Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-0682 EXPLOITDB text VERIFIED
Wordspew < 3.72 - SQL Injection via id Parameter
SQL injection vulnerability in wordspew-rss.php in the Wordspew plugin before 3.72 for Wordpress allows remote attackers to execute arbitrary SQL commands via the id parameter.
by S@BUN
CVE-2008-0616 EXPLOITDB text VERIFIED
DMSGuestbook 1.7.0 - Authenticated SQL Injection
SQL injection vulnerability in the administration panel in the DMSGuestbook 1.7.0 plugin for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. NOTE: it is not clear whether this issue crosses privilege boundaries.
by NBBN
CVE-2008-0724 EXPLOITDB text VERIFIED
The Everything Development Engine < pre-1.0 - Cleartext Password Storage
The Everything Development Engine in The Everything Development System Pre-1.0 and earlier stores passwords in cleartext in a database, which makes it easier for context-dependent attackers to obtain access to user accounts.
by sub
CVE-2008-0681 EXPLOITDB text VERIFIED
PHPShop 0.8.1 - SQL Injection via index.php product_id Parameter
SQL injection vulnerability in index.php in PHPShop 0.8.1 allows remote attackers to execute arbitrary SQL commands via the product_id parameter, as demonstrated by a shop/flypage action.
by the redc0ders
CVE-2008-0685 EXPLOITDB text VERIFIED
iTechClassifieds 3.0 - SQL Injection via ViewCat.php CatID Parameter
SQL injection vulnerability in ViewCat.php in iTechClassifieds 3.0 allows remote attackers to execute arbitrary SQL commands via the CatID parameter.
by Crackers_Child
CVE-2008-0684 EXPLOITDB text VERIFIED
iTechClassifieds 3.0 - Cross-Site Scripting via ViewCat.php CatID Parameter
Cross-site scripting (XSS) vulnerability in ViewCat.php in iTechClassifieds 3.0 allows remote attackers to inject arbitrary web script or HTML via the CatID parameter.
by Crackers_Child
CVE-2008-0688 EXPLOITDB text VERIFIED
Smartscript Domain Trader 2.0 - Cross-Site Scripting via catalog.php id Parameter
Cross-site scripting (XSS) vulnerability in catalog.php in Smartscript Domain Trader 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a viewcategory action.
by Crackers_Child
CVE-2008-0695 EXPLOITDB text VERIFIED
BookmarkX script 2007 - SQL Injection via topicid Parameter
SQL injection vulnerability in index.php in BookmarkX script 2007 allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a showtopic action.
by S@BUN
CVE-2008-0632 EXPLOITDB text VERIFIED
LightBlog 9.5 - Unauthenticated Arbitrary File Upload via cp_upload_image.php
Unrestricted file upload vulnerability in cp_upload_image.php in LightBlog 9.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the blog's root directory.
by Omni
CVE-2008-0686 EXPLOITDB text VERIFIED
Joomla com_neoreferences 1.3.1 and 1.3.3 - SQL Injection via catid Parameter
SQL injection vulnerability in index.php in the NeoReferences (com_neoreferences) 1.3.1 and 1.3.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.
by S@BUN
EIP-2026-105227 EXPLOITDB text VERIFIED
Archimede Net 2000 - 'E-Guest_show.php' SQL Injection
by Sw33t h4cK3r
CVE-2008-0703 EXPLOITDB text VERIFIED
sflog < 0.96 - Path Traversal via Permalink or Section Parameter
Multiple directory traversal vulnerabilities in sflog! 0.96 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) permalink or (2) section parameter to index.php, possibly involving includes/entries.inc.php and other files included by index.php.
by muuratsalo
CVE-2008-0559 EXPLOITDB text VERIFIED
Nilson's Blogger 0.11 - Path Traversal via Permalink or Thispost Parameter
Multiple directory traversal vulnerabilities in Nilson's Blogger 0.11 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the permalink parameter in core.php, accessed through index.php; and (2) the thispost parameter in comments.php.
by muuratsalo
CVE-2008-0572 EXPLOITDB text VERIFIED
Mindmeld 1.2.0.10 - Remote Code Execution via MM_GLOBALS[home] Parameter
Multiple PHP remote file inclusion vulnerabilities in Mindmeld 1.2.0.10 allow remote attackers to execute arbitrary PHP code via a URL in the MM_GLOBALS[home] parameter to (1) acweb/admin_index.php; and (2) ask.inc.php, (3) learn.inc.php, (4) manage.inc.php, (5) mind.inc.php, and (6) sensory.inc.php in include/.
by David Wharton
CVE-2008-0562 EXPLOITDB text VERIFIED
Joomla Restaurant Component 1.0 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in the Restaurant (com_restaurant) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
by S@BUN
CVE-2008-0557 EXPLOITDB text VERIFIED
CatalogShop 1.0b1 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in the CatalogShop (com_catalogshop) 1.0b1 componenent for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
by S@BUN
CVE-2008-0561 EXPLOITDB text VERIFIED
Arthur Konze AkoGallery 2.5 beta - SQL Injection via id Parameter
SQL injection vulnerability in index.php in the Arthur Konze AkoGallery (com_akogallery) 2.5 beta component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
by S@BUN
CVE-2008-0178 EXPLOITDB text VERIFIED
Liferay Enterprise Portal 4.3.6 - Authenticated Cross-Site Scripting via User-Agent HTTP Header
Cross-site scripting (XSS) vulnerability in the Enterprise Admin Session Monitoring component in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the User-Agent HTTP header.
by Tomasz Kuczynski
CVE-2006-4220 EXPLOITDB text VERIFIED
Novell GroupWise WebAccess - Cross-Site Scripting via User.html, Error, User.Theme.index, and User.lang Parameters
Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) and User.lang parameters.
by Frederic Loudet
CVE-2008-0515 EXPLOITDB text VERIFIED
Joomla and Mambo musepoes Component - SQL Injection via aid Parameter
SQL injection vulnerability in index.php in the musepoes (com_musepoes) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action.
by S@BUN
CVE-2008-0506 EXPLOITDB text VERIFIED
Coppermine Photo Gallery < 1.4.14 - Remote Code Execution via ImageMagick Picture Processing Parameters
include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.
by waraxe
CVE-2008-4611 EXPLOITDB text VERIFIED
PHP Arsivimiz Php Ziyaretci Defteri - SQL Injection via Sayfa Parameter
SQL injection vulnerability in index.php in PHP Arsivimiz Php Ziyaretci Defteri allows remote attackers to execute arbitrary SQL commands via the sayfa parameter.
by ShaFuck31
CVE-2008-0574 EXPLOITDB text VERIFIED
webSPELL 4.01.02 - Cross-Site Scripting via Sort Parameter in Whoisonline Action
Cross-site scripting (XSS) vulnerability in index.php in webSPELL 4.01.02 allows remote attackers to inject arbitrary web script or HTML via the sort parameter in a whoisonline action.
by NBBN
CVE-2008-0566 EXPLOITDB text VERIFIED
DeltaScripts PHP Links 1.3 - Remote Code Execution via full_path_to_public_program Parameter
PHP remote file inclusion vulnerability in includes/smarty.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the full_path_to_public_program parameter.
by Houssamix
CVE-2008-0565 EXPLOITDB text VERIFIED
DeltaScripts PHP Links < 1.3 - SQL Injection via vote.php id Parameter
SQL injection vulnerability in vote.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Houssamix