Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2007-5999 EXPLOITDB text VERIFIED
Softbiz Auctions Script - SQL Injection
SQL injection vulnerability in product_desc.php in Softbiz Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Khashayar Fereidani
CVE-2007-5998 EXPLOITDB text VERIFIED
Softbiz Ad Management plus Script 1 - SQL Injection
SQL injection vulnerability in ads.php in Softbiz Ad Management plus Script 1 allows remote authenticated users to execute arbitrary SQL commands via the package parameter.
by Khashayar Fereidani
CVE-2008-1564 EXPLOITDB text VERIFIED
Dan Costin File Transfer <1.2f - Path Traversal
Directory traversal vulnerability in Dan Costin File Transfer before 1.2f allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) in the filename.
by teeed
CVE-2007-6321 EXPLOITDB text VERIFIED
RoundCube webmail <2007-12-09 - XSS
Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands.
by Tomas Kuliavas
CVE-2007-6376 EXPLOITDB text VERIFIED
Francisco Burzi PHP-Nuke 8.0 - Path Traversal via autohtml.php filename Parameter
Directory traversal vulnerability in autohtml.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the filename parameter, a different vector than CVE-2006-4190. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by d3v1l
EIP-2026-107036 EXPLOITDB text VERIFIED
Falcon Series One 1.4.3 stable - Multiple Input Validation Vulnerabilities
by MhZ91
CVE-2007-6374 EXPLOITDB text VERIFIED
bitweaver < 2.0.0 - Cross-Site Scripting via PATH_INFO to users/register.php or search/index.php
Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) users/register.php or (2) search/index.php, or an editcomments action in (3) wiki/index.php or (4) forums/index.php. NOTE: the error parameter to users/login.php is covered by CVE-2006-3103.
by Doz
CVE-2007-6374 EXPLOITDB text VERIFIED
bitweaver < 2.0.0 - Cross-Site Scripting via PATH_INFO to users/register.php or search/index.php
Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) users/register.php or (2) search/index.php, or an editcomments action in (3) wiki/index.php or (4) forums/index.php. NOTE: the error parameter to users/login.php is covered by CVE-2006-3103.
by Doz
CVE-2007-6375 EXPLOITDB text VERIFIED
bitweaver <= 2.0.0 - SQL Injection via sort_mode or highlight Parameter
Multiple SQL injection vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to wiki/list_pages.php and the (2) highlight parameter to search/index.php. NOTE: the researcher also reported injection via JavaScript code in the Search box, but this is probably a forced SQL error or other separate primary issue.
by Doz
CVE-2007-6003 EXPLOITDB text VERIFIED
Thomson SpeedTouch 716 - Firmware 5.4.0.14 - XSS
Cross-site scripting (XSS) vulnerability in cgi/b/ic/connect in the Thomson SpeedTouch 716 with firmware 5.4.0.14 allows remote attackers to inject arbitrary web script or HTML via the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Remco Verhoef
CVE-2007-6704 EXPLOITDB text VERIFIED
F5 FirePass 4100 SSL VPN <6.0.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3.
by Adrian Pastor
CVE-2007-5978 EXPLOITDB text VERIFIED
XOOPS mylinks_module - SQL Injection via brokenlink.php lid Parameter
SQL injection vulnerability in brokenlink.php in the mylinks module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter.
CVE-2007-5973 EXPLOITDB text VERIFIED
JPortal Web Portal < 2.3.1 - SQL Injection via Topic Parameter
SQL injection vulnerability in articles.php in JPortal 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter.
by Alexsize
EIP-2026-103590 EXPLOITDB text VERIFIED
MySQL 5.0.45 - 'Alter' Denial of Service
by Kristian Hermansen
EIP-2026-100515 EXPLOITDB text VERIFIED
Rapid Classified - 'AgencyCatResult.asp' SQL Injection
by The-0utl4w
CVE-2007-5923 EXPLOITDB text VERIFIED
CA eTrust SiteMinder Agent - Cross-Site Scripting via SMAUTHREASON Parameter
Cross-site scripting (XSS) vulnerability in forms/smpwservices.fcc in CA (formerly Computer Associates) eTrust SiteMinder Agent allows remote attackers to inject arbitrary web script or HTML via the SMAUTHREASON parameter, a different vector than CVE-2005-2204.
by Giuseppe Gottardi
CVE-2007-5912 EXPLOITDB text VERIFIED
jPORTAL 2 - SQL Injection via Mailer to Parameter
SQL injection vulnerability in mailer.php in jPORTAL 2 allows remote attackers to execute arbitrary SQL commands via the to parameter.
by Kacper
CVE-2007-5974 EXPLOITDB text VERIFIED
JPortal 2 - SQL Injection via Mailer to Parameter
SQL injection vulnerability in mailer.php in JPortal 2 allows remote attackers to execute arbitrary SQL commands via the to parameter.
by Kacper
CVE-2007-5954 EXPLOITDB MEDIUM text VERIFIED
JLMForo System - Cross-Site Scripting via buscador.php clave Parameter
Cross-site scripting (XSS) vulnerability in buscador.php in JLMForo System allows remote attackers to inject arbitrary web script or HTML via the clave parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Jose Luis Gongora Fernandez
CVSS 6.1
CVE-2007-5567 EXPLOITDB text VERIFIED
Galmeta Post 0.11 - Remote Code Execution via DDS Parameter
PHP remote file inclusion vulnerability in _lib/fckeditor/upload_config.php in Galmeta Post 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the DDS parameter.
by arfis project
CVE-2007-5890 EXPLOITDB text VERIFIED
easyGB 2.1.1 - Directory Traversal via DatabaseType Parameter
Directory traversal vulnerability in index.php in easyGB 2.1.1 allows remote attackers to include arbitrary files via the DatabaseType parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by h4ck3r
CVE-2007-5951 EXPLOITDB text VERIFIED
E-Vendejo 0.2 - SQL Injection via articles.php id Parameter
SQL injection vulnerability in articles.php in E-Vendejo 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by r00t
CVE-2007-5926 EXPLOITDB text VERIFIED
OpenBase <10.0.5 - Command Injection
OpenBase 10.0.5 and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to the (1) AsciiBackup, (2) OEMLicenseInstall, and possibly other stored procedures.
by Kevin Finisterre
CVE-2007-5925 EXPLOITDB text VERIFIED
MySQL < 5.1.23_bk - Authenticated Denial of Service via CONTAINS Operation on Indexed Column
The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.
by Joe Gallo
CVE-2007-5776 EXPLOITDB text VERIFIED
i-Gallery 3.4 - Path Traversal via Encoded Backslash Sequences in d Parameter
Directory traversal vulnerability in igallery.asp in Blue-Collar Productions i-Gallery 3.4 allows remote attackers to read arbitrary files via encoded backslash sequences in the d parameter, as demonstrated by a "%5c../../%5c" sequence.
by hackerbinhphuoc