Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-0810 EXPLOITDB text VERIFIED
com_scheduling_component - SQL Injection via id Parameter
SQL injection vulnerability in the com_scheduling module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.
by S@BUN
CVE-2008-0854 EXPLOITDB text VERIFIED
com_salesrep - SQL Injection via rid Parameter
SQL injection vulnerability in the com_salesrep component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the rid parameter in a showrep action to index.php.
by S@BUN
EIP-2026-108135 EXPLOITDB text VERIFIED
Joomla! / Mambo Component com_activities - 'id' SQL Injection
by S@BUN
CVE-2008-0850 EXPLOITDB text VERIFIED
Dokeos 1.8.4 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to whoisonline.php, (2) tracking_list_coaches_column parameter to main/mySpace/index.php, (3) tutor_name parameter to main/create_course/add_course.php, the (4) Referer HTTP header to index.php, and the (5) X-Fowarded-For HTTP header to main/admin/class_list.php.
by Alexandr Polyakov
CVE-2008-0850 EXPLOITDB text VERIFIED
Dokeos 1.8.4 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to whoisonline.php, (2) tracking_list_coaches_column parameter to main/mySpace/index.php, (3) tutor_name parameter to main/create_course/add_course.php, the (4) Referer HTTP header to index.php, and the (5) X-Fowarded-For HTTP header to main/admin/class_list.php.
by Alexandr Polyakov
CVE-2008-0850 EXPLOITDB text VERIFIED
Dokeos 1.8.4 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to whoisonline.php, (2) tracking_list_coaches_column parameter to main/mySpace/index.php, (3) tutor_name parameter to main/create_course/add_course.php, the (4) Referer HTTP header to index.php, and the (5) X-Fowarded-For HTTP header to main/admin/class_list.php.
by Alexandr Polyakov
CVE-2008-0850 EXPLOITDB text VERIFIED
Dokeos 1.8.4 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to whoisonline.php, (2) tracking_list_coaches_column parameter to main/mySpace/index.php, (3) tutor_name parameter to main/create_course/add_course.php, the (4) Referer HTTP header to index.php, and the (5) X-Fowarded-For HTTP header to main/admin/class_list.php.
by Alexandr Polyakov
CVE-2008-0851 EXPLOITDB text VERIFIED
Dokeos e-learning_system 1.8.4 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to inscription.php, (2) courseCode parameter to main/calendar/myagenda.php, (3) category parameter to main/admin/course_category.php, (4) message parameter to main/admin/session_list.php in a show_message action, and (5) an avatar image to main/auth/profile.php.
by Alexandr Polyakov
CVE-2008-0851 EXPLOITDB text VERIFIED
Dokeos e-learning_system 1.8.4 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to inscription.php, (2) courseCode parameter to main/calendar/myagenda.php, (3) category parameter to main/admin/course_category.php, (4) message parameter to main/admin/session_list.php in a show_message action, and (5) an avatar image to main/auth/profile.php.
by Alexandr Polyakov
CVE-2008-0851 EXPLOITDB text VERIFIED
Dokeos e-learning_system 1.8.4 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to inscription.php, (2) courseCode parameter to main/calendar/myagenda.php, (3) category parameter to main/admin/course_category.php, (4) message parameter to main/admin/session_list.php in a show_message action, and (5) an avatar image to main/auth/profile.php.
by Alexandr Polyakov
EIP-2026-103564 EXPLOITDB text VERIFIED
Mozilla Firefox 2.0.0.12 - IFrame Recursion Remote Denial of Service
by Carl Hardwick
CVE-2008-4875 EXPLOITDB text VERIFIED
Philips Electronics VOIP841 DECT Phone 1.0.4.50 and 1.0.4.80 - Authenticated Path Traversal via GET Request
Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a GET request. NOTE: this can be leveraged with CVE-2008-4874 for unauthenticated access to sensitive files such as (1) save.dat and (2) apply.log, which can contain other credentials such as the Skype username and password.
by ikki
CVE-2008-4874 EXPLOITDB text VERIFIED
Philips Electronics VOIP841 DECT Phone - Hardcoded Backdoor Account
The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has a back door "service" account with "service" as its password, which makes it easier for remote attackers to obtain access.
by ikki
CVE-2008-0822 EXPLOITDB text VERIFIED
Scribe 0.2 - Path Traversal via Page Parameter
Directory traversal vulnerability in index.php in Scribe 0.2 allows remote attackers to read arbitrary local files via a .. (dot dot) in the page parameter.
by muuratsalo
CVE-2008-0819 EXPLOITDB text VERIFIED
PlutoStatus Locator 1.0 pre alpha - Path Traversal via Page Parameter
Directory traversal vulnerability in index.php in PlutoStatus Locator 1.0 pre alpha allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
by muuratsalo
CVE-2008-0821 EXPLOITDB text VERIFIED
OSI Codes Inc. PHP Live! 3.2.2 - SQL Injection via questid Parameter
SQL injection vulnerability in admin/traffic/knowledge_searchm.php in OSI Codes Inc. PHP Live! 3.2.2 allows remote attackers to execute arbitrary SQL commands via the questid parameter in an expand_question action.
by Xar
CVE-2008-0796 EXPLOITDB text VERIFIED
Nuboard 0.5 - SQL Injection via threads.php ssid Parameter
SQL injection vulnerability in threads.php in Nuboard 0.5 allows remote attackers to execute arbitrary SQL commands via the ssid parameter.
by Khashayar Fereidani
CVE-2008-0803 EXPLOITDB text VERIFIED
LookStrike Lan Manager 0.9 - Remote Code Execution via sys_conf[path][real] Parameter
Multiple PHP remote file inclusion vulnerabilities in LookStrike Lan Manager 0.9 allow remote attackers to execute arbitrary PHP code via a URL in the sys_conf[path][real] parameter to (1) modules\class\Table.php; (2) db_admins.php, (3) db_alert.php, (4) db_double.php, (5) db_games.php, (6) db_matches.php, (7) db_match_teams.php, (8) db_news.php, (9) db_platform.php, (10) db_players.php, (11) db_server_group.php, (12) db_server_ip.php, (13) db_teams.php, (14) db_team_players.php, (15) db_tournaments.php, (16) db_tournament_teams.php, and (17) db_trees.php in modules\class\db\; and (18) Match.php, (19) MatchTeam.php, (20) Rule.php, (21) RuleBuilder.php, (22) RulePool.php, (23) RuleSingle.php, (24) RuleTree.php, (25) Tournament.php, (26) TournamentTeam.php, (27) Tree.php, and (28) TreeSingle.php in modules\class\tournament\. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences.
by MhZ91
CVE-2008-0799 EXPLOITDB text VERIFIED
Joomla com_quiz < 0.81 - SQL Injection via tid Parameter
SQL injection vulnerability in index.php in the Quiz (com_quiz) 0.81 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a user_tst_shw action.
by S@BUN
CVE-2008-0801 EXPLOITDB text VERIFIED
PAXXGallery (com_paxxgallery) 0.2 - SQL Injection via iid Parameter
SQL injection vulnerability in index.php in the PAXXGallery (com_paxxgallery) 0.2 component for Mambo and Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the iid parameter in a view action, and possibly (2) the userid parameter.
by S@BUN
CVE-2008-0800 EXPLOITDB text VERIFIED
Joomla com_mcquiz 0.9 Final - SQL Injection via tid Parameter
SQL injection vulnerability in index.php in the McQuiz (com_mcquiz) 0.9 Final component for Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a user_tst_shw action.
by S@BUN
CVE-2008-0818 EXPLOITDB text VERIFIED
freePHPgallery 0.6 - Path Traversal via Lang Cookie
Multiple directory traversal vulnerabilities in freePHPgallery 0.6 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie to (1) comment.php, (2) index.php, and (3) show.php.
by MhZ91
CVE-2008-0798 EXPLOITDB text VERIFIED
artmedic weblog 1.0 - Path Traversal via ta or date Parameter
Multiple directory traversal vulnerabilities in artmedic webdesign weblog 1.0, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ta parameter to artmedic_index.php, reached through index.php; and the (2) date parameter to artmedic_print.php.
by muuratsalo
EIP-2026-105255 EXPLOITDB text VERIFIED
artmedic webdesign weblog - Multiple Local File Inclusions
by muuratsalo
CVE-2008-4876 EXPLOITDB text VERIFIED
Philips Electronics VOIP841 DECT Phone - Cross-Site Scripting via Request URL
Cross-site scripting (XSS) vulnerability in the web server component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote attackers to inject arbitrary web script or HTML via the request URL, which is not properly handled in a 404 web error page.
by ikki