Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2007-6648 EXPLOITDB text VERIFIED
SanyBee Gallery <0.1.2 - Path Traversal
Directory traversal vulnerability in index.php in SanyBee Gallery 0.1.0 and 0.1.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter.
by jackal
CVE-2007-6653 EXPLOITDB text VERIFIED
Mihalism Multi Host <2.0.7 - Path Traversal
Directory traversal vulnerability in download.php in Mihalism Multi Host 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
by GoLd_M
EIP-2026-109336 EXPLOITDB text VERIFIED
MatPo.de Kontakt Formular 1.4 - 'function.php' Remote File Inclusion
by bd0rk
CVE-2007-6649 EXPLOITDB text VERIFIED
matpo_bilder_galerie 1.1 - Remote Code Execution via config[root_ordner] Parameter
PHP remote file inclusion vulnerability in includes/tumbnail.php in MatPo Bilder Galerie 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter.
by Crackers_Child
CVE-2007-6655 EXPLOITDB text VERIFIED
Kontakt Formular 1.4 - Remote Code Execution via root_path Parameter
PHP remote file inclusion vulnerability in includes/function.php in Kontakt Formular 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.
by bd0rk
CVE-2007-6656 EXPLOITDB text VERIFIED
CMS Made Simple <1.2.2 - SQL Injection
SQL injection vulnerability in content_css.php in the TinyMCE module for CMS Made Simple 1.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter.
by EgiX
CVE-2007-6651 EXPLOITDB text VERIFIED
bitweaver - Path Traversal via wiki/edit.php suck_url Parameter
Directory traversal vulnerability in wiki/edit.php in Bitweaver R2 CMS allows remote attackers to obtain sensitive information (script source code) via a .. (dot dot) in the suck_url parameter.
by BugReport.IR
CVE-2007-6613 EXPLOITDB text VERIFIED
GNU Compact Disc Input and Control Library <0.79 - Buffer Overflow
Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info.c) in GNU Compact Disc Input and Control Library (libcdio) 0.79 and earlier allows context-dependent attackers to cause a denial of service (core dump) and possibly execute arbitrary code via a disk or image that contains a long joilet file name.
by Devon Miller
CVE-2007-6670 EXPLOITDB text VERIFIED
PHCDownload 1.1.0 - SQL Injection via Search String Parameter
SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to execute arbitrary SQL commands via the string parameter.
by Lostmon
CVE-2007-6669 EXPLOITDB text VERIFIED
PHCDownload 1.1.0 - Cross-Site Scripting via Search String Parameter
Cross-site scripting (XSS) vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the string parameter.
by Lostmon
CVE-2007-6657 EXPLOITDB text VERIFIED
Mihalism Multi Forum Host <3.0.x - RCE
PHP remote file inclusion vulnerability in source/includes/load_forum.php in Mihalism Multi Forum Host 3.0.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mfh_root_path parameter.
by GoLd_M
CVE-2007-6673 EXPLOITDB text VERIFIED
Makale Scripti - Cross-Site Scripting via Ara Parameter
Cross-site scripting (XSS) vulnerability in Makale Scripti allows remote attackers to inject arbitrary web script or HTML via the ara parameter to the default URI under Ara/ in a search action.
by GeFORC3
CVE-2007-6632 EXPLOITDB text VERIFIED
xml2owl 0.1.1 - Remote Code Execution via showCode.php Path Parameter
showCode.php in xml2owl 0.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter.
by MhZ91
CVE-2007-6604 EXPLOITDB text VERIFIED
XCMS <= 1.82 - Path Traversal via Admin Page s Parameter or Module pg Parameter
Multiple directory traversal vulnerabilities in index.php in XCMS 1.82 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the s parameter to the admin page or (2) the pg parameter to an arbitrary module, as demonstrated by reading a password hash in a .dtb file under dati/membri/ or by executing embedded PHP code in images under uploads/avatar/.
by nexen
CVE-2007-6608 EXPLOITDB text VERIFIED
OpenBiblio <= 0.5.2-pre4 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in OpenBiblio 0.5.2-pre4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) LAST and (2) FIRST parameters to admin/staff_del_confirm.php, (3) the name parameter to admin/theme_del_confirm.php, or (4) the themeName parameter to admin/theme_preview.php.
by Juan Galiana Lara
CVE-2007-6608 EXPLOITDB text VERIFIED
OpenBiblio <= 0.5.2-pre4 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in OpenBiblio 0.5.2-pre4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) LAST and (2) FIRST parameters to admin/staff_del_confirm.php, (3) the name parameter to admin/theme_del_confirm.php, or (4) the themeName parameter to admin/theme_preview.php.
by Juan Galiana Lara
CVE-2007-6602 EXPLOITDB text VERIFIED
noserub < 0.5.2 - SQL Injection via Login Username Field
SQL injection vulnerability in app/models/identity.php in NoseRub 0.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the username field to the login script.
by Felix Groebert
CVE-2007-6634 EXPLOITDB text VERIFIED
FAQMasterFlexPlus <1.5-1.52 - SQL Injection
Multiple SQL injection vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allow remote attackers to execute arbitrary SQL commands via the category_id parameter to faq.php, and unspecified other vectors involving additional scripts.
by Juan Galiana Lara
CVE-2007-6633 EXPLOITDB text VERIFIED
FAQMasterFlexPlus - Cross-Site Scripting via cat_name Parameter
Multiple cross-site scripting (XSS) vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allow remote attackers to inject arbitrary web script or HTML via (1) the cat_name parameter to faq.php; and unspecified parameters to the (2) add categories, (3) edit categories, (4) delete categories, (5) add faq, (6) edit faq, and (7) delete faq Admin scripts.
by Juan Galiana Lara
CVE-2007-6603 EXPLOITDB text VERIFIED
Hot or Not Clone - Unauthenticated Database Backup Disclosure via Direct Request
Hot or Not Clone has insufficient access control for producing and reading database backups, which allows remote attackers to obtain the administrator username and password via a direct request to control/backup/backup.php, which generates a backup/dump/backup.sql file that can be downloaded via a direct request to control/downloadfile.php.
by RoMaNcYxHaCkEr
CVE-2007-6609 EXPLOITDB text VERIFIED
CoolPlayer 217 - Stack-Based Buffer Overflow via OGG Vorbis Tag Parsing
Multiple stack-based buffer overflows in the CPLI_ReadTag_OGG function in CPI_PlaylistItem.c in CoolPlayer 217 and earlier allow user-assisted remote attackers to execute arbitrary code via a long (1) cTag or (2) cValue field in an OGG Vorbis file.
by Luigi Auriemma
CVE-2007-6620 EXPLOITDB text VERIFIED
Joovili 2.x - Path Traversal via Picture Parameter
Directory traversal vulnerability in include/images.inc.php in Joovili 2.x allows remote attackers to read arbitrary files via a .. (dot dot) in the picture parameter.
by EcHoLL
CVE-2007-6621 EXPLOITDB text VERIFIED
Joovili 3.0.0-3.0.6 - Path Traversal via Picture Parameter
Directory traversal vulnerability in joovili.images.php in Joovili 3.0.0 through 3.0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the picture parameter.
by EcHoLL
CVE-2007-6630 EXPLOITDB text VERIFIED
LScube Feng < 0.1.15 - Denial of Service via Malformed URI
The Url_init function in utils/url.c in Netembryo 0.0.4, when used by LScube Feng, allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a malformed URI containing a "/:" sequence, as demonstrated by a "DESCRIBE /: RTSP/1.0" request.
by Luigi Auriemma
CVE-2007-6631 EXPLOITDB text VERIFIED
LScube libnemesi < 0.6.4-rc1 - Remote Code Execution via Long RTSP Headers
Multiple buffer overflows in LScube libnemesi 0.6.4-rc1 and earlier allow remote attackers to execute arbitrary code via (1) a reply that begins with a long version string, which triggers an overflow in handle_rtsp_pkt in rtsp_handlers.c; long headers that trigger overflows in (2) send_pause_request, (3) send_play_request, (4) send_setup_request, or (5) send_teardown_request in rtsp_send.c, as demonstrated by the Content-Base header; or a long Transport header, which triggers an overflow in (6) get_transport_str_sctp, (7) get_transport_str_tcp, or (8) get_transport_str_udp in rtsp_transport.c.
by Luigi Auriemma