Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-5284 EXPLOITDB text VERIFIED
IEA Software RadiusNT/RadX <5.1.44 - DoS
The web server in IEA Software RadiusNT and RadiusX 5.1.38 and other versions before 5.1.44, Emerald 5.0.49 and other versions before 5.0.52, Air Marshal 2.0.4 and other versions before 2.0.8, and Radius test client (aka Radlogin) 4.0.20 and earlier, allows remote attackers to cause a denial of service (crash) via an HTTP Content-Length header with a negative value, which triggers a single byte overwrite of memory using a NULL terminator. NOTE: some of these details are obtained from third party information.
by Luigi Auriemma
EIP-2026-103168 EXPLOITDB text VERIFIED
Mozilla Firefox 2.0.9 - 'view-source:' Scheme Information Disclosure
by Ronald van den Heetkamp
CVE-2008-0944 EXPLOITDB text VERIFIED
Ipswitch Instant Messaging <= 2.0.8.1 - Denial of Service via Version Field
Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote attackers to cause a denial of service (NULL dereference and application crash) via a version field containing zero.
by Luigi Auriemma
CVE-2008-0719 EXPLOITDB text VERIFIED
Customer Testimonials 3 and 3.1 Addon for osCommerce - SQL Injection via testimonial_id Parameter
SQL injection vulnerability in customer_testimonials.php in the Customer Testimonials 3 and 3.1 Addon for osCommerce Online Merchant 2.2 allows remote attackers to execute arbitrary SQL commands via the testimonial_id parameter.
by it's my
CVE-2008-7242 EXPLOITDB text VERIFIED
MODx CMS 0.9.6.1-0.9.6.1p1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in MODx CMS 0.9.6.1 and 0.9.6.1p1 allo remote attackers to inject arbitrary web script or HTML via the (1) search, (2) "a," (3) messagesubject, and (4) messagebody parameters to certain pages as reachable from manager/index.php; (5) highlight, (6) id, (7) email, (8) name, and (9) parent parameters to index.php; and the (10) docgrp and (11) moreResultsPage parameters to index-ajax.php.
by Alexandr Polyakov
CVE-2008-0721 EXPLOITDB text VERIFIED
Mambo com_sermon 0.2 - SQL Injection via gid Parameter
SQL injection vulnerability in index.php in the Sermon (com_sermon) 0.2 component for Mambo allows remote attackers to execute arbitrary SQL commands via the gid parameter.
by S@BUN
CVE-2008-0670 EXPLOITDB text VERIFIED
Joomla com_noticias 1.0 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in the Noticias (com_noticias) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detalhe action.
by xcorpitx
CVE-2008-0772 EXPLOITDB text VERIFIED
com_doc - SQL Injection via sid Parameter
SQL injection vulnerability in index.php in the com_doc component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the sid parameter in a view task.
by S@BUN
EIP-2026-108155 EXPLOITDB text VERIFIED
Joomla! / Mambo Component com_sermon 0.2 - 'gid' SQL Injection
by S@BUN
CVE-2007-5659 EXPLOITDB HIGH text VERIFIED
Adobe Acrobat and Reader < 8.1.2 - Remote Code Execution via Long JavaScript Method Arguments
Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655.
by Paul Craig
CVSS 7.8
CVE-2008-0722 EXPLOITDB text VERIFIED
Pagetool 1.0.7 - Cross-Site Scripting via Search Term Parameter
Cross-site scripting (XSS) vulnerability in index.php in Pagetool 1.0.7 allows remote attackers to inject arbitrary web script or HTML via the search_term parameter in a pagetool_search action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Phanter-Root
CVE-2008-0648 EXPLOITDB text VERIFIED
OpenSiteAdmin < 0.9.1.1 - Remote Code Execution via Path Parameter in Multiple Scripts
Multiple PHP remote file inclusion vulnerabilities in OpenSiteAdmin 0.9.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) indexFooter.php; and (2) DatabaseManager.php, (3) FieldManager.php, (4) Filter.php, (5) Form.php, (6) FormManager.php, (7) LoginManager.php, and (8) Filters/SingleFilter.php in scripts/classes/.
by Trancek
CVE-2008-0723 EXPLOITDB text VERIFIED
MyNews < 1.6.4 - Cross-Site Scripting via Hash Parameter
Cross-site scripting (XSS) vulnerability in mynews.inc.php in MyNews 1.6.4, and other earlier 1.6.x versions, allows remote attackers to inject arbitrary web script or HTML via the hash parameter in an admin action to index.php, a different vulnerability than CVE-2006-2208.1.
by SkyOut
CVE-2008-0652 EXPLOITDB text VERIFIED
Joomla com_downloads - SQL Injection via filecatid Parameter
SQL injection vulnerability in index.php in the Downloads (com_downloads) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action.
by S@BUN
CVE-2008-0653 EXPLOITDB text VERIFIED
Joomla com_ynews 1.0.0 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in the Ynews (com_ynews) 1.0.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showYNews action.
by Crackers_Child
CVE-2008-0649 EXPLOITDB text VERIFIED
Astanda Directory Project 1.2-1.3 - SQL Injection via detail.php link_id Parameter
SQL injection vulnerability in detail.php in Astanda Directory Project (ADP) 1.2 and 1.3 allows remote attackers to execute arbitrary SQL commands via the link_id parameter.
by you_kn0w
CVE-2008-0671 EXPLOITDB text VERIFIED
TinTin++ 1.97.9 - Stack-based Buffer Overflow via Long Chat Message
Stack-based buffer overflow in the add_line_buffer function in TinTin++ 1.97.9 and WinTin++ 1.97.9 allows remote attackers to execute arbitrary code via a long chat message, related to conversion from LF to CRLF.
by Luigi Auriemma
CVE-2008-5692 EXPLOITDB text VERIFIED
Ipswitch WS_FTP Server Manager <6.1.1 - Auth Bypass
Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name.
by Luigi Auriemma
CVE-2008-0611 EXPLOITDB text VERIFIED
RMSOFT Gallery System 2.0 - SQL Injection via id Parameter
SQL injection vulnerability in rmgs/images.php in the RMSOFT Gallery System 2.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter.
by you_kn0w
CVE-2008-0614 EXPLOITDB text VERIFIED
Photokorn Gallery 1.543 - SQL Injection via Pic Parameter
SQL injection vulnerability in index.php in Photokorn Gallery 1.543 allows remote attackers to execute arbitrary SQL commands via the pic parameter in a showpic action.
by you_kn0w
EIP-2026-106561 EXPLOITDB text VERIFIED
Download Management 1.00 for PHP-Fusion - Multiple Local File Inclusions
by Psiczn
CVE-2008-0601 EXPLOITDB text VERIFIED
All Club CMS < 0.0.1f - SQL Injection via Name Parameter
SQL injection vulnerability in index.php in All Club CMS (ACCMS) 0.0.1f and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter.
by ka0x
CVE-2008-0612 EXPLOITDB text VERIFIED
XOOPS 2.0.18 - Path Traversal via Lang Parameter
Directory traversal vulnerability in htdocs/install/index.php in XOOPS 2.0.18 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
by DSecRG
CVE-2008-0613 EXPLOITDB text VERIFIED
XOOPS 2.0.18 - Open Redirect via xoops_redirect Parameter
Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the xoops_redirect parameter.
by DSecRG
CVE-2008-0609 EXPLOITDB text VERIFIED
DivideConcept VHD Web Pack 2.0 - Remote File Inclusion via Page Parameter Path Traversal
Directory traversal vulnerability in index.php in DivideConcept VHD Web Pack 2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
by DSecRG