Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-1370 EXPLOITDB text VERIFIED
wildmary Yap Blog 1.1 - Remote File Inclusion Code Execution
PHP remote file inclusion vulnerability in index.php in wildmary Yap Blog 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by THE_MILLER
EIP-2026-114477 EXPLOITDB text VERIFIED
XOOPS Module wfdownloads - 'cid' SQL Injection
by S@BUN
EIP-2026-114473 EXPLOITDB text VERIFIED
XOOPS Module Glossario 2.2 - 'sid' SQL Injection
by S@BUN
CVE-2008-1220 EXPLOITDB text VERIFIED
4nChat 0.91 - SQL Injection via roomid Parameter
SQL injection vulnerability in the 4nChat 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the roomid parameter in an index action to modules.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by meloulisi
CVE-2008-1145 EXPLOITDB text VERIFIED
WEBrick <1.8.5-p115, 1.8.6-p114, 1.9-1.9.0-1 - Path Traversal
Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.
by DSecRG
CVE-2008-1193 EXPLOITDB text VERIFIED
Java Runtime Environment <6.4 - Privilege Escalation
Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application.
by Chris Evans
CVE-2008-1262 EXPLOITDB text VERIFIED
Airspan WiMax ProST 4.1-6.5.38.0 - Auth Bypass
The administration panel on the Airspan WiMax ProST 4.1 antenna with 6.5.38.0 software does not verify authentication credentials, which allows remote attackers to (1) upload malformed firmware or (2) bind the antenna to a different WiMAX base station via unspecified requests to forms under process_adv/.
by Francis Lacoste-Cordeau
CVE-2008-1303 EXPLOITDB text VERIFIED
Perforce Server <2007.3/143793 - DoS
The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a missing parameter to the (1) dm-FaultFile, (2) dm-LazyCheck, (3) dm-ResolvedFile, (4) dm-OpenFile, (5) crypto, and possibly unspecified other commands, which triggers a NULL pointer dereference.
by Luigi Auriemma
EIP-2026-110898 EXPLOITDB text VERIFIED
PHP-Nuke Yellow_Pages Module - 'cid' SQL Injection
by ZoRLu
CVE-2008-1319 EXPLOITDB text VERIFIED
VersantD service - Command Injection
Untrusted search path and argument injection vulnerability in the VersantD service in Versant Object Database 7.0.1.3 and earlier, as used in Borland CaliberRM and probably other products, allows remote attackers to execute arbitrary commands via a request to TCP port 5019 with a modified VERSANT_ROOT field.
by Luigi Auriemma
EIP-2026-110881 EXPLOITDB text VERIFIED
PHP-Nuke eGallery 3.0 Module - 'pid' SQL Injection
by Aria-Security Team
EIP-2026-110826 EXPLOITDB text VERIFIED
PHP-Nuke 'Seminars' Module - 'Filename' Local File Inclusion
by The-0utl4w
EIP-2026-109497 EXPLOITDB text VERIFIED
Mitra Informatika Solusindo cart - SQL Injection
by bius
CVE-2008-1228 EXPLOITDB text VERIFIED
MG2 admin.php Import Action - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in admin.php in MG2 (formerly Minigal) allows remote attackers to inject arbitrary web script or HTML via the list parameter in an import action.
by Jose Carlos Norte
CVE-2008-1215 EXPLOITDB text VERIFIED
FreeBSD 6.3 and 7.0 - Stack-Based Buffer Overflow in ppp command_Expand_Interpret
Stack-based buffer overflow in the command_Expand_Interpret function in command.c in ppp (aka user-ppp), as distributed in FreeBSD 6.3 and 7.0, OpenBSD 4.1 and 4.2, and the net/userppp package for NetBSD, allows local users to gain privileges via long commands containing "~" characters.
by sipherr
CVE-2008-7126 EXPLOITDB text VERIFIED
Micro Focus VisiBroker < 08.00.00.c1.03 - Remote Code Execution via UDP Packet Integer Overflow
Integer overflow in osagent.exe in Borland VisiBroker Smart Agent 08.00.00.C1.03 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet with a large string length value to UDP port 14000, which triggers a heap-based buffer overflow.
by Luigi Auriemma
CVE-2008-1173 EXPLOITDB text VERIFIED
TorrentTrader Classic 1.08 - Cross-Site Scripting via account-inbox.php msg Parameter
Cross-site scripting (XSS) vulnerability in account-inbox.php in TorrentTrader Classic 1.08 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
by Dominus
CVE-2008-1170 EXPLOITDB text VERIFIED
KCWiki 1.0 - Remote Code Execution via Page Parameter File Inclusion
Multiple PHP remote file inclusion vulnerabilities in KCWiki 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the page parameter to (1) minimal/wiki.php and (2) simplest/wiki.php.
by muuratsalo
CVE-2008-1170 EXPLOITDB text VERIFIED
KCWiki 1.0 - Remote Code Execution via Page Parameter File Inclusion
Multiple PHP remote file inclusion vulnerabilities in KCWiki 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the page parameter to (1) minimal/wiki.php and (2) simplest/wiki.php.
by muuratsalo
EIP-2026-107164 EXPLOITDB text VERIFIED
Flyspray 0.9.9 - Information Disclosure/HTML Injection / Cross-Site Scripting
by Digital Security Research Group
EIP-2026-103426 EXPLOITDB text VERIFIED
Borland StarTeam 2008 10.0.57 - Multiple Remote Vulnerabilities
by Luigi Auriemma
CVE-2008-1164 EXPLOITDB text VERIFIED
phpComasy 0.8 - SQL Injection via mod_project_id Parameter
SQL injection vulnerability in index.php in phpComasy 0.8 allows remote attackers to execute arbitrary SQL commands via the mod_project_id parameter in a project_detail action.
by Cr@zy_King
CVE-2008-1163 EXPLOITDB text VERIFIED
phpArcadeScript <3.0 RC2 - SQL Injection
SQL injection vulnerability in index.php in phpArcadeScript 1.0 through 3.0 RC2 allows remote attackers to execute arbitrary SQL commands via the userid parameter in a profile action.
by SoSo H H
CVE-2008-1314 EXPLOITDB text VERIFIED
Johannes Hass gaestebuch 2.2 - SQL Injection
SQL injection vulnerability in the Johannes Hass gaestebuch 2.2 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to modules.php.
by TurkishWarriorr
CVE-2008-6234 EXPLOITDB text VERIFIED
com_musica - SQL Injection via id Parameter
SQL injection vulnerability in the com_musica module in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by Aria-Security Team