Exploitdb Exploits
2,809 exploits tracked across all sources.
maluinfo 206.2.38 - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in includes/bb_usage_stats.php in maluinfo 206.2.38 for Brazilian PHPBB allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. NOTE: this might be the same issues as CVE-2006-4893.
by Nima Salehi
Microsoft PowerPoint 2003 - Denial of Service via Crafted PPT File
PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous.
by Nanika
Redaction System 1.0000 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in Redaction System 1.0000 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang_prefix parameter to (a) conn.php, (b) sesscheck.php, (c) wap/conn.php, or (d) wap/sesscheck.php, or the (2) lang parameter to (e) index.php.
by r0ut3r
phpBB Insert User < 0.1.2 - Remote Code Execution via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBB Insert User 0.1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
by Nima Salehi
Leicestershire communityPortals < 1.build_20051018 - Remote Code Execution via cp_root_path Parameter
PHP remote file inclusion vulnerability in includes/import-archive.php in Leicestershire communityPortals 1.0 build 20051018 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cp_root_path parameter.
by Nima Salehi
Shen Cheng-Da PHP News Reader <2.6.4 - RCE
PHP remote file inclusion vulnerability in auth/phpbb.inc.php in Shen Cheng-Da PHP News Reader (aka pnews) 2.6.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CFG[auth_phpbb_path] parameter.
by Nima Salehi
Leicestershire communityPortals 1.0 - RCE
PHP remote file inclusion vulnerability in cpadmin/cpa_index.php in Leicestershire communityPortals 1.0_2005-10-18_12-31-18 allows remote attackers to execute arbitrary PHP code via a URL in the cp_root_path parameter, a different vector than CVE-2006-5280.
by Nima Salehi
Leicestershire communityPortals < 1.0 - Remote Code Execution via cp_root_path Parameter
PHP remote file inclusion vulnerability in bug.php in Leicestershire communityPortals 1.0 build 20051018 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cp_root_path parameter, a different vector than CVE-2006-5280. NOTE: CVE disputes this issue, since bug.php is not in communityPortals source distributions
by Nima Salehi
phpmyagenda < 3.1_beta_1 - Directory Traversal and Arbitrary File Execution via Language Parameter
Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
by Nima Salehi
Docmint <2.0 - Remote Code Execution
PHP remote file inclusion vulnerability in engine/require.php in Docmint 2.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the MY_ENV[BASE_ENGINE_LOC] parameter.
by K-159
Zabbix - Format String Vulnerability via Log Functions
Multiple format string vulnerabilities in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in information that would be recorded in the system log using (1) zabbix_log or (2) zabbix_syslog.
by Max Vozeler
PHP Poll Creator 1.04 - Remote File Inclusion via relativer_pfad Parameter
PHP remote file inclusion vulnerability in lib/functions.inc.php in PHP Poll Creator (phpPC) 1.04 allows remote attackers to execute arbitrary PHP code via a URL in the relativer_pfad parameter, a different vector and version than CVE-2005-1755. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ThE-WoLf-KsA
PHP Polling Creator 1.03 - 'functions.inc.php' Remote File Inclusion
by ThE-WoLf-KsA
Ciamos CMS < 0.9.6b - Remote File Inclusion via module_cache_path Parameter
PHP remote file inclusion vulnerability in modules/forum/include/config.php in Ciamos Content Management System (CMS) 0.9.6b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_cache_path parameter.
by Kacper
Cahier de texte 2.0 - SQL Injection via matiere_ID or classe_ID Parameter
Multiple SQL injection vulnerabilities in Cahier de texte 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) matiere_ID parameter in lire.php or the (2) classe_ID parameter in lire_a_faire.php.
by s4mi
eXtremail <= 1.1.9 - Format String Vulnerability via SMTP and POP3 Commands
Format string vulnerability in flog function of eXtremail 1.1.9 and earlier allows remote attackers to gain root privileges via format specifiers in the SMTP commands (1) HELO, (2) EHLO, (3) MAIL FROM, or (4) RCPT TO, and the POP3 commands (5) USER and (6) other commands that can be executed after POP3 authentication.
by mu-b
Sergey Lyubka Simple HTTPD <1.34 - RCE
Stack-based buffer overflow in Sergey Lyubka Simple HTTPD (shttpd) 1.34 allows remote attackers to execute arbitrary code via a long URI.
by SkOd
JAF CMS 4.0 RC1 - Remote File Inclusion via Forum Website Parameter
PHP remote file inclusion vulnerability in forum/forum.php JAF CMS 4.0 RC1 allows remote attackers to execute arbitrary PHP code via a URL in the website parameter.
by Kacper
Dan Jensen Travelsized CMS <0.4 - RCE
PHP remote file inclusion vulnerability in frontpage.php in Dan Jensen Travelsized CMS 0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the setup_folder parameter.
by Kacper
Klinza Professional CMS <5.0.1 - RCE
PHP remote file inclusion vulnerability in funzioni/lib/show_hlp.php in klinza professional cms 5.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appl[APPL] parameter.
by Kacper
jaf_cms 4.0 RC2 - Remote Code Execution via URL Parameter Injection
Multiple PHP remote file inclusion vulnerabilities in just another flat file (JAF) CMS 4.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) website parameter to (a) forum.php, (b) headlines.php, and (c) main.php in forum/, and (2) main_dir parameter to forum/forum.php. NOTE: other main_dir vectors are already covered by CVE-2006-7127.
by Kacper
Motorola SURFboard SB4200 - Denial of Service via SecretProc Secret Parameter
The HTTP interface in the Motorola SURFboard SB4200 Cable Modem allows remote attackers to cause a denial of service (device crash) via a request with MfcISAPICommand set to SecretProc and a long string in the Secret parameter.
by Dave Gil
cPanel <10.9.0 - Privilege Escalation
Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin.
by Clint Torrez
CVSS 8.8
Mac OS X 10.4-10.4.7 - Local Privilege Escalation via Mach Exception Port Manipulation
The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child's thread context and task address space in a way that causes the child to call a parent-controlled function.
by Kevin Finisterre
Microsoft IE - Code Injection
Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy.
by YAG KOHHA
CVSS 8.8
By Source