Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-0518 EXPLOITDB text VERIFIED
com_recipes - SQL Injection via id Parameter
SQL injection vulnerability in index.php in the Recipes (com_recipes) 1.00 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
by S@BUN
CVE-2008-0579 EXPLOITDB text VERIFIED
Joomla com_buslicense - SQL Injection via aid Parameter
SQL injection vulnerability in index.php in the buslicense (com_buslicense) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in a list action.
by S@BUN
CVE-2008-0519 EXPLOITDB text VERIFIED
com_jokes - SQL Injection via CatView Cat Parameter
SQL injection vulnerability in index.php in the Atapin Jokes (com_jokes) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a CatView action.
by S@BUN
CVE-2008-0517 EXPLOITDB text VERIFIED
Mambo - SQL Injection via EstateAgent Component objid Parameter
SQL injection vulnerability in index.php in the Darko Selesi EstateAgent (com_estateagent) 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the objid parameter in a contact showObject action.
by S@BUN
CVE-2008-0514 EXPLOITDB text VERIFIED
Joomla Glossary Component - SQL Injection via catid Parameter
SQL injection vulnerability in index.php in the Glossary (com_glossary) 2.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a display action.
by S@BUN
CVE-2008-0567 EXPLOITDB text VERIFIED
ChronoEngine ChronoForms 2.3.5 - Remote Code Execution via mosConfig_absolute_path Parameter
Multiple PHP remote file inclusion vulnerabilities in ChronoEngine ChronoForms (com_chronocontact) 2.3.5 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) PPS/File.php, (2) Writer.php, and (3) PPS.php in excelwriter/; and (4) BIFFwriter.php, (5) Workbook.php, (6) Worksheet.php, and (7) Format.php in excelwriter/Writer/.
by Crackers_Child
EIP-2026-108138 EXPLOITDB text VERIFIED
Joomla! / Mambo Component com_buslicense - 'aid' SQL Injection
by S@BUN
EIP-2026-101143 EXPLOITDB text VERIFIED
2WIRE Routers - 'H04_POST' Access Validation
by Oligarchy Oligarchy
CVE-2008-0503 EXPLOITDB text VERIFIED
Netwerk Smart Publisher 1.0.1 - Remote Code Execution via filedata Parameter
Eval injection vulnerability in admin/op/disp.php in Netwerk Smart Publisher 1.0.1 allows remote attackers to execute arbitrary PHP code via the filedata parameter.
by GoLd_M
CVE-2008-0513 EXPLOITDB text VERIFIED
phpcms 1.2.2 - Path Traversal via File Parameter in parser.php
Directory traversal vulnerability in parser/include/class.cache_phpcms.php in phpCMS 1.2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to parser/parser.php, as demonstrated by a filename ending with %00.gif, a different vector than CVE-2005-1840.
by DSecRG
CVE-2008-0510 EXPLOITDB text VERIFIED
Joomla! and Mambo Newsletter Component - SQL Injection via listid Parameter
SQL injection vulnerability in index.php in the Newsletter (com_newsletter) component for Mambo 4.5 and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.
by S@BUN
CVE-2008-0511 EXPLOITDB text VERIFIED
Joomla! and Mambo com_mamml - SQL Injection via listid Parameter
SQL injection vulnerability in index.php in the MaMML (com_mamml) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.
by S@BUN
CVE-2008-0512 EXPLOITDB text VERIFIED
Joomla com_fq - SQL Injection via listid Parameter
SQL injection vulnerability in index.php in the fq (com_fq) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.
by S@BUN
CVE-2008-0498 EXPLOITDB text VERIFIED
Bigware Shop 2.0 - SQL Injection via pollid Parameter
SQL injection vulnerability in main_bigware_53.tpl.php in Bigware Shop 2.0 allows remote attackers to execute arbitrary SQL commands via the pollid parameter in a results action to main_bigware_53.php.
by D4m14n
CVE-2008-0496 EXPLOITDB text VERIFIED
ampjuke 0.7.0 - Cross-Site Scripting via Limit Parameter
Cross-site scripting (XSS) vulnerability in index.php in AmpJuke 0.7.0 allows remote attackers to inject arbitrary web script or HTML via the limit parameter in a search action.
by ShaFuck31
CVE-2008-0501 EXPLOITDB text VERIFIED
phpMyClub 0.0.1 - Path Traversal via page_courante Parameter
Directory traversal vulnerability in phpMyClub 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page_courante parameter to the top-level URI.
by S.W.A.T.
EIP-2026-109302 EXPLOITDB text VERIFIED
Mambo Module MOStlyCE 2.4 Image Manager Utility - Arbitrary File Upload
by AmnPardaz
CVE-2008-7213 EXPLOITDB text VERIFIED
Mambo < 4.6.3 - Cross-Site Scripting via Command Parameter
Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to inject arbitrary web script or HTML via the Command parameter.
by AmnPardaz
CVE-2008-0552 EXPLOITDB text VERIFIED
eTicket 1.5.6-RC4 - Cross-Site Scripting via PATH_INFO
Cross-site scripting (XSS) vulnerability in index.php in eTicket 1.5.6-RC4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
by jekil
CVE-2008-0489 EXPLOITDB text VERIFIED
Clansphere 2007.4.4 - Path Traversal via Lang Parameter
Directory traversal vulnerability in install.php in Clansphere 2007.4.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
by p4imi0
CVE-2008-0521 EXPLOITDB text VERIFIED
Bubbling Library 1.32 - Path Traversal via URI Parameter
Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to read arbitrary files via a .. (dot dot) in the uri parameter to dispatcher.php in (1) examples/dispatcher/framework/, (2) examples/dispatcher/, (3) examples/wizard/, and (4) PHP/, different vectors than CVE-2008-0545.
by Stack
CVE-2008-0488 EXPLOITDB text VERIFIED
VB Marketing - Path Traversal via tseekdir.cgi Location Parameter
Directory traversal vulnerability in tseekdir.cgi in VB Marketing allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the location parameter.
by Sw33t h4cK3r
CVE-2008-0487 EXPLOITDB text VERIFIED
ASPired2Protect - SQL Injection via Username and Password Parameters
Multiple SQL injection vulnerabilities in login.asp in ASPired2Protect allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: some of these details are obtained from third party information.
by T_L_O_T_D
CVE-2008-0490 EXPLOITDB text VERIFIED
WP-Cal Plugin 0.3 - SQL Injection via id Parameter
SQL injection vulnerability in functions/editevent.php in the WP-Cal 0.3 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Houssamix
CVE-2008-0491 EXPLOITDB text VERIFIED
fGallery 2.4.1 - SQL Injection via Album Parameter
SQL injection vulnerability in fim_rss.php in the fGallery 2.4.1 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the album parameter.
by Houssamix