Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2007-6485 EXPLOITDB text VERIFIED
Centreon 1.4.1 - Remote Code Execution via FileOreonConf Parameter
Multiple PHP remote file inclusion vulnerabilities in Centreon 1.4.1 (aka Oreon 1.4) allow remote attackers to execute arbitrary PHP code via a URL in the fileOreonConf parameter to (1) MakeXML.php or (2) MakeXML4statusCounter.php in include/monitoring/engine/.
by Michael Brooks
CVE-2007-6464 EXPLOITDB text VERIFIED
Form Tools 1.5.0b - Remote Code Execution via g_root_dir Parameter
Multiple PHP remote file inclusion vulnerabilities in Form tools 1.5.0b allow remote attackers to execute arbitrary PHP code via a URL in the g_root_dir parameter to (1) admin_page_open.php and (2) client_page_open.php in global/templates/.
by RoMaNcYxHaCkEr
EIP-2026-105503 EXPLOITDB text VERIFIED
Black Sheep Web Software Form Tools 1.5 - Multiple Remote File Inclusions
by RoMaNcYxHaCkEr
CVE-2007-6459 EXPLOITDB text VERIFIED
Anon Proxy Server 0.100-0.101 - Command Injection
Anon Proxy Server 0.100, and probably 0.101, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the host parameter to diagdns.php, and (2) the host parameter and possibly (3) the port parameter to diagconnect.php, a different vulnerability than CVE-2007-6460.
by Michael Brooks
CVE-2007-6458 EXPLOITDB text VERIFIED
123tkShop 0.9.1 - SQL Injection via Base64-Encoded Admin Parameter
SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded value of the admin parameter to shop/admin.php.
by Michael Brooks
CVE-2007-6503 EXPLOITDB text VERIFIED
Hosting Controller <6.1 Hot fix 3.3 - RCE
Multiple unspecified vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to (1) import an arbitrary plan via a request to hosting/importhostingplans.asp; or (2) change an arbitrary plan via a request to hosting/AutoSignUpPlans.asp with the (a) save, (b) 30, and (c) d_30 parameters.
by BugReport.IR
CVE-2007-6502 EXPLOITDB text VERIFIED
Hosting Controller 6.1 Hot fix 3.3 - Info Disclosure
Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to obtain sensitive information via (1) the AdminName and AdminLevel parameters to fp2000/NEWSRVR.asp, which discloses usernames; and (2) certain XML HTTP requests to hosting/css.asp using Microsoft.XMLHTTP or MSXML2.XMLHTTP objects, which trigger a response with the setup directory pathname in the HTML source; and (3) might allow remote attackers to obtain sensitive information via a request for /admin/forum/, which reveals the path in an error message when a forum is not found.
by BugReport.IR
CVE-2007-6501 EXPLOITDB text VERIFIED
Hosting Controller <6.1.3.3 - Auth Bypass
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to enable or disable "pay type" via a request to adminsettings/choosetranstype.asp.
by BugReport.IR
CVE-2007-6500 EXPLOITDB text VERIFIED
Hosting Controller <6.1.3.3 - Auth Bypass
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to delete "gateway information" via a request to OpenApi/GatewayVariables.asp.
by BugReport.IR
CVE-2007-6499 EXPLOITDB text VERIFIED
Hosting Controller < 6.1_hotfix_3.3 - Authenticated FrontPage Extensions Uninstallation via fp2002/UNINSTAL.asp
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to uninstall the FrontPage extensions of an arbitrary account via a request to fp2002/UNINSTAL.asp with a "host id (IIS) value."
by BugReport.IR
CVE-2007-6498 EXPLOITDB text VERIFIED
Hosting Controller 6.1-<3 - SQL Injection
Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) email and (2) loginname parameters to Hosting/Addreseller.asp, (3) the sortfield parameter to accounts/accountmanager.asp, (4) the GateWayID parameter to OpenApi/GatewayVariables.asp, and possibly (5) unspecified vectors to IIS/iibind.asp.
by BugReport.IR
CVE-2007-6497 EXPLOITDB text VERIFIED
Hosting Controller 6.1 Hot fix 3.3 - RCE
Hosting Controller 6.1 Hot fix 3.3 and earlier (1) allows remote attackers to change arbitrary user profiles via a request to Hosting/Addreseller.asp with modified loginname and email parameters; and (2) allows remote authenticated users to change a credit amount and increase a discount via an UpdateUser action to Accounts/AccountActions.asp with modified UserName, FullName, CreditLimit, and DefaultDiscount parameters, a related issue to CVE-2005-2219.
by BugReport.IR
CVE-2007-6496 EXPLOITDB text VERIFIED
Hosting Controller 6.1 Hot fix 3.3 - RCE
Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to register arbitrary users via a request to hosting/addsubsite.asp with the loginname and password parameters set, when preceded by certain requests to hosting/default.asp and hosting/selectdomain.asp, a related issue to CVE-2005-1654.
by BugReport.IR
CVE-2007-6495 EXPLOITDB text VERIFIED
Hosting Controller <6.1 Hot fix 3.3 - Privilege Escalation
inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the permissions of directories named (1) db, (2) www, (3) Special, and (4) log at arbitrary locations under the web root via a modified Dirroot parameter in an AddUser action to accounts/AccountActions.asp. NOTE: this can be leveraged for remote code execution by changing the permissions of \Forum\db, which is configured for execution of ASP scripts with administrative privileges, and then uploading a script to \Forum\db.
by BugReport.IR
CVE-2007-6494 EXPLOITDB text VERIFIED
Hosting Controller <6.1 Hot fix 3.3 - Info Disclosure
Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to obtain login access via a request to hosting/addreseller.asp with a username in the reseller parameter, followed by a request to AdminSettings/displays.asp with the DecideAction and ChangeSkin parameters.
by BugReport.IR
CVE-2006-5629 EXPLOITDB text VERIFIED
Hosting Controller < 6.1 Hotfix 3.3 - SQL Injection via ForumID Parameter
Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) enableForum.asp. NOTE: it was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and earlier.
by BugReport.IR
CVE-2006-1620 EXPLOITDB text VERIFIED
Hosting Controller < 6.1_hotfix_3.3 - Unauthenticated Password Modification via AccountActions.asp
admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 allows remote attackers to modify passwords of other users, probably via an "Update User" ActionType with a modified UserName parameter and the PassCheck parameter set to TRUE. It was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and earlier.
by BugReport.IR
CVE-2007-6322 EXPLOITDB text VERIFIED
xml2owl 0.1.1 - Path Traversal via File Parameter
Directory traversal vulnerability in filedownload.php in xml2owl 0.1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
by GoLd_M
CVE-2007-6323 EXPLOITDB text VERIFIED
MMS Gallery PHP 1.0 - Path Traversal
Multiple directory traversal vulnerabilities in MMS Gallery PHP 1.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) get_image.php or (2) get_file.php in mms_template/.
by GoLd_M
CVE-2007-6467 EXPLOITDB text VERIFIED
MKPortal 1.1 RC1 - SQL Injection via ida Parameter in Gallery foto_show Action
SQL injection vulnerability in index.php in MKPortal 1.1 RC1 allows remote attackers to execute arbitrary SQL commands via the ida parameter in a gallery foto_show action.
by Sw33t h4cK3r
EIP-2026-105971 EXPLOITDB text VERIFIED
CMS Galaxie Software - 'category_id' SQL Injection
by MurderSkillz
CVE-2007-6324 EXPLOITDB text VERIFIED
CityWriter 0.9.7 - Remote Code Execution via Path Parameter in head.php
PHP remote file inclusion vulnerability in head.php in CityWriter 0.9.7 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
by RoMaNcYxHaCkEr
EIP-2026-103643 EXPLOITDB text VERIFIED
QK SMTP Server - Malformed Commands Multiple Remote Denial of Service Vulnerabilities
by Juan Pablo Lopez Yacubian
CVE-2007-6504 EXPLOITDB text VERIFIED
Hosting Controller < 6.1_hotfix_3.3 - Authenticated Arbitrary Host Header Modification via IIS/iibind.asp
Unspecified vulnerability in IIS/iibind.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the headers of arbitrary hosts via an unspecified parameter.
by BugReport.IR
CVE-2007-6325 EXPLOITDB text VERIFIED
Fastpublish CMS 1.9999 - Remote File Inclusion via config[fsBase] Parameter
PHP remote file inclusion vulnerability in adminbereich/designconfig.php in Fastpublish CMS 1.9999 allows remote attackers to execute arbitrary PHP code via a URL in the config[fsBase] parameter, a different vector than CVE-2006-2726.
by RoMaNcYxHaCkEr