ShockShadow

7 exploits Active since Sep 2007
CVE-2007-5103 EXPLOITDB text WORKING POC
Wordsmith 1.0 RC1 - Path Traversal via _path Parameter
Directory traversal vulnerability in config.inc.php in Wordsmith 1.0 RC1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _path parameter.
CVE-2007-5102 EXPLOITDB text WORKING POC
Wordsmith 1.0 RC1 - Remote Code Execution via _path Parameter
PHP remote file inclusion vulnerability in config.inc.php in Wordsmith 1.0 RC1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the _path parameter.
CVE-2007-6555 EXPLOITDB text WORKING POC
mosDirectory 2.3.2 - Remote Code Execution via GLOBALS[mosConfig_absolute_path] Parameter
PHP remote file inclusion vulnerability in modules/mod_pxt_latest.php in the mosDirectory (com_directory) 2.3.2 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter.
CVE-2007-5065 EXPLOITDB text WORKING POC
Joomla Flash Slide Show Component - Remote Code Execution via mosConfig_live_site Parameter
PHP remote file inclusion vulnerability in admin.slideshow1.php in the Flash Slide Show (com_slideshow) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
CVE-2008-6217 EXPLOITDB text WORKING POC
Extrakt Framework 0.7 - Cross-Site Scripting via plugins[file][id] Parameter
Cross-site scripting (XSS) vulnerability in index.php in Extrakt Framework 0.7 allows remote attackers to inject arbitrary web script or HTML via the plugins[file][id] parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6173 EXPLOITDB text WORKING POC
ClipShare Pro 4.0 - Cross-Site Scripting via Fullscreen Title Parameter
Cross-site scripting (XSS) vulnerability in fullscreen.php in ClipShare Pro 4.0 allows remote attackers to inject arbitrary web script or HTML via the title parameter.
CVE-2008-4761 EXPLOITDB text WORKING POC
Kayako eSupport 3.20.2 - Cross-Site Scripting via jsMakeSrc Parameter
Cross-site scripting (XSS) vulnerability in includes/htmlArea/plugins/HtmlTidy/html-tidy-logic.php in Kayako eSupport 3.20.2 allows remote attackers to inject arbitrary web script or HTML via the jsMakeSrc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue is probably in the HTMLArea HTMLTidy (HTML Tidy) plugin, not eSupport.