Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2007-6091 EXPLOITDB text VERIFIED
JiRo's Banner System/JUS 2.0 - SQL Injection
Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System (JBS) 2.0, and possibly JiRo's Upload Manager (aka JiRo's Upload System or JUS), allow remote attackers to execute arbitrary SQL commands via the (1) Username (aka Login or Email) or (2) Password field.
by Aria-Security Team
CVE-2007-6026 EXPLOITDB text VERIFIED
Microsoft msjet40.dll <4.0.8618.0 - Buffer Overflow
Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944.
by cocoruder
CVE-2007-6058 EXPLOITDB text VERIFIED
ProfileCMS <= 1.0 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in index.php in ProfileCMS 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) codes action in the profile-codes module, (2) videos action in the video-codes module, or (3) games action in the arcade-games module.
by K-159
EIP-2026-109861 EXPLOITDB text VERIFIED
net-finity - 'links.php' SQL Injection
by VerY-SecReT
CVE-2007-6057 EXPLOITDB text VERIFIED
datecomm Social Networking Script - RCE
PHP remote file inclusion vulnerability in index.php in datecomm Social Networking Script (aka Myspace Clone Script) allows remote attackers to execute arbitrary PHP code via a URL in the pg parameter.
by VerY-SecReT
CVE-2007-6055 EXPLOITDB text VERIFIED
Liferay Portal 4.1.0 and 4.1.1 - Cross-Site Scripting via Login Parameter
Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Portal 4.1.0 and 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter. NOTE: this issue reportedly exists because of a regression that followed a fix at an unspecified earlier date.
by Adrian Pastor
CVE-2007-6027 EXPLOITDB text VERIFIED
Joomla! Carousel Flash Image Gallery - RCE
PHP remote file inclusion vulnerability in admin.jjgallery.php in the Carousel Flash Image Gallery (com_jjgallery) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
by Crackers_Child
CVE-2006-6899 EXPLOITDB text VERIFIED
BlueZ < 2.24 - Remote Control of HID Devices via Malicious PSM Endpoint Configuration
hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obtain control of the (1) Mouse and (2) Keyboard Human Interface Device (HID) via a certain configuration of two HID (PSM) endpoints, operating as a server, aka HidAttack.
by Collin Mulliner
CVE-2007-5944 EXPLOITDB text VERIFIED
IBM WebSphere Application Server <5.1.1.17 - XSS
Cross-site scripting (XSS) vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server (WAS) 5.1.1.4 through 5.1.1.16 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. NOTE: this might be the same issue as CVE-2006-3918, but there are insufficient details to be sure.
by anonymous
CVE-2007-6054 EXPLOITDB text VERIFIED
Aruba 800 Mobility Controller <2.5.4.18 & <2.4.8.6-FIPS - XSS
Cross-site scripting (XSS) vulnerability in the login page in the management interface in the Aruba 800 Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the /screens URI, related to the url variable.
by Jan Fry
CVE-2007-6004 EXPLOITDB text VERIFIED
Toko Instan 7.6 - SQL Injection via id or katid Parameter
Multiple SQL injection vulnerabilities in index.php in Toko Instan 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an artikel action or (2) the katid parameter in a produk action.
by k1tk4t
CVE-2007-5817 EXPLOITDB MEDIUM text VERIFIED
ContentCustomizer < 3.1mp - Cross-Site Scripting via Privileged Actions
dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attackers to perform certain privileged actions via a (1) del, (2) delbackup, (3) res, or (4) ren action. NOTE: this issue can be leveraged to conduct cross-site scripting (XSS) and possibly other attacks.
by d3hydr8
CVSS 6.1
CVE-2007-6056 EXPLOITDB text VERIFIED
Aida-Web - Information Disclosure via Mehr and SUPER Parameter Manipulation
frame.html in Aida-Web (Aida Web) allows remote attackers to bypass a protection mechanism and obtain comment and task details via modified values to the (1) Mehr and (2) SUPER parameters.
by MC Iglo
EIP-2026-114265 EXPLOITDB text VERIFIED
WordPress Plugin WP-SlimStat 0.9.2 - Cross-Site Scripting
by Fracesco Vaj
CVE-2007-5992 EXPLOITDB text VERIFIED
datecomm Social Networking Script - SQL Injection
SQL injection vulnerability in index.php in datecomm Social Networking Script (aka Myspace Clone Script) allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewcat s action on the forums page.
by t0pP8uZz
CVE-2007-6039 EXPLOITDB text VERIFIED
PHP < 5.2.4 - Denial of Service via Long String in Domain Parameter
PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in (1) the domain parameter to the dgettext function, the message parameter to the (2) dcgettext or (3) gettext function, the msgid1 parameter to the (4) dngettext or (5) ngettext function, or (6) the classname parameter to the stream_wrapper_register function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution.
by laurent gaffie
CVE-2007-5993 EXPLOITDB text VERIFIED
VTLS vtls.web.gateway <48.1.1 - XSS
Cross-site scripting (XSS) vulnerability in Visionary Technology in Library Solutions (VTLS) vtls.web.gateway before 48.1.1 allows remote attackers to inject arbitrary web script or HTML via the searchtype parameter.
by Jesus Olmos Gonzalez
EIP-2026-114459 EXPLOITDB text VERIFIED
XOOPS 2.2.5 - 'register.php' Cross-Site Scripting
by Omer Singer
CVE-2007-5982 EXPLOITDB text VERIFIED
X7 Chat 2.0.4-2.0.5 - Cross-Site Scripting via Room Parameter
Multiple cross-site scripting (XSS) vulnerabilities in X7 Chat 2.0.4, 2.0.5, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) room parameter to sources/frame.php, the (2) theme_c parameter to help/index.php, or the (3) INSTALL_X7CHATVERSION parameter to upgradev1.php.
by ShAy6oOoN
CVE-2007-5982 EXPLOITDB text VERIFIED
X7 Chat 2.0.4-2.0.5 - Cross-Site Scripting via Room Parameter
Multiple cross-site scripting (XSS) vulnerabilities in X7 Chat 2.0.4, 2.0.5, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) room parameter to sources/frame.php, the (2) theme_c parameter to help/index.php, or the (3) INSTALL_X7CHATVERSION parameter to upgradev1.php.
by ShAy6oOoN
CVE-2007-5995 EXPLOITDB text VERIFIED
patBBcode 1.0 - Remote Code Execution via bbcodeSource.php Example Parameter
PHP remote file inclusion vulnerability in examples/patExampleGen/bbcodeSource.php in patBBcode 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the example parameter.
by p4sswd
CVE-2007-5984 EXPLOITDB text VERIFIED
Justin Hagstrom AutoIndex <2.2.4 - DoS
classes/Url.php in Justin Hagstrom AutoIndex PHP Script before 2.2.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via a %00 sequence in the dir parameter to index.php, which triggers an erroneous "recursive calculation."
by L4teral
CVE-2007-5979 EXPLOITDB text VERIFIED
F5 Firepass 4100 SSL VPN <6.0.1 - XSS
Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 Firepass 4100 SSL VPN 5.4 through 5.5.2 and 6.0 through 6.0.1 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter.
by Jan Fry
CVE-2007-5996 EXPLOITDB text VERIFIED
Softbiz Link Directory Script - SQL Injection
SQL injection vulnerability in searchresult.php in Softbiz Link Directory Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter, a related issue to CVE-2007-5449.
by Khashayar Fereidani
CVE-2007-5997 EXPLOITDB text VERIFIED
Softbiz Banner Exchange Network Script 1.0 - SQL Injection
SQL injection vulnerability in campaign_stats.php in Softbiz Banner Exchange Network Script 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
by Khashayar Fereidani