Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2007-5416 EXPLOITDB text VERIFIED
Drupal < 5.2 - Remote Code Execution via Callback Parameter Hash Collision
Drupal 5.2 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by invoking the drupal_eval function through a callback parameter to the default URI, as demonstrated by the _menu[callbacks][1][callback] parameter. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Drupal.
by ShAnKaR
CVE-2007-5381 EXPLOITDB text VERIFIED
Cisco IOS - Stack-based Buffer Overflow via Long Hostname in LPD Error Message
Stack-based buffer overflow in the Line Printer Daemon (LPD) in Cisco IOS before 12.2(18)SXF11, 12.4(16a), and 12.4(2)T6 allow remote attackers to execute arbitrary code by setting a long hostname on the target system, then causing an error message to be printed, as demonstrated by a telnet session to the LPD from a source port other than 515.
by Andy Davis
CVE-2007-6700 EXPLOITDB text VERIFIED
OpenBSD 4.1 - Cross-Site Scripting via BGPD Web Interface cmd Parameter
Cross-site scripting (XSS) vulnerability in cgi-bin/bgplg in the web interface for the BGPD daemon in OpenBSD 4.1 allows remote attackers to inject arbitrary web script or HTML via the cmd parameter.
by Anton Karpov
CVE-2007-5386 EXPLOITDB text VERIFIED
phpMyAdmin 2.11.1 - Cross-Site Scripting via Query String
Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string.
by Omer Singer
CVE-2007-5411 EXPLOITDB text VERIFIED
Linksys SPA941 - Cross-Site Scripting via SIP From Header
Cross-site scripting (XSS) vulnerability in the Linksys SPA941 VoIP Phone with firmware 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the From header in a SIP message.
by Radu State
CVE-2007-5370 EXPLOITDB text VERIFIED
NetWin DNewsWeb 57e1 - Cross-Site Scripting via Group or Utag Parameter
Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/dnewsweb.exe in NetWin DNewsWeb (DNews News Server) 57e1 allow remote attackers to inject arbitrary web script or HTML via the (1) group or (2) utag parameter.
by Doz
CVE-2007-5311 EXPLOITDB text VERIFIED
TorrentTrader Classic Edition 1.07 - Remote File Inclusion via ss_uri Parameter
Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic Edition 1.07 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ss_uri parameter.
by HACKERS PAL
CVE-2007-5314 EXPLOITDB text VERIFIED
xkiosk_web 3.0.1i - Remote Code Execution via PEARPATH Parameter
PHP remote file inclusion vulnerability in system/funcs/xkurl.php in xKiosk WEB 3.0.1i, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PEARPATH parameter.
by h4ck3r
CVE-2007-5312 EXPLOITDB text VERIFIED
TorrentTrader Classic 1.07 - Cross-Site Scripting via Color Parameter or Category Parameter
Cross-site scripting (XSS) vulnerability in TorrentTrader Classic 1.07 allows remote attackers to inject arbitrary web script or HTML via the (1) color parameter to pjirc/css.php and the (2) cat parameter to browse.php.
by HACKERS PAL
CVE-2007-5316 EXPLOITDB text VERIFIED
Softbiz Jobs and Recruitment Script - SQL Injection via browsecats.php cid Parameter
SQL injection vulnerability in browsecats.php in Softbiz Jobs and Recruitment Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by Khashayar Fereidani
EIP-2026-112268 EXPLOITDB text VERIFIED
SNewsCMS 2.1 - 'News_page.php' Cross-Site Scripting
by medconsultation.ru
CVE-2007-5315 EXPLOITDB text VERIFIED
LiveAlbum 0.9.0 - Remote Code Execution via livealbum_dir Parameter
PHP remote file inclusion vulnerability in common.php in LiveAlbum 0.9.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the livealbum_dir parameter.
by S.W.A.T.
CVE-2007-5362 EXPLOITDB text VERIFIED
MOSMedia Lite 4.5.1 - Remote Code Execution via mosConfig_absolute_path Parameter
Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) credits.html.php, (2) info.html.php, (3) media.divs.php, (4) media.divs.js.php, (5) purchase.html.php, or (6) support.html.php in includes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: vector 3 may be the same as CVE-2007-2043.2.
by k1n9k0ng
CVE-2007-5301 EXPLOITDB text VERIFIED
AlsaPlayer < 0.99.80-rc2 - Buffer Overflow in Vorbis Input Plugin
Buffer overflow in the vorbis_stream_info function in input/vorbis/vorbis_engine.c (aka the vorbis input plugin) in AlsaPlayer before 0.99.80-rc3 allows remote attackers to execute arbitrary code via a .OGG file with long comments.
by Erik
CVE-2007-5293 EXPLOITDB text VERIFIED
IDMOS 1.0-beta - Cross-Site Scripting via err_msg or content Parameter
Multiple cross-site scripting (XSS) vulnerabilities in IDMOS 1.0-beta (aka Phoenix) allow remote attackers to inject arbitrary web script or HTML via the (1) err_msg parameter to error.php and the (2) content parameter to templates/simple/ia.php.
by HACKERS PAL
CVE-2007-5321 EXPLOITDB text VERIFIED
Verlihub Control Panel <= 1.7 - Path Traversal via Page Parameter
Directory traversal vulnerability in index.php in Verlihub Control Panel (VHCP) 1.7 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) in the page parameter.
by TEAMELITE
CVE-2007-5310 EXPLOITDB text VERIFIED
webmaster-tips.net wmtportfolio 1.0 for Joomla! - Remote Code Execution via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in admin.wmtportfolio.php in the webmaster-tips.net wmtportfolio 1.0 (com_wmtportfolio) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
by NoGe
CVE-2007-5309 EXPLOITDB text VERIFIED
webmaster-tips.net Flash Image Gallery 1.0 for Joomla! - Remote Code Execution via mosConfig_live_site Parameter
PHP remote file inclusion vulnerability in admin.wmtgallery.php in the webmaster-tips.net Flash Image Gallery (com_wmtgallery) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
by Mehmet Ince
CVE-2007-5294 EXPLOITDB text VERIFIED
IDMOS 1.0-beta - Remote Code Execution via site_absolute_path Parameter
PHP remote file inclusion vulnerability in core/aural.php in IDMOS 1.0-beta (aka Phoenix) allows remote attackers to execute arbitrary PHP code via a URL in the site_absolute_path parameter.
by HACKERS PAL
CVE-2007-5299 EXPLOITDB text VERIFIED
SkaDate 5.0-6.0 - Path Traversal via View Mode Parameter
Multiple directory traversal vulnerabilities in SkaDate 5.0 and 6.0, and possibly later versions such as 6.482, allow remote attackers to read arbitrary files via a .. (dot dot) in the view_mode parameter to (1) featured_list.php and (2) online_list.php in member/.
by SnIpEr_SA
CVE-2007-5313 EXPLOITDB text VERIFIED
Picturesolution < 2.1 - Remote Code Execution via Path Parameter in install/config.php
PHP remote file inclusion vulnerability in install/config.php in Picturesolution 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
by Mogatil
CVE-2007-5363 EXPLOITDB text VERIFIED
Joomla Panoramic Picture Viewer 1.0 - Remote Code Execution via mosConfig_live_site Parameter
PHP remote file inclusion vulnerability in admin.panoramic.php in the Panoramic Picture Viewer (com_panoramic) mambot (plugin) 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by NoGe
CVE-2007-5307 EXPLOITDB text VERIFIED
ELSEIF CMS Beta 0.6 - Remote Code Execution via SWFUpload Parameter Hash Collision
ELSEIF CMS Beta 0.6 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a .php file via externe/swfupload/upload.php. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in ELSEIF CMS.
by HACKERS PAL
CVE-2007-3896 EXPLOITDB text VERIFIED
Internet Explorer - Remote Code Execution via Invalid URI Handler Sequences
The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.
by Billy Rios
CVE-2007-5271 EXPLOITDB text VERIFIED
Trionic Cite CMS 1.2 rev9 - Remote Code Execution via bField[bf_data] Parameter
Multiple PHP remote file inclusion vulnerabilities in Trionic Cite CMS 1.2 rev9 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the bField[bf_data] parameter to (1) interface/editors/-custom.php or (2) interface/editors/custom.php.
by GoLd_M