Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-0804 EXPLOITDB text VERIFIED
Thecus N5200Pro NAS Server Control Panel - Remote Code Execution via usrgetform.html name Parameter
PHP remote file inclusion vulnerability in usrgetform.html in Thecus N5200Pro NAS Server allows remote attackers to execute arbitrary PHP code via a URL in the name parameter.
by Crackers_Child
CVE-2008-0813 EXPLOITDB text VERIFIED
XPWeb 3.0.1, 3.3.2 - Path Traversal via Download.php url Parameter
Directory traversal vulnerability in Download.php in XPWeb 3.0.1, 3.3.2, and possibly other versions, allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter.
by GoLd_M
CVE-2008-0805 EXPLOITDB text VERIFIED
PHPizabi 0.848b C1 HFP1 - Unauthenticated Arbitrary File Upload and Remote Code Execution via Event Page Image Upload
Unrestricted file upload vulnerability in image.php in PHPizabi 0.848b C1 HFP1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension from the event page, then accessing it via a direct request to the file in system/cache/pictures.
by ZoRLu
CVE-2008-0852 EXPLOITDB text VERIFIED
freeSSHd < 1.2 - Denial of Service via SSH2_MSG_NEWKEYS Packet
freeSSHd 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a SSH2_MSG_NEWKEYS packet to TCP port 22, which triggers a NULL pointer dereference.
by Luigi Auriemma
CVE-2008-0939 EXPLOITDB text VERIFIED
WP Photo Album < 1.1 - SQL Injection via Photo or Album Parameter
Multiple SQL injection vulnerabilities in wppa.php in the WP Photo Album (WPPA) before 1.1 plugin for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the photo parameter to index.php, used by the wppa_photo_name function; or (2) the album parameter to index.php, used by the wppa_album_name function. NOTE: some of these details are obtained from third party information.
by S@BUN
CVE-2008-0814 EXPLOITDB text VERIFIED
TRUC 0.11.0 - Path Traversal via download.php upload_filename Parameter
Directory traversal vulnerability in download.php in Tracking Requirements & Use Cases (TRUC) 0.11.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the upload_filename parameter.
by GoLd_M
CVE-2009-4253 EXPLOITDB text VERIFIED
PowerPhlogger 2.2.5 - XSS
Cross-site scripting (XSS) vulnerability in dspStats.php in PowerPhlogger 2.2.5 allows remote attackers to inject arbitrary web script or HTML via the edit parameter.
by MustLive
CVE-2008-0841 EXPLOITDB text VERIFIED
Joomla com_ricette Component - SQL Injection via id Parameter
SQL injection vulnerability in index.php in the Giorgio Nordo Ricette (com_ricette) 1.0 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.
by S@BUN
CVE-2008-0829 EXPLOITDB text VERIFIED
Joomlapixel Jooget! 2.6.8 - SQL Injection via id Parameter
SQL injection vulnerability in jooget.php in the Joomlapixel Jooget! (com_jooget) 2.6.8 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail task.
by S@BUN
CVE-2008-0833 EXPLOITDB text VERIFIED
Joomla com_galeria - SQL Injection via id Parameter
SQL injection vulnerability in index.php in the com_galeria component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
by S@BUN
CVE-2008-0817 EXPLOITDB text VERIFIED
com_filebase component for Joomla! and Mambo - SQL Injection via filecatid Parameter
SQL injection vulnerability in the com_filebase component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action.
by S@BUN
EIP-2026-108150 EXPLOITDB text VERIFIED
Joomla! / Mambo Component com_lexikon - 'id' SQL Injection
by S@BUN
CVE-2008-0812 EXPLOITDB text VERIFIED
BanPro net_banpro_dms 1.0 - Path Traversal via DMS/index.php Action Parameter
Directory traversal vulnerability in DMS/index.php in BanPro DMS 1.0 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the action parameter.
by muuratsalo
CVE-2008-7031 EXPLOITDB text VERIFIED
Foxit Remote Access Server 2.0 Build 3503 - Heap-Based Buffer Overflow via Long SSH Packets
Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Server) 2.0 Build 3503 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SSH packets, a different vulnerability than CVE-2008-0151.
by Luigi Auriemma
CVE-2008-0838 EXPLOITDB text VERIFIED
Sophos ES1000 and ES4000 2.1.0.0 - Cross-Site Scripting via Error and Go Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface in Sophos ES1000 and ES4000 Email Security Appliance 2.1.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) error and (2) go parameters to the login page.
by Leon Juranic
CVE-2008-5105 EXPLOITDB text VERIFIED
KarjaSoft Sami FTP Server 2.0.x - Denial of Service via Malformed FTP Commands
KarjaSoft Sami FTP Server 2.0.x allows remote attackers to cause a denial of service (daemon crash or hang) via certain (1) APPE, (2) CWD, (3) DELE, (4) MKD, (5) RMD, (6) RETR, (7) RNFR, (8) RNTO, (9) SIZE, and (10) STOR commands.
by Cod3rZ
EIP-2026-114523 EXPLOITDB text VERIFIED
Yellow Swordfish Simple Forum 1.x - 'topic' SQL Injection
by S@BUN
EIP-2026-114522 EXPLOITDB text VERIFIED
Yellow Swordfish Simple Forum 1.7/1.9 - 'index.php' SQL Injection
by S@BUN
EIP-2026-114521 EXPLOITDB text VERIFIED
Yellow Swordfish Simple Forum 1.10/1.11 - 'topic' SQL Injection
by S@BUN
EIP-2026-114052 EXPLOITDB text VERIFIED
WordPress Plugin Simple Forum 2.0 < 2.1 - SQL Injection
by S@BUN
EIP-2026-114051 EXPLOITDB text VERIFIED
WordPress Plugin Simple Forum 1.10 < 1.11 - SQL Injection
by S@BUN
CVE-2008-0832 EXPLOITDB text VERIFIED
Kemas Antonius com_quran < 1.1 - SQL Injection via surano Parameter
SQL injection vulnerability in index.php in the Kemas Antonius com_quran 1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the surano parameter in a viewayat action.
by Don
EIP-2026-108164 EXPLOITDB text VERIFIED
Joomla! / Mambo Component faq - 'catid' SQL Injection
by S@BUN
EIP-2026-108156 EXPLOITDB text VERIFIED
Joomla! / Mambo Component com_smslist - 'listid' SQL Injection
by S@BUN
CVE-2008-0816 EXPLOITDB text VERIFIED
com_sg - SQL Injection via pid Parameter
SQL injection vulnerability in the com_sg component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the pid parameter in an order task.
by S@BUN