.1_iFix01 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, (3) userNameVal, and (4) schema parameters to the login component.
by sasquatch
EIP-2026-100362 EXPLOITDB text VERIFIED
Iatek PortalApp 4.0 - 'links.asp' SQL Injection
by xcorpitx
CVE-2008-1430 EXPLOITDB text VERIFIED
ASPapp - SQL Injection via CatId Parameter
SQL injection vulnerability in links.asp in ASPapp allows remote attackers to execute arbitrary SQL commands via the CatId parameter.
by xcorpitx
CVE-2008-1481 EXPLOITDB text VERIFIED
webSPELL 4.1.2 - Cross-Site Scripting via Board Parameter
Cross-site scripting (XSS) vulnerability in index.php in webSPELL 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the board parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by n3w7u
CVE-2008-0125 EXPLOITDB text VERIFIED
phpstats 0.1 alpha - Cross-Site Scripting via baseDir Parameter
Cross-site scripting (XSS) vulnerability in phpstats.php in Michael Wagner phpstats 0.1 alpha allows remote attackers to inject arbitrary web script or HTML via the baseDir parameter.
by Hanno Boeck
CVE-2008-1427 EXPLOITDB text VERIFIED
Joobi Acajoom <1.1.5,1.2.5 - SQL Injection
SQL injection vulnerability in the Joobi Acajoom (com_acajoom) 1.1.5 and 1.2.5 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mailingid parameter in a mailing view action to index.php.
by fataku