Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2007-5773 EXPLOITDB text VERIFIED
Flatnuke 3 - Cross-Site Request Forgery via File Manager dir and ffile Parameters
Cross-site request forgery (CSRF) vulnerability in index.php in the File Manager module in Flatnuke 3 allows remote attackers to perform certain actions as administrators via requests containing the pathname in the dir parameter and the filename in the ffile parameter.
by KiNgOfThEwOrLd
CVE-2007-5771 EXPLOITDB text VERIFIED
Flatnuke 3 - Unauthenticated Privilege Escalation via myforum%00 Cookie
Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain administrative access via a myforum%00 cookie.
by KiNgOfThEwOrLd
CVE-2007-5676 EXPLOITDB text VERIFIED
PHP-Nuke Platinum 7.6.b.5 - Remote Code Execution via nuke_bb_root_path Parameter
PHP remote file inclusion vulnerability in modules/Forums/favorites.php in PHP-Nuke Platinum 7.6.b.5 allows remote attackers to execute arbitrary PHP code via a URL in the nuke_bb_root_path parameter.
by BiNgZa
CVE-2007-5697 EXPLOITDB text VERIFIED
PHP Image 1.2 - Remote Code Execution via xarg Parameter
Multiple PHP remote file inclusion vulnerabilities in PHP Image 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the xarg parameter to (1) xarg_corner.php, (2) xarg_corner_bottom.php, and (3) xarg_corner_top.php.
by Civi
CVE-2007-5733 EXPLOITDB text VERIFIED
Japanese PHP Gallery Hosting - Unauthenticated Arbitrary File Upload via ServerPath Parameter
Unrestricted file upload vulnerability in upload/upload.php in Japanese PHP Gallery Hosting, when Open directory mode is enabled, allows remote attackers to upload and execute arbitrary PHP code via a ServerPath parameter specifying a filename with a double extension. NOTE: some of these details are obtained from third party information.
by Pete Houston
CVE-2007-5772 EXPLOITDB text VERIFIED
Flatnuke 3 - Authenticated PHP Code Injection via Download Module Description
Direct static code injection vulnerability in the download module in Flatnuke 3 allows remote authenticated administrators to inject arbitrary PHP code into a description.it.php file in a subdirectory of Download/ by saving a description and setting fneditmode to 1. NOTE: unauthenticated remote attackers can exploit this by leveraging a cookie manipulation issue.
by KiNgOfThEwOrLd
CVE-2007-5774 EXPLOITDB text VERIFIED
Flatnuke3 - Information Exposure via File Manager Invalid Argumentname Parameter
index.php in the File Manager module in Flatnuke 3 allows remote attackers to obtain sensitive information via an invalid argumentname parameter in a disc op action, which reveals the path in an error message.
by KiNgOfThEwOrLd
CVE-2007-5508 EXPLOITDB text VERIFIED
Oracle Database 10.1.0.5 and 10.2.0.3 - Authenticated SQL Injection in CTX_DOC Procedures
Multiple SQL injection vulnerabilities in the CTXSYS Intermedia application for the Oracle Text component (CTX_DOC) in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) THEMES, (2) GIST, (3) TOKENS, (4) FILTER, (5) HIGHLIGHT, and (6) MARKUP procedures, aka DB03. NOTE: remote unauthenticated attack vectors exist when CTXSYS is used with oracle Application Server.
by sh2kerr
CVE-2007-5739 EXPLOITDB text VERIFIED
Korean GHBoard - Path Traversal via FlashUpload Download Name Parameter
Directory traversal vulnerability in component/flashupload/download.jsp in the FlashUpload component in Korean GHBoard allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter.
by Xcross87
CVE-2007-5737 EXPLOITDB text VERIFIED
Korean GHBoard - Unrestricted File Upload via upload.jsp
Unrestricted file upload vulnerability in component/upload.jsp in Korean GHBoard allows remote attackers to upload arbitrary files via unspecified vectors, probably involving a direct request.
by Xcross87
CVE-2007-5628 EXPLOITDB text VERIFIED
The Online Web Library Site (TOWels) 0.1 - Remote Code Execution via pageHeaderFile Parameter
PHP remote file inclusion vulnerability in src/scripture.php in The Online Web Library Site (TOWels) 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the pageHeaderFile parameter.
by GoLd_M
CVE-2007-5627 EXPLOITDB text VERIFIED
SocketMail 2.2.8 - Remote Code Execution via __SOCKETMAIL_ROOT Parameter
PHP remote file inclusion vulnerability in content/fnc-readmail3.php in SocketMail 2.2.8 allows remote attackers to execute arbitrary PHP code via a URL in the __SOCKETMAIL_ROOT parameter.
by BiNgZa
EIP-2026-112128 EXPLOITDB text VERIFIED
Simple PHP Blog (sPHPblog) 0.5.1 - Multiple Vulnerabilities
by DarkFig
CVE-2007-5706 EXPLOITDB text VERIFIED
Jeebles Directory 2.9.60 - Path Traversal via Download.php Query String
Absolute path traversal vulnerability in download.php in Jeebles Directory 2.9.60 allows remote attackers to read arbitrary files via a full pathname in the query string. NOTE: some of these details are obtained from third party information.
by hack2prison
CVE-2007-5674 EXPLOITDB text VERIFIED
InstaGuide Weather 1.0 - Path Traversal via PageName Parameter
Directory traversal vulnerability in index.php in InstaGuide Weather (aka Weather for PHP) 1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PageName parameter.
by h4ck3r
CVE-2007-5677 EXPLOITDB text VERIFIED
Hackish BETA 1.1 - Cross-Site Scripting via Shoutbox go_shout Parameter
Cross-site scripting (XSS) vulnerability in shoutbox/blocco.php in Hackish BETA 1.1 allows remote attackers to inject arbitrary web script or HTML via the go_shout parameter.
by Matrix86
EIP-2026-107131 EXPLOITDB text VERIFIED
Flatnuke3 File Manager Module - Unauthorized Access
by KiNgOfThEwOrLd
CVE-2007-5679 EXPLOITDB text VERIFIED
DeeEmm.com DM CMS 0.7.0.Beta and 0.7.4 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in DeeEmm.com DM CMS 0.7.0.Beta allows remote attackers to execute arbitrary SQL commands via the id parameter in the media page (build_media_content.php). NOTE: it was later reported that 0.7.4 is also affected.
by Aria-Security Team
CVE-2007-5654 EXPLOITDB text VERIFIED
LiteSpeed Web Server < 3.2.3 - Mime Type Injection via Null Byte Extension Bypass
LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger use of an arbitrary MIME type for a file via a "%00." sequence followed by a new extension, as demonstrated by reading PHP source code via requests for .php%00.txt files, aka "Mime Type Injection."
by Tr3mbl3r
EIP-2026-103567 EXPLOITDB text VERIFIED
Mozilla Firefox 2.0.0.7 - Remote Denial of Service
by BugReport.IR
CVE-2007-5641 EXPLOITDB text VERIFIED
PHP Project Management < 0.8.10 - Remote Code Execution via Full Path Parameter
Multiple PHP remote file inclusion vulnerabilities in PHP Project Management 0.8.10 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the full_path parameter to (1) certinfo/index.php, (2) emails/index.php, (3) events/index.php, (4) fax/index.php, (5) files/index.php, (6) files/list.php, (7) groupadm/index.php, (8) history/index.php, (9) info/index.php, (10) log/index.php, (11) mail/index.php, (12) messages/index.php, (13) organizations/index.php, (14) phones/index.php, (15) presence/index.php, (16) projects/index.php, (17) projects/summary.inc.php, (18) projects/list.php, (19) reports/index.php, (20) search/index.php, (21) snf/index.php, (22) syslog/index.php, (23) tasks/searchsimilar.php, (24) tasks/index.php, (25) tasks/summary.inc.php, and (26) useradm/index.php in modules; (27) /ajax/loadsplash.php; (28) /blocks/birthday.php; (29) /blocks/events.php; and (30) /blocks/help.php.
by GoLd_M
CVE-2007-5642 EXPLOITDB text VERIFIED
PHP Project Management < 0.8.10 - Path Traversal via Multiple Module Parameters
Multiple directory traversal vulnerabilities in PHP Project Management 0.8.10 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the def_lang parameter to modules/files/list.php; the m_path parameter to (2) modules/projects/summary.inc.php or (3) modules/tasks/summary.inc.php; (4) the module parameter to modules/projects/list.php; or the module parameter to index.php in the (5) certinfo, (6) emails, (7) events, (8) fax, (9) files, (10) groupadm, (11) history, (12) info, (13) log, (14) mail, (15) messages, (16) organizations, (17) phones, (18) presence, (19) projects, (20) reports, (21) search, (22) snf, (23) syslog, (24) tasks, or (25) useradm subdirectory of modules/.
by GoLd_M
CVE-2007-5631 EXPLOITDB text VERIFIED
PeopleAggregator 1.2pre6 - Remote Code Execution via current_blockmodule_path Parameter
Multiple PHP remote file inclusion vulnerabilities in PeopleAggregator 1.2pre6, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the current_blockmodule_path parameter to (1) AudiosMediaGalleryModule/AudiosMediaGalleryModule.php, (2) ImagesMediaGalleryModule/ImagesMediaGalleryModule.php, (3) MembersFacewallModule/MembersFacewallModule.php, (4) NewestGroupsModule/NewestGroupsModule.php, (5) UploadMediaModule/UploadMediaModule.php, and (6) VideosMediaGalleryModule/VideosMediaGalleryModule.php in BetaBlockModules/; and (7) the path_prefix parameter to several components.
by GoLd_M
CVE-2007-5650 EXPLOITDB text VERIFIED
ReloadCMS 1.2.7 - Path Traversal via Module Parameter
Directory traversal vulnerability in system.php in ReloadCMS 1.2.7 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter to index.php.
by sekuru
CVE-2007-5625 EXPLOITDB text VERIFIED
ASP Site Search SearchSimon Lite 1.0 - Cross-Site Scripting via QUERY Parameter
Cross-site scripting (XSS) vulnerability in filename.asp in ASP Site Search SearchSimon Lite 1.0 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter.
by Aria-Security Team