Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-1406 EXPLOITDB text VERIFIED
eXV2 MyAnnonces 1.8 - SQL Injection via lid Parameter
SQL injection vulnerability in annonces-p-f.php in the MyAnnonces 1.8 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the lid parameter in an ImprAnn action.
by S@BUN
EIP-2026-106983 EXPLOITDB text VERIFIED
eXV2 Module eblog 1.2 - 'blog_id' SQL Injection
by S@BUN
CVE-2008-1353 EXPLOITDB text VERIFIED
ZABBIX 1.4.4 - Denial of Service via vfs.file.cksum Command
zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a denial of service (CPU and connection consumption) via multiple vfs.file.cksum commands with a special device node such as /dev/urandom or /dev/zero.
by Milen Rangelov
CVE-2008-1354 EXPLOITDB text VERIFIED
Advanced Data Solutions VSO-XP - SQL Injection
SQL injection vulnerability in MyIssuesView.asp in Advanced Data Solutions Virtual Support Office-XP (VSO-XP) allows remote attackers to execute arbitrary SQL commands via the Issue_ID parameter.
by The-0utl4w
CVE-2008-1346 EXPLOITDB text VERIFIED
MyioSoft EasyGallery <5.0tr - SQL Injection
SQL injection vulnerability in staticpages/easygallery/index.php in MyioSoft EasyGallery 5.0tr and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action.
by JosS
CVE-2008-1344 EXPLOITDB text VERIFIED
MyioSoft EasyCalendar <4.0tr - SQL Injection
Multiple SQL injection vulnerabilities in MyioSoft EasyCalendar 4.0tr and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year parameter in a dayview action to plugins/calendar/calendar_backend.php and the (2) page parameter to ajaxp_backend.php.
by JosS
CVE-2008-0533 EXPLOITDB text VERIFIED
Cisco ACS for Windows and ACS Solution Engine - Cross-Site Scripting via CSuserCGI.exe Help Argument
Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to inject arbitrary web script or HTML via an argument located immediately after the Help argument, and possibly unspecified other vectors.
by felix
CVE-2008-1357 EXPLOITDB text VERIFIED
McAfee Common Management Agent <= 3.6.0.574 - Remote Code Execution via Format String in AgentWakeup Request
Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent (CMA) 3.6.0.574 (Patch 3) and earlier, as used in ePolicy Orchestrator 4.0.0 build 1015, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in a sender field in an AgentWakeup request to UDP port 8082. NOTE: this issue only exists when the debug level is 8.
by Luigi Auriemma
CVE-2008-0532 EXPLOITDB text VERIFIED
Cisco ACS for Windows and ACS Solution Engine - Remote Code Execution via Long Argument After Logout
Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to execute arbitrary code via a long argument located immediately after the Logout argument, and possibly unspecified other vectors.
by felix
EIP-2026-114478 EXPLOITDB text VERIFIED
XOOPS MyTutorials Module 2.1 - 'printpage.php' SQL Injection
by S@BUN
CVE-2008-1351 EXPLOITDB text VERIFIED
XOOPS Tutorials 2.1b - SQL Injection via tid Parameter
SQL injection vulnerability in the Tutorials 2.1b module for XOOPS allows remote attackers to execute arbitrary SQL commands via the tid parameter to printpage.php, which is accessible directly or through a printpage action to index.php.
by S@BUN
CVE-2008-7038 EXPLOITDB text VERIFIED
My_eGallery - SQL Injection via gid Parameter
SQL injection vulnerability in the My_eGallery module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the gid parameter in a showgall action to modules.php. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect.
by S@BUN
EIP-2026-114472 EXPLOITDB text VERIFIED
XOOPS Module Gallery 0.2.2 - 'gid' SQL Injection
by S@BUN
CVE-2008-1325 EXPLOITDB text VERIFIED
Uberghey CMS 0.3.1 - Path Traversal
Multiple directory traversal vulnerabilities in index.php in Uberghey CMS 0.3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page_id and (2) language parameters. NOTE: this might be the same issue as CVE-2008-1324.
by muuratsalo
CVE-2008-1324 EXPLOITDB text VERIFIED
Travelsized CMS 0.4.1 - Path Traversal
Multiple directory traversal vulnerabilities in index.php in Travelsized CMS 0.4.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page_id and (2) language parameters. NOTE: this might be the same issue as CVE-2008-1325.
by muuratsalo
EIP-2026-109359 EXPLOITDB text VERIFIED
MAXdev My eGallery Module 3.04 - For Xoops 'gid' SQL Injection
by S@BUN
CVE-2008-1355 EXPLOITDB text VERIFIED
Jeebles Directory 2.9.60 - Cross-Site Scripting via Path Parameter
Cross-site scripting (XSS) vulnerability in index.php in Jeebles Technology Jeebles Directory 2.9.60 allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
CVE-2008-1350 EXPLOITDB text VERIFIED
Fully Modded phpBB 80220 - SQL Injection
SQL injection vulnerability in kb.php in Fully Modded phpBB (phpbbfm) 80220 allows remote attackers to execute arbitrary SQL commands via the k parameter in an article action.
by TurkishWarriorr
CVE-2008-1349 EXPLOITDB text VERIFIED
bamaGalerie 3.03-3.041 - SQL Injection
SQL injection vulnerability in viewcat.php in the bamaGalerie (Bama Galerie) 3.03 and 3.041 module for eXV2 2.0.6 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by S@BUN
CVE-2008-1348 EXPLOITDB text VERIFIED
eWebsite eWeather - Cross-Site Scripting via Chart Parameter
Cross-site scripting (XSS) vulnerability in index.php in the eWebsite eWeather (Weather) module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the chart parameter to modules.php.
by NetJackal
CVE-2008-7133 EXPLOITDB text VERIFIED
EasyImageCatalogue 1.3.1 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in onlinetools.org EasyImageCatalogue 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) search and (2) d index.php parameters to index.php, (3) dir parameter to thumber.php, and the d parameter to (4) describe.php and (5) addcomment.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
CVE-2008-7133 EXPLOITDB text VERIFIED
EasyImageCatalogue 1.3.1 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in onlinetools.org EasyImageCatalogue 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) search and (2) d index.php parameters to index.php, (3) dir parameter to thumber.php, and the d parameter to (4) describe.php and (5) addcomment.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
CVE-2008-7133 EXPLOITDB text VERIFIED
EasyImageCatalogue 1.3.1 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in onlinetools.org EasyImageCatalogue 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) search and (2) d index.php parameters to index.php, (3) dir parameter to thumber.php, and the d parameter to (4) describe.php and (5) addcomment.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
CVE-2008-7133 EXPLOITDB text VERIFIED
EasyImageCatalogue 1.3.1 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in onlinetools.org EasyImageCatalogue 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) search and (2) d index.php parameters to index.php, (3) dir parameter to thumber.php, and the d parameter to (4) describe.php and (5) addcomment.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ZoRLu
CVE-2008-1347 EXPLOITDB text VERIFIED
MyioSoft EasyGallery <= 5.0tr - Cross-Site Scripting via PATH_INFO or q Parameter
Multiple cross-site scripting (XSS) vulnerabilities in staticpages/easygallery/index.php in MyioSoft EasyGallery 5.0tr and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) the q parameter in an about action to the help system.
by JosS