Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-0459 EXPLOITDB text VERIFIED
Liquidsilvercms - Path Traversal
Directory traversal vulnerability in update/index.php in Liquid-Silver CMS 0.35, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the update parameter.
by Stack
CVE-2008-0447 EXPLOITDB text VERIFIED
Foojan WMS PHP Weblog 1.0 - SQL Injection via Story Parameter
SQL injection vulnerability in index.php in Foojan WMS PHP Weblog 1.0 allows remote attackers to execute arbitrary SQL commands via the story parameter.
by Khashayar Fereidani
CVE-2007-6697 EXPLOITDB text VERIFIED
SDL_image < 1.2.6 - Buffer Overflow in LWZReadByte Function
Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, a similar issue to CVE-2006-4484. NOTE: some of these details are obtained from third party information.
by Gynvael Coldwind
CVE-2008-0464 EXPLOITDB text VERIFIED
absofort aconon Mail Enterprise SQL - Path Traversal via Template Parameter
Directory traversal vulnerability in archiv.cgi in absofort aconon Mail 2007 Enterprise SQL 11.7.0 and Mail 2004 Enterprise SQL 11.5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
by Arno Toll
CVE-2008-0481 EXPLOITDB text VERIFIED
Web Wiz Rich Text Editor 4.0 - Path Traversal via RTE_file_browser.asp sub Parameter
Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz Rich Text Editor 4.0 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter in a save action.
by BugReport.IR
CVE-2008-0479 EXPLOITDB text VERIFIED
Web Wiz NewsPad 1.02 - Path Traversal via RTE_file_browser.asp Sub Parameter
Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz NewsPad 1.02 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter.
by BugReport.IR
CVE-2008-0480 EXPLOITDB text VERIFIED
Web Wiz Forums < 9.07 - Path Traversal via RTE_file_browser.asp or file_browser.asp Sub Parameter
Multiple directory traversal vulnerabilities in Web Wiz Forums 9.07 and earlier allow remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter to (1) RTE_file_browser.asp or (2) file_browser.asp.
by BugReport.IR
EIP-2026-100614 EXPLOITDB text VERIFIED
Web Wiz (Multiple Products) - Remote Information Disclosure
by AmnPardaz
CVE-2008-0397 EXPLOITDB text VERIFIED
aflog 1.01 - SQL Injection via Comments ID Parameter
Multiple SQL injection vulnerabilities in aflog 1.01, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to comments.php and (2) an unspecified parameter to view.php.
by shinmai
CVE-2008-0451 EXPLOITDB text VERIFIED
PacerCMS 0.6 - Authenticated SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in PacerCMS 0.6 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) siteadmin/article-edit.php; and unspecified parameters to (2) submitted-edit.php, (3) page-edit.php, (4) section-edit.php, (5) staff-edit.php, and (6) staff-access.php in siteadmin/.
by RawSecurity.org
CVE-2008-0453 EXPLOITDB text VERIFIED
Easysitenetwork Recipe - SQL Injection via categoryid Parameter
SQL injection vulnerability in list.php in Easysitenetwork Recipe allows remote attackers to execute arbitrary SQL commands via the categoryid parameter.
by S@BUN
CVE-2008-0439 EXPLOITDB text VERIFIED
DeluxeBB 1.1 - Cross-Site Scripting via lang_listofmatches Parameter
Cross-site scripting (XSS) vulnerability in templates/default/admincp/attachments_header.php in DeluxeBB 1.1 allows remote attackers to inject arbitrary web script or HTML via the lang_listofmatches parameter.
by NBBN
CVE-2008-0398 EXPLOITDB text VERIFIED
aflog < 1.01 - Cross-Site Scripting via Comment Form
Cross-site scripting (XSS) vulnerability in aflog 1.01, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment form.
by shinmai
CVE-2008-0438 EXPLOITDB text VERIFIED
Novemberborn sIFR 2.0.2 - Cross-Site Scripting via txt Parameter
Cross-site scripting (XSS) vulnerability in the font rendering functionality in Novemberborn sIFR 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the txt parameter to a Flash (SWF) file, as demonstrated by fonts/FuturaLt.swf.
by Jan Fry
CVE-2008-0429 EXPLOITDB text VERIFIED
AlstraSoft Forum Pay Per Post Exchange 2.0 - SQL Injection via catid Parameter
SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a forum_catview action.
by t0pP8uZz
EIP-2026-118886 EXPLOITDB text VERIFIED
Microsoft Windows RSH daemon 1.8 - Remote Buffer Overflow
by prdelka
CVE-2008-0394 EXPLOITDB text VERIFIED
Citadel SMTP < 7.10 - Remote Code Execution via Long RCPT TO Command
Buffer overflow in Citadel SMTP server 7.10 and earlier allows remote attackers to execute arbitrary code via a long RCPT TO command, which is not properly handled by the makeuserkey function. NOTE: some of these details were obtained from third party information.
by prdelka
EIP-2026-112219 EXPLOITDB text VERIFIED
Small Axe Weblog 0.3.1 - 'ffile' Remote File Inclusion
by anonymous
CVE-2008-0400 EXPLOITDB text VERIFIED
Singapore modern template - Cross-Site Scripting via Gallery Parameter
Cross-site scripting (XSS) vulnerability in header.tpl.php in the modern template for Singapore 0.10.1 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter to default.php.
by trew
CVE-2008-0435 EXPLOITDB text VERIFIED
ozjournals 2.1.1 - Path Traversal via Print Preview ID Parameter
Directory traversal vulnerability in index.php in OZJournals 2.1.1 allows remote attackers to read portions of arbitrary files via a .. (dot dot) in the id parameter in a printpreview action.
by shinmai
CVE-2008-0424 EXPLOITDB text VERIFIED
Mooseguy Blog System 1.0 - SQL Injection via blog.php month Parameter
SQL injection vulnerability in blog.php in Mooseguy Blog System (MGBS) 1.0 allows remote attackers to execute arbitrary SQL commands via the month parameter.
by The_HuliGun
CVE-2008-0423 EXPLOITDB text VERIFIED
Lama Software - Remote Code Execution via MY_CONF[classRoot] Parameter
Multiple PHP remote file inclusion vulnerabilities in Lama Software allow remote attackers to execute arbitrary PHP code via a URL in the MY_CONF[classRoot] parameter to (1) inc.steps.access_error.php, (2) inc.steps.check_login.php, or (3) inc.steps.init_system.php in admin/functions/.
by QTRinux
CVE-2008-0431 EXPLOITDB text VERIFIED
idmos_cms 1.0 - Unauthenticated Path Traversal via administrator/download.php fileName Parameter
Directory traversal vulnerability in administrator/download.php in IDMOS (aka Phoenix) 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter.
by MhZ91
CVE-2008-0422 EXPLOITDB text VERIFIED
boastmachine < 3.1 - SQL Injection via mail.php id Parameter
SQL injection vulnerability in mail.php in boastMachine (aka bMachine) 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Virangar Security
CVE-2008-0440 EXPLOITDB text VERIFIED
AlstraSoft Forum Pay Per Post Exchange 2.0 - Cleartext Password Storage
AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in cleartext, which makes it easier for attackers to access user accounts.
by t0pP8uZz