Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-1230 EXPLOITDB text VERIFIED
JSPWiki 2.4.104 and 2.5.139 - Unauthenticated Arbitrary File Upload and Remote Code Execution via JSP File Attachment
Unrestricted file upload vulnerability in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to upload and execute arbitrary .jsp files via an unspecified manipulation that attaches a .jsp file to an "entry page."
by BugSec LTD
CVE-2008-1229 EXPLOITDB text VERIFIED
JSPWiki 2.4.104 and 2.5.139 - Cross-Site Scripting via Editor Parameter
Cross-site scripting (XSS) vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to inject arbitrary web script or HTML via the editor parameter, a different vector than CVE-2007-5120.b.
by BugSec LTD
CVE-2008-0778 EXPLOITDB text VERIFIED
Apple QuickTime < 7.4.1 - Stack-Based Buffer Overflow via QTPlugin.ocx ActiveX Methods
Multiple stack-based buffer overflows in an ActiveX control in QTPlugin.ocx for Apple QuickTime 7.4.1 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the (1) SetBgColor, (2) SetHREF, (3) SetMovieName, (4) SetTarget, and (5) SetMatrix methods.
by laurent gaffié
CVE-2008-0795 EXPLOITDB text VERIFIED
MGFi XfaQ 1.2 for Joomla and Mambo - SQL Injection via aid Parameter
SQL injection vulnerability in index.php in the MGFi XfaQ (com_xfaq) 1.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action.
by S@BUN
EIP-2026-108153 EXPLOITDB text VERIFIED
Joomla! / Mambo Component com_omnirealestate - 'objid' SQL Injection
by S@BUN
EIP-2026-108151 EXPLOITDB text VERIFIED
Joomla! / Mambo Component com_model - 'objid' SQL Injection
by S@BUN
CVE-2008-0794 EXPLOITDB text VERIFIED
Affiliate Market 0.1 BETA - Path Traversal via Language Parameter
Directory traversal vulnerability in user/header.php in Affiliate Market 0.1 BETA allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
by GoLd_M
CVE-2008-1231 EXPLOITDB text VERIFIED
JSPWiki 2.4.104 and 2.5.139 - Path Traversal via Edit.jsp Editor Parameter
Directory traversal vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to include and execute arbitrary local .jsp files, and obtain sensitive information, via a .. (dot dot) in the editor parameter.
by BugSec LTD
CVE-2008-0026 EXPLOITDB text VERIFIED
Cisco Unified Communications Manager SQL Injection via Key Parameter
SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages.
by Nico Leidecker
CVE-2008-7030 EXPLOITDB text VERIFIED
Site2Nite Real Estate Web - SQL Injection via Username or Password Field
Multiple SQL injection vulnerabilities in Site2Nite Real Estate Web allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field to an unspecified component, possibly agentlist.asp. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.
by S@BUN
CVE-2008-0790 EXPLOITDB text VERIFIED
Intermate WinIPDS 3.3 G52-33-021 - Path Traversal via URI
Directory traversal vulnerability in ipdsserver.exe in Intermate WinIPDS 3.3 G52-33-021 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
by Luigi Auriemma
EIP-2026-111505 EXPLOITDB text VERIFIED
Prince Clan Chess Club 0.8 com_pcchess Component - 'user_id' SQL Injection
by S@BUN
CVE-2008-0815 EXPLOITDB text VERIFIED
com_mezun for Joomla! - SQL Injection via id Parameter
SQL injection vulnerability in the com_mezun component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task.
by S@BUN
CVE-2008-0831 EXPLOITDB text VERIFIED
Joomla Rapid Recipe < 1.6.5 - SQL Injection via user_id or category_id Parameter
Multiple SQL injection vulnerabilities in the Rapid Recipe (com_rapidrecipe) 1.6.5 and earlier component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) user_id or (2) category_id parameter. NOTE: this might overlap CVE-2008-0754.
by S@BUN
CVE-2008-0761 EXPLOITDB text VERIFIED
Joomla com_pcchess < 0.8 - SQL Injection via user_id Parameter
SQL injection vulnerability in index.php in the Prince Clan Chess Club (com_pcchess) 0.8 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a players action.
by S@BUN
EIP-2026-108147 EXPLOITDB text VERIFIED
Joomla! / Mambo Component com_iomezun - 'id' SQL Injection
by S@BUN
CVE-2008-0733 EXPLOITDB text VERIFIED
CS Team Counter Strike Portals - SQL Injection via id Parameter
SQL injection vulnerability in index.php in CS Team Counter Strike Portals allows remote attackers to execute arbitrary SQL commands via the id parameter, as demonstrated using the downloads page.
by S@BUN
CVE-2008-0785 EXPLOITDB text VERIFIED
Cacti 0.8.6-0.8.7 - Authenticated SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote authenticated users to execute arbitrary SQL commands via the (1) graph_list parameter to graph_view.php, (2) leaf_id and id parameters to tree.php, (3) local_graph_id parameter to graph_xport.php, and (4) login_username parameter to index.php/login.
by aScii
CVE-2008-0785 EXPLOITDB text VERIFIED
Cacti 0.8.6-0.8.7 - Authenticated SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote authenticated users to execute arbitrary SQL commands via the (1) graph_list parameter to graph_view.php, (2) leaf_id and id parameters to tree.php, (3) local_graph_id parameter to graph_xport.php, and (4) login_username parameter to index.php/login.
by aScii
CVE-2008-0785 EXPLOITDB text VERIFIED
Cacti 0.8.6-0.8.7 - Authenticated SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote authenticated users to execute arbitrary SQL commands via the (1) graph_list parameter to graph_view.php, (2) leaf_id and id parameters to tree.php, (3) local_graph_id parameter to graph_xport.php, and (4) login_username parameter to index.php/login.
by aScii
CVE-2008-0783 EXPLOITDB text VERIFIED
Cacti 0.8.6-0.8.7 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote attackers to inject arbitrary web script or HTML via (1) the view_type parameter to graph.php; (2) the filter parameter to graph_view.php; (3) the action parameter to the draw_navigation_text function in lib/functions.php, reachable through index.php (aka the login page) or data_input.php; or (4) the login_username parameter to index.php.
by aScii
CVE-2008-0783 EXPLOITDB text VERIFIED
Cacti 0.8.6-0.8.7 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote attackers to inject arbitrary web script or HTML via (1) the view_type parameter to graph.php; (2) the filter parameter to graph_view.php; (3) the action parameter to the draw_navigation_text function in lib/functions.php, reachable through index.php (aka the login page) or data_input.php; or (4) the login_username parameter to index.php.
by aScii
CVE-2008-0785 EXPLOITDB text VERIFIED
Cacti 0.8.6-0.8.7 - Authenticated SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote authenticated users to execute arbitrary SQL commands via the (1) graph_list parameter to graph_view.php, (2) leaf_id and id parameters to tree.php, (3) local_graph_id parameter to graph_xport.php, and (4) login_username parameter to index.php/login.
by aScii
CVE-2008-0760 EXPLOITDB text VERIFIED
SafeNet Sentinel Protection Server < 7.4.1 and Sentinel Keys Server < 1.0.4.0 - Path Traversal via URI
Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.4.1.0 and earlier, and Sentinel Keys Server 1.0.4.0 and earlier, allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URI. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-6483.
by Luigi Auriemma
CVE-2008-0764 EXPLOITDB text VERIFIED
Larson Network Print Server < 9.4.2 - Remote Code Execution via Format String in USEP Command
Format string vulnerability in the logging function in Larson Network Print Server (LstNPS) 9.4.2 build 105 and earlier for Windows might allow remote attackers to execute arbitrary code via format string specifiers in a USEP command on TCP port 3114.
by Luigi Auriemma