Zero X

14 exploits Active since Feb 2000
CVE-2004-2309 EXPLOITDB text WORKING POC
Crob FTP Server 3.5.1 - Path Traversal
Directory traversal vulnerability in Crob FTP Server 3.5.1 allows local users to browse outside the FTP root via multiple ../ (dot dot slash) in the DIR command.
CVE-2003-1207 EXPLOITDB text WORKING POC
Crob FTP Server 3.5.1 - Authenticated Denial of Service via Dir Command
Crob FTP Server 3.5.1 allows remote authenticated users to cause a denial of service (crash) via a dir command with a large number of "." characters followed by a "/*" string.
CVE-2004-0070 EXPLOITDB text WORKING POC
ezContents module.php - Remote File Inclusion Code Execution
PHP remote file inclusion vulnerability in module.php for ezContents allows remote attackers to execute arbitrary PHP code by modifying the link parameter to reference a URL on a remote web server that contains the code.
EIP-2026-112445 EXPLOITDB text WORKING POC
STRATO NewsLetter Manager - Directory Traversal
CVE-2003-1131 EXPLOITDB text WRITEUP
KnowledgeBuilder index.php - Remote File Inclusion Code Execution
PHP remote file inclusion vulnerability in index.php in KnowledgeBuilder, referred to as KnowledgeBase, allows remote attackers to execute arbitrary PHP code by modifying the page parameter to reference a URL on a remote web server that contains the code.
CVE-2004-0237 EXPLOITDB text WRITEUP
Aprox PHP Portal - Unauthenticated Directory Traversal via Show Parameter
Directory traversal vulnerability in index.php in Aprox PHP Portal allows remote attackers to read arbitrary files via a full pathname in the show parameter.
CVE-2000-1092 EXPLOITDB text WRITEUP
EZshopper <3.0,2.0 - Path Traversal
loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote attackers to list and read files in the EZshopper data directory by inserting a "/" in front of the target filename in the "file" parameter.
CVE-2007-6176 EXPLOITDB text WORKING POC
K+B-Bestellsystem - Command Injection
kb_whois.cgi in K+B-Bestellsystem (aka KB-Bestellsystem) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) domain or (2) tld parameter in a check_owner action.
CVE-2008-6555 EXPLOITDB text WORKING POC
Puppet Master WebUtil - Remote Command Execution via Dig Command Shell Metacharacters
cgi-bin/webutil.pl in The Puppet Master WebUtil allows remote attackers to execute arbitrary commands via shell metacharacters in the dig command.
EIP-2026-100895 EXPLOITDB html WORKING POC
Sitebuilder 1.4 - 'sitebuilder.cgi' Directory Traversal
CVE-2000-0187 EXPLOITDB text WORKING POC
EZShopper 3.0 - Arbitrary File Read and Command Execution via loadpage.cgi
EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack or execute commands via shell metacharacters.
CVE-2002-1559 EXPLOITDB text WRITEUP
ion_script - Directory Traversal via Page Parameter
Directory traversal vulnerability in ion-p.exe (aka ion-p) allows remote attackers to read arbitrary files via (1) C: (drive letter) or (2) .. (dot-dot) sequences in the page parameter.
CVE-2008-1541 EXPLOITDB text WORKING POC
HIS Webshop 2.50 - Path Traversal via t Parameter
Directory traversal vulnerability in cgi-bin/his-webshop.pl in HIS Webshop 2.50 allows remote attackers to read arbitrary files via a .. (dot dot) in the t parameter.
CVE-2003-1166 EXPLOITDB text WRITEUP
HTTP Commander 4.0 - Directory Traversal via File Parameter
Directory traversal vulnerability in (1) Openfile.aspx and (2) Html.aspx in HTTP Commander 4.0 allows remote attackers to view arbitrary files via a .. (dot dot) in the file parameter.