Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2007-6318 EXPLOITDB text VERIFIED
WordPress <= 2.3.1 - SQL Injection via s Parameter
SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a "\" in a multibyte character.
by Abel Cheung
CVE-2007-6347 EXPLOITDB text VERIFIED
ViArt CMS/HelpDesk/Shop Evaluation/Shop Free <3.3.2 - RCE
PHP remote file inclusion vulnerability in blocks/block_site_map.php in ViArt (1) CMS 3.3.2, (2) HelpDesk 3.3.2, (3) Shop Evaluation 3.3.2, and (4) Shop Free 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the root_folder_path parameter. NOTE: some of these details are obtained from third party information.
by RoMaNcYxHaCkEr
CVE-2007-6344 EXPLOITDB text VERIFIED
Mcms Easy Web Make <1.3 - Path Traversal
Directory traversal vulnerability in modules/cms/index.php in Mcms Easy Web Make 1.3, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter.
by MhZ91
CVE-2007-6489 EXPLOITDB text VERIFIED
Falcon Series One CMS 1.4.3 - Cross-Site Scripting via Guestbook Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gb_mail, (2) gb_name, and (3) gb_text parameters in a guestbook action to index.php, and unspecified other vectors.
by MhZ91
CVE-2007-6488 EXPLOITDB text VERIFIED
Falcon Series One CMS 1.4.3 - Remote File Inclusion via dir[classes] or error Parameter
Multiple PHP remote file inclusion vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the dir[classes] parameter to sitemap.xml.php or (2) the error parameter to errors.php.
by MhZ91
CVE-2007-6310 EXPLOITDB text VERIFIED
Falt4Extreme RC4 10.9.2007 - Cross-Site Scripting via Handler and Topic Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Falt4Extreme RC4 10.9.2007 allow remote attackers to inject arbitrary web script or HTML via the handler parameter to (1) index.php and possibly (2) admin/index.php, and (3) the topic parameter to modules/feed/feed.php (aka modules/feed.php).
by H-Security Labs
CVE-2007-6317 EXPLOITDB text VERIFIED
BarracudaDrive Web Server <3.8 - Path Traversal
Multiple directory traversal vulnerabilities in BarracudaDrive Web Server before 3.8 allow (1) remote attackers to read arbitrary files via certain ..\ (dot dot backslash) sequences in the URL path, or (2) remote authenticated users to delete arbitrary files or create arbitrary directories via a ..\ (dot dot backslash) sequence in the dir parameter to /drive/c/bdusers/USER/.
by Luigi Auriemma
CVE-2007-6379 EXPLOITDB text VERIFIED
BadBlue < 2.72b - Information Disclosure via Invalid Browse Parameter
BadBlue 2.72b and earlier allows remote attackers to obtain sensitive information via an invalid browse parameter, which reveals the installation path in an error message.
by Luigi Auriemma
CVE-2007-6309 EXPLOITDB text VERIFIED
webSPELL 4.1.2 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in index.php in webSPELL 4.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the galleryID parameter in a usergallery upload action; or the (2) upID, (3) tag, (4) month, (5) userID, or (6) year parameter in a calendar announce action.
by Brainhead
CVE-2007-6309 EXPLOITDB text VERIFIED
webSPELL 4.1.2 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in index.php in webSPELL 4.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the galleryID parameter in a usergallery upload action; or the (2) upID, (3) tag, (4) month, (5) userID, or (6) year parameter in a calendar announce action.
by Brainhead
EIP-2026-112412 EXPLOITDB text VERIFIED
SquirrelMail G/PGP Encryption Plugin 2.0/2.1 - Access Validation / Input Validation
by Tomas Kuliavas
EIP-2026-109214 EXPLOITDB text VERIFIED
Lotfian.com DATABASE DRIVEN TRAVEL SITE - SQL Injection
by Aria-Security Team
CVE-2007-6311 EXPLOITDB text VERIFIED
Falt4Extreme RC4 10.9.2007 - SQL Injection
SQL injection vulnerability in (1) index.php, and possibly (2) admin/index.php, in Falt4Extreme RC4 10.9.2007 allows remote attackers to execute arbitrary SQL commands via the nav_ID parameter.
by H-Security Labs
CVE-2007-6490 EXPLOITDB text VERIFIED
Falcon Series One CMS 1.4.3 - Cross-Site Request Forgery via Password Change Action
Cross-site request forgery (CSRF) vulnerability in Falcon Series One CMS 1.4.3 allows remote attackers to change a password via a certain changepass action to index.php.
by MhZ91
CVE-2007-6380 EXPLOITDB text VERIFIED
e-Xoops 1.08-1.05 Rev 1-3 - SQL Injection
Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and 1.05 Rev 1 through 3, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to (a) mylinks/ratelink.php, (b) adresses/ratefile.php, (c) mydownloads/ratefile.php, (d) mysections/ratefile.php, and (e) myalbum/ratephoto.php in modules/; the (2) bid parameter to (f) modules/banners/click.php; and the (3) gid parameter to (g) modules/arcade/index.php in a show_stats and play_game action, related issues to CVE-2007-5104 and CVE-2007-6266.
by Lostmon
CVE-2007-6380 EXPLOITDB text VERIFIED
e-Xoops 1.08-1.05 Rev 1-3 - SQL Injection
Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and 1.05 Rev 1 through 3, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to (a) mylinks/ratelink.php, (b) adresses/ratefile.php, (c) mydownloads/ratefile.php, (d) mysections/ratefile.php, and (e) myalbum/ratephoto.php in modules/; the (2) bid parameter to (f) modules/banners/click.php; and the (3) gid parameter to (g) modules/arcade/index.php in a show_stats and play_game action, related issues to CVE-2007-5104 and CVE-2007-6266.
by Lostmon
CVE-2007-6380 EXPLOITDB text VERIFIED
e-Xoops 1.08-1.05 Rev 1-3 - SQL Injection
Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and 1.05 Rev 1 through 3, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to (a) mylinks/ratelink.php, (b) adresses/ratefile.php, (c) mydownloads/ratefile.php, (d) mysections/ratefile.php, and (e) myalbum/ratephoto.php in modules/; the (2) bid parameter to (f) modules/banners/click.php; and the (3) gid parameter to (g) modules/arcade/index.php in a show_stats and play_game action, related issues to CVE-2007-5104 and CVE-2007-6266.
by Lostmon
CVE-2007-6380 EXPLOITDB text VERIFIED
e-Xoops 1.08-1.05 Rev 1-3 - SQL Injection
Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and 1.05 Rev 1 through 3, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to (a) mylinks/ratelink.php, (b) adresses/ratefile.php, (c) mydownloads/ratefile.php, (d) mysections/ratefile.php, and (e) myalbum/ratephoto.php in modules/; the (2) bid parameter to (f) modules/banners/click.php; and the (3) gid parameter to (g) modules/arcade/index.php in a show_stats and play_game action, related issues to CVE-2007-5104 and CVE-2007-6266.
by Lostmon
CVE-2007-6380 EXPLOITDB text VERIFIED
e-Xoops 1.08-1.05 Rev 1-3 - SQL Injection
Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and 1.05 Rev 1 through 3, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to (a) mylinks/ratelink.php, (b) adresses/ratefile.php, (c) mydownloads/ratefile.php, (d) mysections/ratefile.php, and (e) myalbum/ratephoto.php in modules/; the (2) bid parameter to (f) modules/banners/click.php; and the (3) gid parameter to (g) modules/arcade/index.php in a show_stats and play_game action, related issues to CVE-2007-5104 and CVE-2007-6266.
by Lostmon
CVE-2007-6380 EXPLOITDB text VERIFIED
e-Xoops 1.08-1.05 Rev 1-3 - SQL Injection
Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and 1.05 Rev 1 through 3, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to (a) mylinks/ratelink.php, (b) adresses/ratefile.php, (c) mydownloads/ratefile.php, (d) mysections/ratefile.php, and (e) myalbum/ratephoto.php in modules/; the (2) bid parameter to (f) modules/banners/click.php; and the (3) gid parameter to (g) modules/arcade/index.php in a show_stats and play_game action, related issues to CVE-2007-5104 and CVE-2007-6266.
by Lostmon
CVE-2007-6380 EXPLOITDB text VERIFIED
e-Xoops 1.08-1.05 Rev 1-3 - SQL Injection
Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and 1.05 Rev 1 through 3, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to (a) mylinks/ratelink.php, (b) adresses/ratefile.php, (c) mydownloads/ratefile.php, (d) mysections/ratefile.php, and (e) myalbum/ratephoto.php in modules/; the (2) bid parameter to (f) modules/banners/click.php; and the (3) gid parameter to (g) modules/arcade/index.php in a show_stats and play_game action, related issues to CVE-2007-5104 and CVE-2007-6266.
by Lostmon
EIP-2026-100178 EXPLOITDB text VERIFIED
bttlxe Forum 2.0 - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities
by Mormoroth
CVE-2007-6398 EXPLOITDB text VERIFIED
Flat PHP Board < 1.2 - Unauthenticated Authentication Bypass via fpb_username Cookie
Flat PHP Board 1.2 and earlier allows remote attackers to bypass authentication and obtain limited access to an arbitrary user account via the fpb_username cookie.
by KiNgOfThEwOrLd
CVE-2007-6397 EXPLOITDB text VERIFIED
Flat PHP Board <1.2 - Path Traversal
Multiple directory traversal vulnerabilities in index.php in Flat PHP Board 1.2 and earlier allow remote attackers to (1) create arbitrary files via a .. (dot dot) in the username parameter when registering a user account, and (2) read arbitrary PHP files via a .. (dot dot) in (a) the topic parameter in a topic action or (b) the username parameter in a viewprofile action.
by KiNgOfThEwOrLd
CVE-2007-6396 EXPLOITDB text VERIFIED
Flat PHP Board <1.2 - Code Injection
Direct static code injection vulnerability in index.php in Flat PHP Board 1.2 and earlier allows remote attackers to inject arbitrary PHP code via the (1) username, (2) password, and (3) email parameters when registering a user account, which can be executed by accessing the user's php file for this account. NOTE: similar code injection might be possible in a user profile.
by KiNgOfThEwOrLd