Text Exploits
31,394 exploits tracked across all sources.
Centreon 1.4.1 - Remote Code Execution via FileOreonConf Parameter
Multiple PHP remote file inclusion vulnerabilities in Centreon 1.4.1 (aka Oreon 1.4) allow remote attackers to execute arbitrary PHP code via a URL in the fileOreonConf parameter to (1) MakeXML.php or (2) MakeXML4statusCounter.php in include/monitoring/engine/.
by Michael Brooks
Form Tools 1.5.0b - Remote Code Execution via g_root_dir Parameter
Multiple PHP remote file inclusion vulnerabilities in Form tools 1.5.0b allow remote attackers to execute arbitrary PHP code via a URL in the g_root_dir parameter to (1) admin_page_open.php and (2) client_page_open.php in global/templates/.
by RoMaNcYxHaCkEr
Black Sheep Web Software Form Tools 1.5 - Multiple Remote File Inclusions
by RoMaNcYxHaCkEr
Anon Proxy Server 0.100-0.101 - Command Injection
Anon Proxy Server 0.100, and probably 0.101, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the host parameter to diagdns.php, and (2) the host parameter and possibly (3) the port parameter to diagconnect.php, a different vulnerability than CVE-2007-6460.
by Michael Brooks
123tkShop 0.9.1 - SQL Injection via Base64-Encoded Admin Parameter
SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded value of the admin parameter to shop/admin.php.
by Michael Brooks
Hosting Controller <6.1 Hot fix 3.3 - RCE
Multiple unspecified vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to (1) import an arbitrary plan via a request to hosting/importhostingplans.asp; or (2) change an arbitrary plan via a request to hosting/AutoSignUpPlans.asp with the (a) save, (b) 30, and (c) d_30 parameters.
by BugReport.IR
Hosting Controller 6.1 Hot fix 3.3 - Info Disclosure
Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to obtain sensitive information via (1) the AdminName and AdminLevel parameters to fp2000/NEWSRVR.asp, which discloses usernames; and (2) certain XML HTTP requests to hosting/css.asp using Microsoft.XMLHTTP or MSXML2.XMLHTTP objects, which trigger a response with the setup directory pathname in the HTML source; and (3) might allow remote attackers to obtain sensitive information via a request for /admin/forum/, which reveals the path in an error message when a forum is not found.
by BugReport.IR
Hosting Controller <6.1.3.3 - Auth Bypass
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to enable or disable "pay type" via a request to adminsettings/choosetranstype.asp.
by BugReport.IR
Hosting Controller <6.1.3.3 - Auth Bypass
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to delete "gateway information" via a request to OpenApi/GatewayVariables.asp.
by BugReport.IR
Hosting Controller < 6.1_hotfix_3.3 - Authenticated FrontPage Extensions Uninstallation via fp2002/UNINSTAL.asp
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to uninstall the FrontPage extensions of an arbitrary account via a request to fp2002/UNINSTAL.asp with a "host id (IIS) value."
by BugReport.IR
Hosting Controller 6.1-<3 - SQL Injection
Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) email and (2) loginname parameters to Hosting/Addreseller.asp, (3) the sortfield parameter to accounts/accountmanager.asp, (4) the GateWayID parameter to OpenApi/GatewayVariables.asp, and possibly (5) unspecified vectors to IIS/iibind.asp.
by BugReport.IR
Hosting Controller 6.1 Hot fix 3.3 - RCE
Hosting Controller 6.1 Hot fix 3.3 and earlier (1) allows remote attackers to change arbitrary user profiles via a request to Hosting/Addreseller.asp with modified loginname and email parameters; and (2) allows remote authenticated users to change a credit amount and increase a discount via an UpdateUser action to Accounts/AccountActions.asp with modified UserName, FullName, CreditLimit, and DefaultDiscount parameters, a related issue to CVE-2005-2219.
by BugReport.IR
Hosting Controller 6.1 Hot fix 3.3 - RCE
Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to register arbitrary users via a request to hosting/addsubsite.asp with the loginname and password parameters set, when preceded by certain requests to hosting/default.asp and hosting/selectdomain.asp, a related issue to CVE-2005-1654.
by BugReport.IR
Hosting Controller <6.1 Hot fix 3.3 - Privilege Escalation
inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the permissions of directories named (1) db, (2) www, (3) Special, and (4) log at arbitrary locations under the web root via a modified Dirroot parameter in an AddUser action to accounts/AccountActions.asp. NOTE: this can be leveraged for remote code execution by changing the permissions of \Forum\db, which is configured for execution of ASP scripts with administrative privileges, and then uploading a script to \Forum\db.
by BugReport.IR
Hosting Controller <6.1 Hot fix 3.3 - Info Disclosure
Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to obtain login access via a request to hosting/addreseller.asp with a username in the reseller parameter, followed by a request to AdminSettings/displays.asp with the DecideAction and ChangeSkin parameters.
by BugReport.IR
Hosting Controller < 6.1 Hotfix 3.3 - SQL Injection via ForumID Parameter
Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) enableForum.asp. NOTE: it was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and earlier.
by BugReport.IR
Hosting Controller < 6.1_hotfix_3.3 - Unauthenticated Password Modification via AccountActions.asp
admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 allows remote attackers to modify passwords of other users, probably via an "Update User" ActionType with a modified UserName parameter and the PassCheck parameter set to TRUE. It was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and earlier.
by BugReport.IR
xml2owl 0.1.1 - Path Traversal via File Parameter
Directory traversal vulnerability in filedownload.php in xml2owl 0.1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
by GoLd_M
MMS Gallery PHP 1.0 - Path Traversal
Multiple directory traversal vulnerabilities in MMS Gallery PHP 1.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) get_image.php or (2) get_file.php in mms_template/.
by GoLd_M
MKPortal 1.1 RC1 - SQL Injection via ida Parameter in Gallery foto_show Action
SQL injection vulnerability in index.php in MKPortal 1.1 RC1 allows remote attackers to execute arbitrary SQL commands via the ida parameter in a gallery foto_show action.
by Sw33t h4cK3r
CMS Galaxie Software - 'category_id' SQL Injection
by MurderSkillz
CityWriter 0.9.7 - Remote Code Execution via Path Parameter in head.php
PHP remote file inclusion vulnerability in head.php in CityWriter 0.9.7 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
by RoMaNcYxHaCkEr
QK SMTP Server - Malformed Commands Multiple Remote Denial of Service Vulnerabilities
by Juan Pablo Lopez Yacubian
Hosting Controller < 6.1_hotfix_3.3 - Authenticated Arbitrary Host Header Modification via IIS/iibind.asp
Unspecified vulnerability in IIS/iibind.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the headers of arbitrary hosts via an unspecified parameter.
by BugReport.IR
Fastpublish CMS 1.9999 - Remote File Inclusion via config[fsBase] Parameter
PHP remote file inclusion vulnerability in adminbereich/designconfig.php in Fastpublish CMS 1.9999 allows remote attackers to execute arbitrary PHP code via a URL in the config[fsBase] parameter, a different vector than CVE-2006-2726.
by RoMaNcYxHaCkEr
By Source