Zero X

14 exploits Active since Feb 2000
CVE-2004-2309 EXPLOITDB text WORKING POC
Crob FTP Server 3.5.1 - Path Traversal
Directory traversal vulnerability in Crob FTP Server 3.5.1 allows local users to browse outside the FTP root via multiple ../ (dot dot slash) in the DIR command.
CVE-2003-1207 EXPLOITDB text WORKING POC
Crob FTP Server - Denial of Service
Crob FTP Server 3.5.1 allows remote authenticated users to cause a denial of service (crash) via a dir command with a large number of "." characters followed by a "/*" string.
CVE-2004-0070 EXPLOITDB text WORKING POC
PHP - RCE
PHP remote file inclusion vulnerability in module.php for ezContents allows remote attackers to execute arbitrary PHP code by modifying the link parameter to reference a URL on a remote web server that contains the code.
EIP-2026-112445 EXPLOITDB text WORKING POC
STRATO NewsLetter Manager - Directory Traversal
CVE-2003-1131 EXPLOITDB text WRITEUP
PHP - RCE
PHP remote file inclusion vulnerability in index.php in KnowledgeBuilder, referred to as KnowledgeBase, allows remote attackers to execute arbitrary PHP code by modifying the page parameter to reference a URL on a remote web server that contains the code.
CVE-2004-0237 EXPLOITDB text WRITEUP
Aprox PHP Portal - Path Traversal
Directory traversal vulnerability in index.php in Aprox PHP Portal allows remote attackers to read arbitrary files via a full pathname in the show parameter.
CVE-2000-1092 EXPLOITDB text WRITEUP
EZshopper <3.0,2.0 - Path Traversal
loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote attackers to list and read files in the EZshopper data directory by inserting a "/" in front of the target filename in the "file" parameter.
CVE-2007-6176 EXPLOITDB text WORKING POC
K+B-Bestellsystem - Command Injection
kb_whois.cgi in K+B-Bestellsystem (aka KB-Bestellsystem) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) domain or (2) tld parameter in a check_owner action.
CVE-2008-6555 EXPLOITDB text WORKING POC
Puppetmaster Webutil - Improper Input Validation
cgi-bin/webutil.pl in The Puppet Master WebUtil allows remote attackers to execute arbitrary commands via shell metacharacters in the dig command.
EIP-2026-100895 EXPLOITDB html WORKING POC
Sitebuilder 1.4 - 'sitebuilder.cgi' Directory Traversal
CVE-2000-0187 EXPLOITDB text WORKING POC
EZShopper 3.0 - Path Traversal
EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack or execute commands via shell metacharacters.
CVE-2002-1559 EXPLOITDB text WRITEUP
ion-p < - Path Traversal
Directory traversal vulnerability in ion-p.exe (aka ion-p) allows remote attackers to read arbitrary files via (1) C: (drive letter) or (2) .. (dot-dot) sequences in the page parameter.
CVE-2008-1541 EXPLOITDB text WORKING POC
HIS Webshop 2.50 - Path Traversal
Directory traversal vulnerability in cgi-bin/his-webshop.pl in HIS Webshop 2.50 allows remote attackers to read arbitrary files via a .. (dot dot) in the t parameter.
CVE-2003-1166 EXPLOITDB text WRITEUP
HTTP Commander - Path Traversal
Directory traversal vulnerability in (1) Openfile.aspx and (2) Html.aspx in HTTP Commander 4.0 allows remote attackers to view arbitrary files via a .. (dot dot) in the file parameter.