Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-1055 EXPLOITDB text VERIFIED
SurgeMail < 38k4 and WebMail < 3.1s - Remote Code Execution via Format String in Page Parameter
Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter.
by Luigi Auriemma
CVE-2008-1054 EXPLOITDB text VERIFIED
NetWin SurgeMail <= 38k4 - Stack-Based Buffer Overflow via Long HTTP Headers
Stack-based buffer overflow in the _lib_spawn_user_getpid function in (1) swatch.exe and (2) surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via an HTTP request with multiple long headers to webmail.exe and unspecified other CGI executables, which triggers an overflow when assigning values to environment variables. NOTE: some of these details are obtained from third party information.
by Luigi Auriemma
CVE-2008-1052 EXPLOITDB text VERIFIED
NetWin SurgeFTP <= 2.3a2 - Denial of Service via Large Content-Length Header
The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL pointer dereference when memory allocation fails.
by Luigi Auriemma
CVE-2008-1050 EXPLOITDB text VERIFIED
Softbiz Jokes & Funny Pics Script - SQL Injection via sbcat_id Parameter
SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter.
by -=Mizo=-
EIP-2026-110894 EXPLOITDB text VERIFIED
PHP-Nuke Sell Module - 'cid' SQL Injection
by Aria-Security Team
CVE-2008-1053 EXPLOITDB text VERIFIED
Kose_Yazilari module for PHP-Nuke - SQL Injection via artid Parameter
Multiple SQL injection vulnerabilities in the Kose_Yazilari module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the artid parameter in a (1) viewarticle or (2) printpage action to modules.php.
by xcorpitx
EIP-2026-108160 EXPLOITDB text VERIFIED
Joomla! / Mambo Component com_wines 1.0 - 'id' SQL Injection
by S@BUN
EIP-2026-108154 EXPLOITDB text VERIFIED
Joomla! / Mambo Component com_publication - 'pid' SQL Injection
by Aria-Security Team
EIP-2026-108146 EXPLOITDB text VERIFIED
Joomla! / Mambo Component com_inter - 'id' SQL Injection
by The-0utl4w
EIP-2026-108137 EXPLOITDB text VERIFIED
Joomla! / Mambo Component com_blog - 'pid' SQL Injection
by Aria-Security Team
EIP-2026-107348 EXPLOITDB text VERIFIED
Gary's Cookbook 3.0 - 'id' SQL Injection
by S@BUN
CVE-2008-7033 EXPLOITDB text VERIFIED
Simple Shop Galore (com_simpleshop) - SQL Injection via Section Parameter
SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the section parameter in a section action to index.php, a different vulnerability than CVE-2008-2568. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect.
by S@BUN
CVE-2008-1045 EXPLOITDB text VERIFIED
Alkacon OpenCMS 7.0.3 - Cross-Site Scripting via File Tree Navigation Resource Parameter
Cross-site scripting (XSS) vulnerability in the file tree navigation function in system/workplace/views/explorer/tree_files.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the resource parameter.
by nnposter
CVE-2008-1037 EXPLOITDB text VERIFIED
Packeteer PacketShaper and PolicyCenter 8.2.2 - Cross-Site Scripting via FILELIST Parameter
Cross-site scripting (XSS) vulnerability in the file listing function in the web management interface in Packeteer PacketShaper and PolicyCenter 8.2.2 allows remote attackers to inject arbitrary web script or HTML via the FILELIST parameter to an arbitrary component, which triggers injection into an Error Report page.
by nnposter
CVE-2008-1039 EXPLOITDB text VERIFIED
PORAR WEBBOARD - SQL Injection via QID Parameter
SQL injection vulnerability in question.asp in PORAR WEBBOARD allows remote attackers to execute arbitrary SQL commands via the QID parameter.
by xcorpitx
CVE-2008-3888 EXPLOITDB text VERIFIED
Mini-NUKE Freehost 2.3 - SQL Injection
SQL injection vulnerability in members.asp in Mini-NUKE Freehost 2.3 allows remote attackers to execute arbitrary SQL commands via the uid parameter in a member_details action.
by S@BUN
CVE-2007-0700 EXPLOITDB text VERIFIED
Gsylvain35 Portail Web - Path Traversal
Directory traversal vulnerability in index.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this issue was later reported for 2.5.1.1.
by GoLd_M
CVE-2008-1068 EXPLOITDB text VERIFIED
Portail Web Php < 2.5.1.1 - Remote Code Execution via site_path Parameter
Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2.5.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) Vert/index.php, (2) Noir/index.php, and (3) Bleu/index.php in template/, different vectors than CVE-2008-0645.
by GoLd_M
EIP-2026-111271 EXPLOITDB text VERIFIED
pigyard art Gallery - Multiple Vulnerabilities
by ZoRLu
CVE-2008-1043 EXPLOITDB text VERIFIED
Linux Web Shop php User Base 1.3 BETA - Remote Code Execution via Menu Parameter
PHP remote file inclusion vulnerability in templates/default/header.inc.php in Linux Web Shop (LWS) php User Base 1.3 BETA allows remote attackers to execute arbitrary PHP code via a URL in the menu parameter.
by CraCkEr
CVE-2008-1042 EXPLOITDB text VERIFIED
Linux Web Shop php Download Manager < 1.1 - Path Traversal via Content Parameter
Directory traversal vulnerability in include/body.inc.php in Linux Web Shop (LWS) php Download Manager 1.0 and 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content parameter.
by BeyazKurt
CVE-2008-1046 EXPLOITDB text VERIFIED
Quinsonnas Mail Checker 1.55 - Remote Code Execution via footer.php op[footer_body] Parameter
PHP remote file inclusion vulnerability in footer.php in Quinsonnas Mail Checker 1.55 allows remote attackers to execute arbitrary PHP code via a URL in the op[footer_body] parameter.
by GoLd_M
CVE-2008-7240 EXPLOITDB text VERIFIED
Linux Web Shop (LWS) php User Base 1.3beta - Path Traversal
Directory traversal vulnerability in include/unverified.inc.php in Linux Web Shop (LWS) php User Base 1.3beta allows remote attackers to include and execute arbitrary local files via the template parameter.
by BeyazKurt
CVE-2008-1051 EXPLOITDB text VERIFIED
phpProfiles 4.5.2 BETA - Remote Code Execution via include/body_comm.inc.php content Parameter
PHP remote file inclusion vulnerability in include/body_comm.inc.php in phpProfiles 4.5.2 BETA allows remote attackers to execute arbitrary PHP code via a URL in the content parameter.
by CraCkEr
CVE-2008-7226 EXPLOITDB text VERIFIED
PHP-Nuke Recipes Module 1.3-1.4 - SQL Injection via recipeid Parameter
SQL injection vulnerability in index.php in the Recipes module 1.3, 1.4, and possibly other versions for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the recipeid parameter.
by S@BUN