Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2007-6159 EXPLOITDB text VERIFIED
Tilde CMS 4.x and earlier - SQL Injection via aarstal Parameter
SQL injection vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to execute arbitrary SQL commands via the aarstal parameter in a yeardetail action, a different vector than CVE-2006-1500.
by KiNgOfThEwOrLd
CVE-2007-6160 EXPLOITDB text VERIFIED
Tilde CMS 4.x and earlier - Cross-Site Scripting via aarstal Parameter
Cross-site scripting (XSS) vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to inject arbitrary web script or HTML via the aarstal parameter in a yeardetail action.
by KiNgOfThEwOrLd
CVE-2007-6157 EXPLOITDB text VERIFIED
SimpleGallery 0.1.3 - Cross-Site Scripting via Album Parameter
Cross-site scripting (XSS) vulnerability in index.php in SimpleGallery 0.1.3 allows remote attackers to inject arbitrary web script or HTML via the album parameter.
by JosS
CVE-2007-3332 EXPLOITDB text VERIFIED
Satel Lite for PhpNuke - Directory Traversal via Name Parameter
Directory traversal vulnerability in Satellite.php in Satel Lite for PhpNuke allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the name parameter in a modload action.
by rUnViRuS
CVE-2007-6158 EXPLOITDB text VERIFIED
Proverbs Web Calendar <1.1 - SQL Injection
Multiple SQL injection vulnerabilities in caladmin.inc.php in Proverbs Web Calendar 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) loginname (aka Username) and (2) loginpass (aka Password) parameters to caladmin.php.
by JosS
CVE-2007-6135 EXPLOITDB text VERIFIED
PHPSlideShow 0.9.9.2 - Cross-Site Scripting via Directory Parameter
Cross-site scripting (XSS) vulnerability in phpslideshow.php in PHPSlideShow 0.9.9.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the directory parameter. NOTE: this issue was originally reported for toonchapter8.php, but this is probably a site-specific name, since the PHPSlideShow distribution does not contain that file.
by Jose Luis Gongora Fernandez
CVE-2007-6162 EXPLOITDB text VERIFIED
FMDeluxe 2.1.0 - Cross-Site Scripting via Index.php ID Parameter
Cross-site scripting (XSS) vulnerability in index.php in FMDeluxe 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a category action.
by JosS
EIP-2026-103653 EXPLOITDB text VERIFIED
Skype 3.6.216 - Voicemail URI Handler Remote Denial of Service
by Critical Security
EIP-2026-100810 EXPLOITDB text VERIFIED
GWExtranet 3.0 - 'Scp.dll' Multiple HTML Injection Vulnerabilities
by Doz
CVE-2007-6163 EXPLOITDB text VERIFIED
GOUAE DWD Realty - SQL Injection via Password Parameter
SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the pword (aka Password) parameter. NOTE: some of these details are obtained from third party information.
by Aria-Security Team
CVE-2007-6147 EXPLOITDB text VERIFIED
IAPR COMMENCE 1.3 - Remote Code Execution via PHP Remote File Inclusion
Multiple PHP remote file inclusion vulnerabilities in IAPR COMMENCE 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the (a) php_root_path and sometimes the (b) privilege_root_path parameter to various PHP scripts under (1) admin/includes/, (2) admin/phase/, (3) includes/, (4) includes/page_includes/, (5) reviewer/includes/, (6) reviewer/phase/, and (7) user/phase/.
by ShAy6oOoN
CVE-2007-6126 EXPLOITDB text VERIFIED
project_alumni <= 1.0.9 - Cross-Site Scripting via Year Parameter
Multiple cross-site scripting (XSS) vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the year parameter to (1) xml/index.php; or (2) the year parameter to view.page.inc.php, which is reachable through a view action to the top-level index.php.
by tomplixsee
CVE-2007-6128 EXPLOITDB text VERIFIED
WorkingOnWeb 2.0.1400 - SQL Injection
SQL injection vulnerability in events.php in WorkingOnWeb 2.0.1400 allows remote attackers to execute arbitrary SQL commands via the idevent parameter.
by ka0x
CVE-2007-6141 EXPLOITDB text VERIFIED
vBTube 1.1 Beta - Cross-Site Scripting via Search Parameter
Cross-site scripting (XSS) vulnerability in vBTube.php in vBTube 1.1 Beta allows remote attackers to inject arbitrary web script or HTML via the search parameter.
by Crackers_Child
EIP-2026-111828 EXPLOITDB text VERIFIED
RunCMS 1.6 - Local File Inclusion
by BugReport.IR
CVE-2007-6127 EXPLOITDB text VERIFIED
Project Alumni <1.0.9 - SQL Injection
Multiple SQL injection vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the year parameter to (1) view.page.inc.php, which is reachable through a view action to index.php; or (2) the year parameter to news.page.inc.php, which is reachable through a news action to index.php.
by tomplixsee
EIP-2026-110520 EXPLOITDB text VERIFIED
PBLang 4.99.17.q - Remote File Rewriting / Command Execution
by KiNgOfThEwOrLd
EIP-2026-106155 EXPLOITDB text VERIFIED
CoolShot E-Lite POS 1.0 - Login SQL Injection
by Aria-Security Team
CVE-2007-6129 EXPLOITDB text VERIFIED
Amber Script 1.0 - Directory Traversal via id Parameter
Directory traversal vulnerability in scripts/include/show_content.php in Amber Script 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
by Crackers_Child
CVE-2007-6139 EXPLOITDB text VERIFIED
Mp3 ToolBox 1.0 beta 5 - Remote Code Execution via Skin File Parameter
PHP remote file inclusion vulnerability in index.php in Mp3 ToolBox 1.0 beta 5 allows remote attackers to execute arbitrary PHP code via a URL in the skin_file parameter.
by Crackers_Child
CVE-2007-6217 EXPLOITDB text VERIFIED
Irola My-Time 3.5 - SQL Injection via Login and Password Parameters
Multiple SQL injection vulnerabilities in login.asp in Irola My-Time (aka Timesheet) 3.5 allow remote attackers to execute arbitrary SQL commands via the (1) login (aka Username) and (2) password parameters. NOTE: some of these details are obtained from third party information.
by Aria-Security Team
CVE-2007-6001 EXPLOITDB text VERIFIED
Bandersnatch 0.4 - Cross-Site Scripting via func, date, or jid Parameter
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Bandersnatch 0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) func or (2) date parameter, or the jid parameter in a (3) log or (4) user action, a different vulnerability than CVE-2007-3910.
by Tim Brown
CVE-2007-6136 EXPLOITDB text VERIFIED
M2Scripts MySpace Scripts Poll Creator - XSS
Multiple cross-site scripting (XSS) vulnerabilities in index.php in M2Scripts MySpace Scripts Poll Creator allow remote attackers to inject arbitrary web script or HTML via the (1) title, (2) intro, and (3) question parameters, and (4) unspecified answer parameters, in a create_new action. NOTE: some of these details are obtained from third party information.
by Doz
CVE-2007-6133 EXPLOITDB text VERIFIED
DevMass Shopping Cart <= 1.0 - Remote File Inclusion via kfm_base_path Parameter
PHP remote file inclusion vulnerability in admin/kfm/initialise.php in DevMass Shopping Cart 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the kfm_base_path parameter.
by S.W.A.T.
CVE-2007-6137 EXPLOITDB text VERIFIED
Content Injector <1.52 - SQL Injection
SQL injection vulnerability in news.php in Content Injector 1.52 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php. NOTE: some of these details are obtained from third party information.
by S.W.A.T.