Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-110882 EXPLOITDB text VERIFIED
PHP-Nuke Gallery 1.3 Module - 'artid' SQL Injection
by S@BUN
CVE-2008-1137 EXPLOITDB text VERIFIED
Garys Cookbook <1.1.1 - SQL Injection
SQL injection vulnerability in the Garys Cookbook (com_garyscookbook) 1.1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
by S@BUN
EIP-2026-108856 EXPLOITDB text VERIFIED
Joomla! Component simple shop 2.0 - SQL Injection
by S@BUN
EIP-2026-108144 EXPLOITDB text VERIFIED
Joomla! / Mambo Component com_hello_world - 'id' SQL Injection
by S@BUN
EIP-2026-105300 EXPLOITDB text VERIFIED
AuraCMS 2.2 - 'lihatberita' Module SQL Injection
by S@BUN
CVE-2008-1069 EXPLOITDB text VERIFIED
Quantum Game Library 0.7.2c - Remote Code Execution via CONFIG[gameroot] Parameter
Multiple PHP remote file inclusion vulnerabilities in Quantum Game Library 0.7.2c allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[gameroot] parameter to (1) server_request.php and (2) qlib/smarty.inc.php.
by RoMaNcYxHaCkEr
CVE-2008-1067 EXPLOITDB text VERIFIED
phpQLAdmin 2.2.7 - Remote Code Execution via _SESSION[path] Parameter
Multiple PHP remote file inclusion vulnerabilities in phpQLAdmin 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[path] parameter to (1) ezmlm.php and (2) tools/update_translations.php.
by RoMaNcYxHaCkEr
EIP-2026-100200 EXPLOITDB text VERIFIED
Citrix Metaframe Web Manager - 'login.asp' Cross-Site Scripting
by Handrix
CVE-2008-0919 EXPLOITDB text VERIFIED
OSSIM <= 0.9.9 rc5 - Cross-Site Scripting via Login Page Dest Parameter
Cross-site scripting (XSS) vulnerability in session/login.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 and earlier allows remote attackers to inject arbitrary web script or HTML via the dest parameter.
by Marcin Kopec
CVE-2008-0937 EXPLOITDB text VERIFIED
tinyevent 1.01 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action, a different vector than CVE-2007-1811.
by S@BUN
CVE-2008-0936 EXPLOITDB text VERIFIED
XOOPS Prayer List Module 1.04 - SQL Injection via cid Parameter
SQL injection vulnerability in index.php in the Prayer List (prayerlist) 1.04 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action.
by S@BUN
EIP-2026-111365 EXPLOITDB text VERIFIED
Plume CMS 1.2.2 - '/manager/xmedia.php' Cross-Site Scripting
by Omer Singer
CVE-2008-0922 EXPLOITDB text VERIFIED
PHP-Nuke Manuales 0.1 - SQL Injection via cid Parameter
SQL injection vulnerability in the Manuales 0.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewdownload action to modules.php.
by Mehmet Ince
EIP-2026-110887 EXPLOITDB text VERIFIED
PHP-Nuke Module Siir - 'id' SQL Injection
by S@BUN
CVE-2008-0934 EXPLOITDB text VERIFIED
NukeC 2.1 - SQL Injection via id_catg Parameter
SQL injection vulnerability in modules.php in the NukeC 2.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action.
by DamaR
CVE-2004-2000 EXPLOITDB text VERIFIED
Php-Nuke 6.x-7.2 - SQL Injection via Orderby or Sid Parameter
SQL injection vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL via the (1) orderby or (2) sid parameters to modules.php.
by S@BUN
EIP-2026-110879 EXPLOITDB text VERIFIED
PHP-Nuke Classifieds Module - 'Details' SQL Injection
by S@BUN
CVE-2008-0920 EXPLOITDB text VERIFIED
OSSIM < 0.9.9 - Authenticated SQL Injection via portname Parameter
SQL injection vulnerability in port/modifyportform.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 allows remote authenticated users to execute arbitrary SQL commands via the portname parameter, which is not properly handled by a validation regular expression.
by Marcin Kopec
EIP-2026-108167 EXPLOITDB text VERIFIED
Joomla! / Mambo Component Referenzen - 'id' SQL Injection
by S@BUN
EIP-2026-108152 EXPLOITDB text VERIFIED
Joomla! / Mambo Component com_most - 'secid' SQL Injection
by S@BUN
EIP-2026-108136 EXPLOITDB text VERIFIED
Joomla! / Mambo Component com_asortyment - 'katid' SQL Injection
by S@BUN
CVE-2008-0942 EXPLOITDB text VERIFIED
Aeries Student Information System 3.8.2.8 - SQL Injection via GradebookStuScores.asp GrdBk Parameter
SQL injection vulnerability in GradebookStuScores.asp in Eagle Software Aeries Browser Interface (ABI) 3.8.2.8 allows remote attackers to execute arbitrary SQL commands via the GrdBk parameter.
by Arsalan Emamjomehkashan
CVE-2008-0943 EXPLOITDB text VERIFIED
Aeries Student Information System 3.7.2.2 - SQL Injection via FC Parameter or Term Parameter
Multiple SQL injection vulnerabilities in Eagle Software Aeries Browser Interface (ABI) 3.7.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) FC parameter to Comments.asp, or the Term parameter to (2) Labels.asp or (3) ClassList.asp.
by Arsalan Emamjomehkashan
CVE-2008-0921 EXPLOITDB text VERIFIED
beContent 0.3.1 - SQL Injection via News.php ID Parameter
SQL injection vulnerability in news.php in beContent 0.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Cr@zy_King
EIP-2026-103937 EXPLOITDB text VERIFIED
IBM Lotus Quickr QuickPlace Server 8.0 - Calendar 'Count' Cross-Site Scripting
by Nir Goldshlager AVNE