ShockShadow

7 exploits Active since Sep 2007
CVE-2007-5103 EXPLOITDB text WORKING POC
Wordsmith - Path Traversal
Directory traversal vulnerability in config.inc.php in Wordsmith 1.0 RC1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _path parameter.
CVE-2007-5102 EXPLOITDB text WORKING POC
Wordsmith - Code Injection
PHP remote file inclusion vulnerability in config.inc.php in Wordsmith 1.0 RC1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the _path parameter.
CVE-2007-6555 EXPLOITDB text WORKING POC
Joomla! com_directory 2.3.2 - RCE
PHP remote file inclusion vulnerability in modules/mod_pxt_latest.php in the mosDirectory (com_directory) 2.3.2 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter.
CVE-2007-5065 EXPLOITDB text WORKING POC
Joomla - Code Injection
PHP remote file inclusion vulnerability in admin.slideshow1.php in the Flash Slide Show (com_slideshow) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
CVE-2008-6217 EXPLOITDB text WORKING POC
Extrakt Framework - XSS
Cross-site scripting (XSS) vulnerability in index.php in Extrakt Framework 0.7 allows remote attackers to inject arbitrary web script or HTML via the plugins[file][id] parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6173 EXPLOITDB text WORKING POC
Clip-share Clipshare - XSS
Cross-site scripting (XSS) vulnerability in fullscreen.php in ClipShare Pro 4.0 allows remote attackers to inject arbitrary web script or HTML via the title parameter.
CVE-2008-4761 EXPLOITDB text WORKING POC
Kayako Esupport - XSS
Cross-site scripting (XSS) vulnerability in includes/htmlArea/plugins/HtmlTidy/html-tidy-logic.php in Kayako eSupport 3.20.2 allows remote attackers to inject arbitrary web script or HTML via the jsMakeSrc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue is probably in the HTMLArea HTMLTidy (HTML Tidy) plugin, not eSupport.