GulfTech Security

165 exploits Active since Mar 2004
CVE-2018-25120 EXPLOITDB CRITICAL text WRITEUP
D-Link DNS-343 ShareCenter <1.05 - Command Injection
D-Link DNS-343 ShareCenter devices running firmware versions up to and including 1.05 contain a command injection vulnerability in the Mail Test functionality. The web maintenance script posts to the internal goForm endpoint '/goform/Mail_Test' and uses several form parameters directly in a call to a system email utility without proper input validation. An unauthenticated remote attacker can supply crafted form data that injects shell commands, resulting in execution as root on the device. NOTE: The DNS-343 product line has been declared end-of-life.
CVSS 9.8
CVE-2008-7090 EXPLOITDB text WRITEUP
Pligg CMS < 9.9 - Path Traversal via Trackback URL or Template Parameter
Multiple directory traversal vulnerabilities in Pligg 9.9 and earlier allow remote attackers to (1) determine the existence of arbitrary files via a .. (dot dot) in the $tb_url variable in trackback.php, or (2) include arbitrary files via a .. (dot dot) in the template parameter to settemplate.php.
CVE-2008-7089 EXPLOITDB text WRITEUP
Pligg CMS < 9.9.0 - Cross-Site Scripting via Search Keyword Parameter
Cross-site scripting (XSS) vulnerability in Pligg 9.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action to user.php and other unspecified vectors.
CVE-2008-3763 EXPLOITDB text WRITEUP
Turnkey PHP Live Helper <2.0.1 - Code Injection
Variable overwrite vulnerability in libsecure.php in Turnkey PHP Live Helper 2.0.1 and earlier, when register_globals is enabled, allows remote attackers to overwrite arbitrary variables related to the db config file. NOTE: this can be leveraged for code injection by overwriting the language file.
CVE-2008-3762 EXPLOITDB text WRITEUP
Turnkey PHP Live Helper <2.0.1 - SQL Injection
SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the dep parameter, related to lack of input sanitization in the get function in global.php.
CVE-2008-5919 EXPLOITDB text WRITEUP
WebSVN < 2.0 - Path Traversal and Arbitrary File Write via RSS Rev Parameter
Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in the rev parameter.
CVE-2008-5918 EXPLOITDB text WRITEUP
WebSVN <= 2.0 - Cross-Site Scripting via PATH_INFO
Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2004-1645 EXPLOITDB text WRITEUP
Xedus 1.0 - Cross-Site Scripting via Username or Param Parameter
Cross-site scripting (XSS) vulnerability in Xedus 1.0 allows remote attackers to execute arbitrary web script or HTML via the (1) username parameter to test.x, (2) username parameter to TestServer.x, or (3) param parameter to testgetrequest.x.
CVE-2004-1645 EXPLOITDB text WRITEUP
Xedus 1.0 - Cross-Site Scripting via Username or Param Parameter
Cross-site scripting (XSS) vulnerability in Xedus 1.0 allows remote attackers to execute arbitrary web script or HTML via the (1) username parameter to test.x, (2) username parameter to TestServer.x, or (3) param parameter to testgetrequest.x.
CVE-2004-1646 EXPLOITDB text WRITEUP
Xedus 1.0 - Directory Traversal via URL
Directory traversal vulnerability in Xedus 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
EIP-2026-118031 EXPLOITDB text WRITEUP
Trillian Pro < 2.01 - Design Error
CVE-2004-1417 EXPLOITDB text WRITEUP
Psychostats < 2.2.4 - Cross-Site Scripting via Login Parameter
Cross-site scripting (XSS) vulnerability in login.php in PsychoStats 2.2.4 Beta and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter.
CVE-2004-1569 EXPLOITDB text WRITEUP
dBpowerAMP Audio Player and Music Converter - Buffer Overflow via Long Filename in Playlist
Buffer overflow in (1) MusicConverter.exe, (2) playlist.exe, and (3) amp.exe in dBpowerAMP Audio Player 2.0 and dbPowerAmp Music Converter 10.0 allows remote attackers to cause a denial of service or execute arbitrary code via a .pls or .m3u playlist that contains long File1 (filename) fields.
CVE-2005-1806 EXPLOITDB text WRITEUP
PeerCast < 0.1211 - Remote Code Execution via Format String in URL
Format string vulnerability in PeerCast 0.1211 and earlier allows remote attackers to execute arbitrary code via format strings in the URL.
CVE-2004-1727 EXPLOITDB perl WORKING POC
BadBlue 2.5 - Denial of Service via Excessive Connections
BadBlue 2.5 allows remote attackers to cause a denial of service (refuse HTTP connections) via a large number of connections from the same IP address.
CVE-2004-1744 EXPLOITDB perl WORKING POC
efs_web_server 1.25 - Denial of Service via Large HTTP Requests
Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to cause a denial of service (CPU consumption or crash) via many large HTTP requests.
CVE-2004-1696 EXPLOITDB perl WORKING POC
EmuLive Server4 Commerce Edition Build 7560 - Denial of Service via Carriage Return Sequence to TCP Port 66
EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to cause a denial of service (application crash) via a sequence of carriage returns sent to TCP port 66.
CVE-2006-4215 EXPLOITDB text WORKING POC
Zen Cart < 1.3.0.2 - Remote Code Execution via autoLoadConfig Parameter
PHP remote file inclusion vulnerability in index.php in Zen Cart 1.3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the autoLoadConfig[999][0][loadFile] parameter.
CVE-2006-4904 EXPLOITDB text WRITEUP
Qualiteam X-Cart < 4.1.3 - Remote Code Execution via cmpi.php Dynamic Variable Evaluation
Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam X-Cart 4.1.3 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code, as demonstrated by PHP remote file inclusion via the xcart_dir parameter.
CVE-2005-2414 EXPLOITDB text WRITEUP
xpcom - Denial of Service via Nested DIV Tags
Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via a large HTML file that loads a DOM call from within nested DIV tags, which causes part of the currently rendering page and referenced objects to be deleted.
CVE-2005-2112 EXPLOITDB text WRITEUP
XOOPS <= 2.0.11 - Cross-Site Scripting via Order or CID Parameter
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter to edit.php or (2) cid parameter to comment_edit.php.
EIP-2026-114511 EXPLOITDB text WORKING POC
Yappa-ng 1.x/2.x - Cross-Site Scripting
EIP-2026-114512 EXPLOITDB text WORKING POC
Yappa-ng 1.x/2.x - Remote File Inclusion
CVE-2005-3544 EXPLOITDB text WRITEUP
XMB 1.9.3 - Cross-Site Scripting via u2u.php Username Parameter
Cross-site scripting (XSS) vulnerability in u2u.php in XMB 1.9.3 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
CVE-2005-2108 EXPLOITDB perl WORKING POC
WordPress <= 1.5.1.2 - SQL Injection via HTTP_RAW_POST_DATA
SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file.