Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-106780 EXPLOITDB text VERIFIED
eForum 0.4 - 'busca.php' Multiple Cross-Site Scripting Vulnerabilities
by Omni
CVE-2008-1425 EXPLOITDB text VERIFIED
Easy-Clanpage 2.2 - SQL Injection via Gallery Module id Parameter
SQL injection vulnerability in index.php in the gallery module in Easy-Clanpage 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a kate action.
by n3w7u
CVE-2008-7142 EXPLOITDB text VERIFIED
cPanel 11.18.3 - Path Traversal via Disk Usage Module showtree Parameter
Absolute path traversal vulnerability in the Disk Usage module (frontend/x/diskusage/index.html) in cPanel 11.18.3 allows remote attackers to list arbitrary directories via the showtree parameter.
by Linux_Drox
CVE-2008-1289 EXPLOITDB text VERIFIED
Asterisk Open Source <1.4.18.1-1.6.0-beta6 - Buffer Overflow
Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c.
by Mu Security research
CVE-2008-1426 EXPLOITDB text VERIFIED
KAPhotoservice - SQL Injection via album.asp albumid Parameter
SQL injection vulnerability in album.asp in KAPhotoservice allows remote attackers to execute arbitrary SQL commands via the albumid parameter.
by JosS
CVE-2008-1401 EXPLOITDB text VERIFIED
MG-SOFT Net Inspector <6.5.0.828 - RCE
Format string vulnerability in the Net Inspector HTTP server (mghttpd) in MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to execute arbitrary code via format string specifiers in the URI, which is recorded in a log file.
by Luigi Auriemma
CVE-2008-1400 EXPLOITDB text VERIFIED
MG-SOFT Net Inspector <6.5.0.828 - Path Traversal
Directory traversal vulnerability in the Net Inspector HTTP Server (mghttpd) in MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) or "../" (dot dot slash) in the URI.
by Luigi Auriemma
CVE-2008-1402 EXPLOITDB text VERIFIED
MG-SOFT Net Inspector <6.5.0.828 - DoS
MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to cause a (1) denial of service (exception and crash) via a UDP packet to the SNMP Trap Service (MgWTrap3.exe) or (2) denial of service (device freeze or memory consumption) via a malformed request to the Net Inspector Server (niengine).
by Luigi Auriemma
EIP-2026-118779 EXPLOITDB text VERIFIED
MG-SOFT Net Inspector 6.5.0.826 - Multiple Remote Vulnerabilities
by Luigi Auriemma
CVE-2008-1403 EXPLOITDB text VERIFIED
BootManage TFTPD <1.99 - Buffer Overflow
Stack-based buffer overflow in the TFTP server in BootManage TFTPD 1.99 and earlier in BootManage Administrator 7.1 and earlier allows remote attackers to execute arbitrary code via a request with a long filename.
by Luigi Auriemma
EIP-2026-114471 EXPLOITDB text VERIFIED
XOOPS Module Dictionary 0.94 - SQL Injection
by S@BUN
CVE-2008-1413 EXPLOITDB text VERIFIED
SNewsCMS Rus 2.1-2.4 - Cross-Site Scripting via Search Query Parameter
Cross-site scripting (XSS) vulnerability in search.php in SNewsCMS Rus 2.1 through 2.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
by medprostuda.ru
CVE-2008-1416 EXPLOITDB text VERIFIED
phpauction_gpl 2.51 - Remote Code Execution via include_path Parameter
Multiple PHP remote file inclusion vulnerabilities in PHPauction GPL 2.51 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) converter.inc.php, (2) messages.inc.php, and (3) settings.inc.php in includes/.
by RoMaNcYxHaCkEr
EIP-2026-108143 EXPLOITDB text VERIFIED
Joomla! / Mambo Component com_guide - 'category' SQL Injection
by The-0utl4w
CVE-2008-1409 EXPLOITDB text VERIFIED
Exero CMS 1.0.1 - Path Traversal via Theme Parameter
Multiple directory traversal vulnerabilities in the Default theme in Exero CMS 1.0.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the theme parameter to (1) index.php, (2) editpassword.php, and (3) avatar.php in usercp/; (4) custompage.php; (5) errors/404.php; (6) memberslist.php and (7) profile.php in members/; (8) index.php and (9) fullview.php in news/; and (10) nopermission.php.
by GoLd_M
CVE-2008-1479 EXPLOITDB text VERIFIED
cyberfrogs cfnetgs 0.24 - Cross-Site Scripting via Directory Parameter
Cross-site scripting (XSS) vulnerability in index.php in cyberfrogs.net cfnetgs 0.24 allows remote attackers to inject arbitrary web script or HTML via the directory parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
CVE-2008-1000 EXPLOITDB text VERIFIED
Apple Mac OS X 10.5.2 - Authenticated Path Traversal and Arbitrary File Write via Wiki Server File Attachments
Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 (aka Leopard) allows remote authenticated users to write arbitrary files via ".." sequences in file attachments.
by Rodrigo Carvalho
CVE-2008-1470 EXPLOITDB text VERIFIED
RSA WebID - Cross-Site Scripting via IISWebAgentIF.dll postdata Parameter
Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID RSA Authentication Agent 5.3, and possibly earlier, allows remote attackers to conduct cross-site scripting (XSS) attacks via the postdata parameter, due to an incomplete fix for CVE-2005-1118.
by quentin.berdugo
CVE-2008-1463 EXPLOITDB text VERIFIED
Imperva SecureSphere MX Management Server 5.0 - Cross-Site Scripting via Alert Page Corrective Action Section
Cross-site scripting (XSS) vulnerability in the management GUI in Imperva SecureSphere MX Management Server 5.0 allows remote attackers to inject arbitrary web script or HTML via an invalid or prohibited request to a web server protected by SecureSphere, which triggers injection into the "corrective action" section of an alert page.
by Berezniski
CVE-2008-1414 EXPLOITDB text VERIFIED
Multiple Time Sheets <= 5.0 - Cross-Site Scripting via Tab Parameter
Cross-site scripting (XSS) vulnerability in Multiple Time Sheets (MTS) 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the tab parameter to (1) index.php, as demonstrated using mixed case and encoded whitespace characters in the tag; or (2) clientinfo.php, (3) invoices.php, (4) smartlinks.php, and (5) todo.php, as demonstrated using a META tag.
by JosS
CVE-2008-1408 EXPLOITDB text VERIFIED
phpbp 2 RC3 (2.204) FIX 4 - SQL Injection via Banner ID Parameter
SQL injection vulnerability in includes/functions/banners-external.php in phpBP 2 RC3 (2.204) FIX 4 allows remote attackers to execute arbitrary SQL commands via the id parameter in a banner_out action.
by irk4z
CVE-2008-1415 EXPLOITDB text VERIFIED
Multiple Time Sheets <5.0 - Path Traversal
Directory traversal vulnerability in index.php in Multiple Time Sheets (MTS) 5.0 and earlier allows remote attackers to read arbitrary files via "../..//" (modified dot dot) sequences in the tab parameter.
by JosS
CVE-2008-1405 EXPLOITDB text VERIFIED
fuzzylime (cms) 3.01 - Remote Code Execution via admindir Parameter
PHP remote file inclusion vulnerability in code/display.php in fuzzylime (cms) 3.01 allows remote attackers to execute arbitrary PHP code via a URL in the admindir parameter.
by irk4z
CVE-2008-1407 EXPLOITDB text VERIFIED
eXV2 WebChat 1.60 - SQL Injection via roomid Parameter
SQL injection vulnerability in index.php in the WebChat 1.60 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the roomid parameter.
by S@BUN
CVE-2008-1404 EXPLOITDB text VERIFIED
Viso (Industry Book) <2.04-2.03 - SQL Injection
SQL injection vulnerability in index.php in the Viso (Industry Book) 2.04 and 2.03 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the kid parameter.
by S@BUN