Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-0541 EXPLOITDB text VERIFIED
Gerd Tentler Simple Forum 3.2 - Cross-Site Scripting via Open and Date_Show Parameters
Multiple cross-site scripting (XSS) vulnerabilities in forum.php in Gerd Tentler Simple Forum 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) open and (2) date_show parameters.
by tomplixsee
CVE-2008-0542 EXPLOITDB text VERIFIED
Gerd Tentler Simple Forum 3.2 - Path Traversal via Thumbnail.php File Parameter
Directory traversal vulnerability in thumbnail.php in Gerd Tentler Simple Forum 3.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
by tomplixsee
CVE-2008-0538 EXPLOITDB text VERIFIED
phpIP Management 4.3.2 - SQL Injection via Password and ID Parameters
Multiple SQL injection vulnerabilities in phpIP Management 4.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) password parameter to login.php, the (2) id parameter to display.php, and unspecified other vectors. NOTE: some of these details are obtained from third party information.
by Charles Hooper
CVE-2008-0539 EXPLOITDB text VERIFIED
F5 BIG-IP Application Security Manager 9.4.3 - Cross-Site Scripting via Report Type Parameter
Cross-site scripting (XSS) vulnerability in dms/policy/rep_request.php in F5 BIG-IP Application Security Manager (ASM) 9.4.3 allows remote attackers to inject arbitrary web script or HTML via the report_type parameter.
by nnposter
CVE-2008-0545 EXPLOITDB text VERIFIED
Bubbling Library 1.32 - Path Traversal via URI or Page Parameter
Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) uri parameter to (a) yui-menu.tpl.php, (b) simple.tpl.php, and (c) advanced.tpl.php in dispatcher/framework/; and the (2) page parameter to (d) yui-menu.php, (e) simple.php, and (f) advanced.php in dispatcher/framework/, different vectors than CVE-2008-0521.
by Stack
CVE-2008-0547 EXPLOITDB text VERIFIED
CandyPress < 4.1.1.26 - Cross-Site Scripting via helpfield Parameter
Cross-site scripting (XSS) vulnerability in admin/utilities_ConfigHelp.asp in CandyPress (CP) 4.1.1.26, and probably earlier 4.x and 3.x versions, allows remote attackers to inject arbitrary web script or HTML via the helpfield parameter.
by BugReport.IR
CVE-2008-0546 EXPLOITDB text VERIFIED
CandyPress 4.1.1.26 - SQL Injection via idProduct or options Parameter
Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and earlier 4.1.x versions, allow remote attackers to execute arbitrary SQL commands via the (1) idProduct and (2) options parameters to (a) ajax/ajax_optInventory.asp, or the (2) recid parameter to (b) ajax/ajax_getBrands.asp.
by BugReport.IR
CVE-2008-0737 EXPLOITDB text VERIFIED
CandyPress 4.x and 3.x - SQL Injection via helpfield Parameter
SQL injection vulnerability in admin/utilities_ConfigHelp.asp in CandyPress (CP) 4.1.1.26, and other 4.x and 3.x versions, allows remote attackers to execute arbitrary SQL commands via the helpfield parameter.
by BugReport.IR
CVE-2008-0736 EXPLOITDB text VERIFIED
CandyPress 4.1.1.26 - Path Exposure via FedExAccount Parameter
admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and possibly other 4.x and 3.x versions, allows remote attackers to obtain the path via a certain value of the FedExAccount parameter.
by BugReport.IR
CVE-2007-6696 EXPLOITDB text VERIFIED
WebCalendar 1.1.6 - Cross-Site Scripting via Event Description, pref.php Query String, and search.php adv Parameter
Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) an event description, (2) the query string to pref.php, and (3) the adv parameter to search.php. NOTE: vector 1 requires user authentication.
by Omer Singer
CVE-2007-6696 EXPLOITDB text VERIFIED
WebCalendar 1.1.6 - Cross-Site Scripting via Event Description, pref.php Query String, and search.php adv Parameter
Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) an event description, (2) the query string to pref.php, and (3) the adv parameter to search.php. NOTE: vector 1 requires user authentication.
by Omer Singer
CVE-2008-0469 EXPLOITDB text VERIFIED
Tiger Php News System < 1.0b - SQL Injection via catid Parameter
SQL injection vulnerability in index.php in Tiger Php News System (TPNS) 1.0b and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newscat action.
by 0in
CVE-2008-0540 EXPLOITDB text VERIFIED
trixbox 2.4.2.0 - Cross-Site Scripting via User or Maintenance Index Query String
Multiple cross-site scripting (XSS) vulnerabilities in trixbox 2.4.2.0 allow remote attackers to inject arbitrary web script or HTML via the query string to index.php in (1) user/ or (2) maint/.
by Omer Singer
CVE-2008-0540 EXPLOITDB text VERIFIED
trixbox 2.4.2.0 - Cross-Site Scripting via User or Maintenance Index Query String
Multiple cross-site scripting (XSS) vulnerabilities in trixbox 2.4.2.0 allow remote attackers to inject arbitrary web script or HTML via the query string to index.php in (1) user/ or (2) maint/.
by Omer Singer
CVE-2008-0468 EXPLOITDB text VERIFIED
flinx < 1.3 - SQL Injection via category.php id Parameter
SQL injection vulnerability in category.php in Flinx 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Houssamix
CVE-2008-0744 EXPLOITDB text VERIFIED
Pre Hotels & Resorts Management System - SQL Injection via User Login Page
SQL injection vulnerability in user_login.asp in PreProjects.com Pre Hotels & Resorts Management System allows remote attackers to execute arbitrary SQL commands via the login page.
by milad_sa2007
EIP-2026-100291 EXPLOITDB text VERIFIED
E-Smart Cart - 'Members Login' Multiple SQL Injection Vulnerabilities
by milad_sa2007
CVE-2008-0739 EXPLOITDB text VERIFIED
CandyPress < 4.1 - SQL Injection via FedExAccount Parameter
SQL injection vulnerability in admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and earlier 4.x and 3.x versions, allows remote attackers to execute arbitrary SQL commands via the FedExAccount parameter.
by BugReport.IR
CVE-2008-0465 EXPLOITDB text VERIFIED
Seagull 0.6.3 - Path Traversal via Files Parameter
Directory traversal vulnerability in optimizer.php in Seagull 0.6.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the files parameter.
by fuzion
CVE-2008-0473 EXPLOITDB text VERIFIED
Web Wiz Rich Text Editor 4.0 - Unauthenticated Arbitrary File Upload via RTE_popup_save_file.asp
RTE_popup_save_file.asp in Web Wiz Rich Text Editor 4.0 allows remote attackers to upload (1) .html and (2) .htm files via unspecified vectors.
by BugReport.IR
CVE-2008-0466 EXPLOITDB text VERIFIED
Web Wiz Rich Text Editor 4.0, Forums 9.07, Newspad 1.02 - Unauthenticated Directory Listing & File Read
Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability.
by BugReport.IR
CVE-2008-0466 EXPLOITDB text VERIFIED
Web Wiz Rich Text Editor 4.0, Forums 9.07, Newspad 1.02 - Unauthenticated Directory Listing & File Read
Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability.
by BugReport.IR
CVE-2008-0458 EXPLOITDB text VERIFIED
SLAED CMS 2.5 Lite - Remote File Inclusion via newlang Parameter
Directory traversal vulnerability in function/sources.php in SLAED CMS 2.5 Lite allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newlang parameter to index.php.
by The_HuliGun
CVE-2008-0452 EXPLOITDB text VERIFIED
Siteman 1.1.9 - Path Traversal via Cat Parameter in Articles.php
Directory traversal vulnerability in articles.php in Siteman 1.1.9 allows remote attackers to read arbitrary files via directory traversal sequences in the cat parameter in a viewart action.
by Khashayar Fereidani
CVE-2008-0446 EXPLOITDB text VERIFIED
LulieBlog 1.02 - SQL Injection via voircom.php id Parameter
SQL injection vulnerability in voircom.php in LulieBlog 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Khashayar Fereidani