Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-0846 EXPLOITDB text VERIFIED
Joomla! com_profile - SQL Injection via oid Parameter
SQL injection vulnerability in index.php in the com_profile component for Joomla! allows remote attackers to execute arbitrary SQL commands via the oid parameter.
by S@BUN
EIP-2026-108145 EXPLOITDB text VERIFIED
Joomla! / Mambo Component com_iigcatalog - 'cat' SQL Injection
by S@BUN
EIP-2026-108142 EXPLOITDB text VERIFIED
Joomla! / Mambo Component com_genealogy - 'id' SQL Injection
by S@BUN
EIP-2026-108141 EXPLOITDB text VERIFIED
Joomla! / Mambo Component com_formtool - 'catid' SQL Injection
by S@BUN
CVE-2008-0877 EXPLOITDB text VERIFIED
Jinzora Media Jukebox 2.7.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Jinzora Media Jukebox 2.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) frontend, (2) set_frontend, (3) jz_path, (4) theme, and (5) set_theme parameters to (a) index.php; the frontend, theme, and (6) language parameters to (b) ajax_request.php; the jz_path parameter to (c) slim.php; the frontend, theme, and jz_path parameters to (d) popup.php; the (13) PATH_INFO to index.php and (e) slim.php; and the (14) query parameter in a playlistedit action and (15) siteNewsData parameter in a sitenews action to (f) popup.php.
by Alexandr Polyakov
CVE-2008-0877 EXPLOITDB text VERIFIED
Jinzora Media Jukebox 2.7.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Jinzora Media Jukebox 2.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) frontend, (2) set_frontend, (3) jz_path, (4) theme, and (5) set_theme parameters to (a) index.php; the frontend, theme, and (6) language parameters to (b) ajax_request.php; the jz_path parameter to (c) slim.php; the frontend, theme, and jz_path parameters to (d) popup.php; the (13) PATH_INFO to index.php and (e) slim.php; and the (14) query parameter in a playlistedit action and (15) siteNewsData parameter in a sitenews action to (f) popup.php.
by Alexandr Polyakov
CVE-2008-0877 EXPLOITDB text VERIFIED
Jinzora Media Jukebox 2.7.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Jinzora Media Jukebox 2.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) frontend, (2) set_frontend, (3) jz_path, (4) theme, and (5) set_theme parameters to (a) index.php; the frontend, theme, and (6) language parameters to (b) ajax_request.php; the jz_path parameter to (c) slim.php; the frontend, theme, and jz_path parameters to (d) popup.php; the (13) PATH_INFO to index.php and (e) slim.php; and the (14) query parameter in a playlistedit action and (15) siteNewsData parameter in a sitenews action to (f) popup.php.
by Alexandr Polyakov
CVE-2008-0877 EXPLOITDB text VERIFIED
Jinzora Media Jukebox 2.7.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Jinzora Media Jukebox 2.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) frontend, (2) set_frontend, (3) jz_path, (4) theme, and (5) set_theme parameters to (a) index.php; the frontend, theme, and (6) language parameters to (b) ajax_request.php; the jz_path parameter to (c) slim.php; the frontend, theme, and jz_path parameters to (d) popup.php; the (13) PATH_INFO to index.php and (e) slim.php; and the (14) query parameter in a playlistedit action and (15) siteNewsData parameter in a sitenews action to (f) popup.php.
by Alexandr Polyakov
CVE-2008-5283 EXPLOITDB text VERIFIED
Google Hack Honeypot (GHH) File Upload Manager <1.3 - RCE
Google Hack Honeypot (GHH) File Upload Manager 1.3 allows remote attackers to delete uploaded files via unknown vectors related to the delall action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. CVE analysis suggests that the most recent version as of 20081128 is 1.2, and the File Upload Manager does not have a "delall" action.
by Mr-m07
CVE-2008-0855 EXPLOITDB text VERIFIED
Joomla and Mambo com_facileforms - SQL Injection via catid Parameter
SQL injection vulnerability in the Facile Forms (com_facileforms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
by S@BUN
CVE-2008-0839 EXPLOITDB text VERIFIED
astatsPRO 1.0 - SQL Injection via refer.php id Parameter
SQL injection vulnerability in refer.php in the astatsPRO (com_astatspro) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
by ka0x
CVE-2008-7040 EXPLOITDB text VERIFIED
Yellow Swordfish Simple Forum - SQL Injection via u Parameter
SQL injection vulnerability in ahah/sf-profile.php in the Yellow Swordfish Simple Forum module for Wordpress allows remote attackers to execute arbitrary SQL commands via the u parameter. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect.
by S@BUN
CVE-2008-0847 EXPLOITDB text VERIFIED
XOOPS myTopics - SQL Injection via articleid Parameter
SQL injection vulnerability in print.php in the myTopics module for XOOPS allows remote attackers to execute arbitrary SQL commands via the articleid parameter.
by S@BUN
CVE-2008-0845 EXPLOITDB text VERIFIED
Dean Logan WP-People Plugin 1.6.1 - SQL Injection via Person Parameter
SQL injection vulnerability in wp-people-popup.php in Dean Logan WP-People plugin 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the person parameter.
by S@BUN
EIP-2026-114003 EXPLOITDB text VERIFIED
WordPress Plugin Recipes Blog - 'id' SQL Injection
by S@BUN
CVE-2008-5584 EXPLOITDB text VERIFIED
ProjectPier < 0.8 - Cross-Site Scripting via Message, Milestone, Profile Display Name, or Index.php Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ProjectPier 0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) a message, (2) a milestone, or (3) a display name in a profile, or the (4) a or (5) c parameter to index.php.
by L4teral
CVE-2008-0827 EXPLOITDB text VERIFIED
PHP-Nuke Books Module - SQL Injection via cid Parameter
SQL injection vulnerability in the Books module of PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by S@BUN
EIP-2026-109300 EXPLOITDB text VERIFIED
Mambo Component Portfolio Manager 1.0 - 'categoryId' SQL Injection
by it's my
CVE-2008-0840 EXPLOITDB text VERIFIED
Public Warehouse LightBlog 9.6 - Path Traversal via Username Parameter
Directory traversal vulnerability in view_member.php in Public Warehouse LightBlog 9.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the username parameter.
by muuratsalo
CVE-2008-0844 EXPLOITDB text VERIFIED
Joomla com_pccookbook - SQL Injection via user_id Parameter
SQL injection vulnerability in index.php in the PccookBook (com_pccookbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
by S@BUN
CVE-2008-0842 EXPLOITDB text VERIFIED
Joomla com_clasifier - SQL Injection via cat_id Parameter
SQL injection vulnerability in index.php in the Classifier (com_clasifier) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
by S@BUN
CVE-2008-0918 EXPLOITDB text VERIFIED
astatsPRO 1.0.1 - SQL Injection via id Parameter
SQL injection vulnerability in includes/count_dl_or_link.inc.php in the astatsPRO (com_astatspro) 1.0.1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to getfile.php, a different vector than CVE-2008-0839. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ka0x
CVE-2008-0853 EXPLOITDB text VERIFIED
com_detail - SQL Injection via id Parameter
SQL injection vulnerability in the com_detail component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: this issue might be site-specific. If so, it should not be included in CVE.
by S@BUN
CVE-2008-5674 EXPLOITDB text VERIFIED
Darkwet webcamXP < 3.72.440.0 - Denial of Service and Memory Read via Invalid camnum and id Parameters
Multiple array index errors in the HTTP server in Darkwet Network webcamXP 3.72.440.0 and earlier and beta 4.05.280 and earlier allow remote attackers to cause a denial of service (device crash) and read portions of memory via (1) an invalid camnum parameter to the pocketpc component and (2) an invalid id parameter to the show_gallery_pic component.
by Luigi Auriemma
CVE-2008-5674 EXPLOITDB text VERIFIED
Darkwet webcamXP < 3.72.440.0 - Denial of Service and Memory Read via Invalid camnum and id Parameters
Multiple array index errors in the HTTP server in Darkwet Network webcamXP 3.72.440.0 and earlier and beta 4.05.280 and earlier allow remote attackers to cause a denial of service (device crash) and read portions of memory via (1) an invalid camnum parameter to the pocketpc component and (2) an invalid id parameter to the show_gallery_pic component.
by Luigi Auriemma