DSecRG

73 exploits Active since Dec 2007
CVE-2009-1315 EXPLOITDB text WRITEUP
AbleSpace 1.0 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in AbleSpace 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) gid parameter to groups_profile.php, (2) cat_id and (3) razd_id parameters to adv_cat.php, and the (4) URL to blogs_full.php.
CVE-2008-7054 EXPLOITDB text WRITEUP
ezContents 2.0.3 - Path Traversal via Multiple Parameters
Multiple directory traversal vulnerabilities in ezContents 2.0.3 allow remote attackers to include and execute arbitrary local files via the (1) gsLanguage and (2) language_home parameters to modules/diary/showdiary.php; (3) admin_home, (4) gsLanguage, and (5) language_home parameters to modules/diary/showdiarydetail.php; (6) gsLanguage and (7) language_home parameters to modules/diary/submit_diary.php; (8) admin_home parameter to modules/news/news_summary.php; (9) nLink, (10) gsLanguage, and (11) language_home parameters to modules/news/inlinenews.php; and possibly other unspecified vectors in (12) diary/showeventlist.php, (13) gallery/showgallery.php, (14) reviews/showreviews.php, (15) gallery/showgallerydetails.php, (16) reviews/showreviewsdetails.php, (17) news/shownewsdetails.php, (18) gallery/submit_gallery.php, (19) guestbook/submit_guestbook.php, (20) reviews/submit_reviews.php, (21) news/submit_news.php, (22) diary/inlineeventlist.php, and (23) news/archivednews_summary.php in modules/, related to the lack of directory traversal protection in modules/moduleSec.php.
CVE-2008-1556 EXPLOITDB text WORKING POC
BolinOS 4.6.1 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in BolinOS 4.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) system/actionspages/_b/contentFiles/gBImageViewer.php, (2) ForEditor parameter to (b) system/actionspages/_b/contentFiles/gBselectorContents.php, (3) the PATH_INFO to (c) gBLoginPage.php and (d) gBPassword.php in system/actionspages/_b/contentFiles/, (4) formlogin parameter to system/actionspages/_b/contentFiles/gBLoginPage.php, and the (5) bolini_searchengine46Search parameter to (e) help/index.php.
CVE-2008-1555 EXPLOITDB text WORKING POC
BolinOS 4.6.1 - Remote File Inclusion via _bFileToInclude Parameter
Directory traversal vulnerability in system/_b/contentFiles/gbincluder.php in BolinOS 4.6.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _bFileToInclude parameter.
CVE-2008-0612 EXPLOITDB text WORKING POC
XOOPS 2.0.18 - Path Traversal via Lang Parameter
Directory traversal vulnerability in htdocs/install/index.php in XOOPS 2.0.18 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
CVE-2008-0359 EXPLOITDB text WRITEUP
BLOG:CMS 4.2.1b - Cross-Site Scripting via PATH_INFO to photo/admin.php or photo/index.php
Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin.php or (2) index.php in photo/.
CVE-2007-6547 EXPLOITDB text WRITEUP
RunCMS < 1.6 - Unauthenticated Password Change
RunCMS before 1.6.1 does not require entry of the old password during a password change, which allows context-dependent attackers to change passwords upon obtaining temporary access to a session.
CVE-2007-6546 EXPLOITDB text WRITEUP
RunCMS < 1.6 - Session Hijacking via Predictable Session ID
RunCMS before 1.6.1 uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id.
CVE-2007-6545 EXPLOITDB text WRITEUP
RunCMS < 1.6 - Cross-Site Scripting via News Subject Parameter
Multiple cross-site scripting (XSS) vulnerabilities in RunCMS before 1.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) the subject parameter to modules/news/submit.php; (2) the PATH_INFO to modules/news/index.php, possibly related to the XoopsPageNav class; or (3) an avatar image to edituser.php.
CVE-2007-6544 EXPLOITDB text WRITEUP
RunCMS - SQL Injection via lid Parameter
Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) modlink.php, or (6) brokenlink.php in modules/mylinks/.
CVE-2009-1212 EXPLOITDB text WORKING POC
PrecisionID Datamatrix - Buffer Overflow
Multiple insecure method vulnerabilities in PRECIS~2.DLL in the PrecisionID Datamatrix ActiveX control (DMATRIXLib.Datamatrix) allow remote attackers to overwrite arbitrary files via the (1) SaveBarCode and (2) SaveEnhWMF methods.
CVE-2008-7084 EXPLOITDB text WRITEUP
Velocity Security Management System - Path Traversal via URI
Directory traversal vulnerability in the web server 1.0 in Velocity Security Management System allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
CVE-2009-0465 EXPLOITDB text WORKING POC
Synactis ALL In-The-Box ActiveX 3 - File Write
The SaveDoc method in the All_In_The_Box.AllBox ActiveX control in ALL_IN_THE_BOX.OCX in Synactis ALL In-The-Box ActiveX 3 allows remote attackers to create and overwrite arbitrary files via an argument ending in a '\0' character, which bypasses the intended .box filename extension, as demonstrated by a C:\boot.ini\0 argument.
EIP-2026-118353 EXPLOITDB text WRITEUP
Chance-i DiViS DVR System Web-Server - Directory Traversal
CVE-2009-1873 EXPLOITDB text WRITEUP
Adobe JRun Application Server 4 Updater 7 - Authenticated Path Traversal via Logfile Parameter
Directory traversal vulnerability in logging/logviewer.jsp in the Management Console in Adobe JRun Application Server 4 Updater 7 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the logfile parameter.
EIP-2026-116217 EXPLOITDB text WORKING POC
SAP GUI 6.4 - ActiveX (Accept) Remote Buffer Overflow (PoC)
EIP-2026-115041 EXPLOITDB text WORKING POC
Chance-i DiViS-Web DVR System - ActiveX Control Heap Overflow (PoC)
CVE-2008-6884 EXPLOITDB text WORKING POC
XOOPS 2.3.1 - Path Traversal via xoopsConfig[language] Parameter
Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter to (1) blocks.php and (2) main.php in xoops_lib/modules/protector/.
CVE-2008-0613 EXPLOITDB text WORKING POC
XOOPS 2.0.18 - Open Redirect via xoops_redirect Parameter
Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the xoops_redirect parameter.
CVE-2008-0609 EXPLOITDB text WRITEUP
DivideConcept VHD Web Pack 2.0 - Remote File Inclusion via Page Parameter Path Traversal
Directory traversal vulnerability in index.php in DivideConcept VHD Web Pack 2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
CVE-2008-0231 EXPLOITDB text WORKING POC
Tuned Studios Classic Theme and others - Path Traversal via Page Parameter
Multiple directory traversal vulnerabilities in index.php in Tuned Studios (1) Subwoofer, (2) Freeze Theme, (3) Orange Cutout, (4) Lonely Maple, (5) Endless, (6) Classic Theme, and (7) Music Theme webpage templates allow remote attackers to include and execute arbitrary files via ".." sequences in the page parameter. NOTE: this can be leveraged for remote file inclusion when running in some PHP 5 environments.
CVE-2007-6548 EXPLOITDB text WRITEUP
RunCMS < 1.6 - Authenticated PHP Code Injection via Admin Parameters
Multiple direct static code injection vulnerabilities in RunCMS before 1.6.1 allow remote authenticated administrators to inject arbitrary PHP code via the (1) header and (2) footer parameters to modules/system/admin.php in a meta-generator action, (3) the disclaimer parameter to modules/system/admin.php in a disclaimer action, (4) the disclaimer parameter to modules/mydownloads/admin/index.php in a mydownloadsConfigAdmin action, (5) the disclaimer parameter to modules/newbb_plus/admin/forum_config.php, (6) the disclaimer parameter to modules/mylinks/admin/index.php in a myLinksConfigAdmin action, or (7) the intro parameter to modules/sections/admin/index.php in a secconfig action, which inject PHP sequences into (a) sections/cache/intro.php, (b) mylinks/cache/disclaimer.php, (c) mydownloads/cache/disclaimer.php, (d) newbb_plus/cache/disclaimer.php, (e) system/cache/disclaimer.php, (f) system/cache/footer.php, (g) system/cache/header.php, or (h) system/cache/maintenance.php in modules/.
CVE-2008-2496 EXPLOITDB text WORKING POC
Quate CMS 0.3.4 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in Quate CMS 0.3.4 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) login.php, and (3) credits.php in admin/, and (4) upgrade/index.php.
CVE-2008-1537 EXPLOITDB text WORKING POC
PowerScripts PowerBook 1.21 - Path Traversal
Directory traversal vulnerability in pb_inc/admincenter/index.php in PowerScripts PowerBook 1.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
CVE-2008-3365 EXPLOITDB text WORKING POC
Pixelpost 1.7.1 - Remote Code Execution via Language Parameter Path Traversal
Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on Windows, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language_full parameter.