Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2007-5290 EXPLOITDB text VERIFIED
MailBee WebMail < 3.4 - Cross-Site Scripting via Login Mode Parameters
Multiple cross-site scripting (XSS) vulnerabilities in MailBee WebMail Pro 3.4 and earlier; and possibly MailBee WebMail Pro ASP before 3.4.64, WebMail Lite ASP before 4.0.11, and WebMail Lite PHP before 4.0.22; allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to login.php and the (2) mode2 parameter to default.asp in an advanced_login mode.
by Ivan Sanchez
CVE-2007-5290 EXPLOITDB text VERIFIED
MailBee WebMail < 3.4 - Cross-Site Scripting via Login Mode Parameters
Multiple cross-site scripting (XSS) vulnerabilities in MailBee WebMail Pro 3.4 and earlier; and possibly MailBee WebMail Pro ASP before 3.4.64, WebMail Lite ASP before 4.0.11, and WebMail Lite PHP before 4.0.22; allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to login.php and the (2) mode2 parameter to default.asp in an advanced_login mode.
by Ivan Sanchez
CVE-2007-5264 EXPLOITDB text VERIFIED
Battlefront Dropteam <= 1.3.3 - Unauthenticated Exposure of Sensitive Information via Game Server
Battlefront Dropteam 1.3.3 and earlier sends the client's online account name and password to the game server, which allows malicious game servers to steal account information.
by Luigi Auriemma
CVE-2007-5265 EXPLOITDB text VERIFIED
dawn_of_time < 1.69s_beta4 - Remote Code Execution via Format String in Username or Password
Multiple format string vulnerabilities in websrv.cpp in Dawn of Time 1.69s beta4 and earlier allow remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) password fields when accessing certain "restricted zones", which are not properly handled by the (a) processWebHeader and (b) filterWebRequest functions.
by Luigi Auriemma
CVE-2007-5272 EXPLOITDB text VERIFIED
Furkan Tastan Blog - SQL Injection via kategori.asp id Parameter
SQL injection vulnerability in kategori.asp in Furkan Tastan Blog allows remote attackers to execute arbitrary SQL commands via the id parameter in a goster kat action.
by CyberGhost
CVE-2007-5233 EXPLOITDB text VERIFIED
Web Template Management System 1.3 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in Web Template Management System 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a readmore action.
by bius
EIP-2026-112460 EXPLOITDB text VERIFIED
Stuffed Guys Stuffed Tracker - Multiple Cross-Site Scripting Vulnerabilities
by Aria-Security Team
CVE-2007-5234 EXPLOITDB text VERIFIED
Ossigeno CMS 2.2 alpha3 - Remote Code Execution via Level Parameter
PHP remote file inclusion vulnerability in upload/common/footer.php in Ossigeno CMS 2.2 alpha3 allows remote attackers to execute arbitrary PHP code via a URL in the level parameter.
by Nice Name Crew
EIP-2026-107405 EXPLOITDB text VERIFIED
GForge 4.6/4.5/3.1 - 'Verify.php' Cross-Site Scripting
by Jose Sanchez
CVE-2007-5253 EXPLOITDB text VERIFIED
Cart32 < 6.3 - Arbitrary File Read via ImageName Parameter
c32web.exe in McMurtrey/Whitaker Cart32 before 6.4 allows remote attackers to read arbitrary files via the ImageName parameter in a GetImage action, by appending a NULL byte (%00) sequence followed by an image file extension, as demonstrated by a request for a ".txt%00.gif" file. NOTE: this might be a directory traversal vulnerability.
by Paul Craig
CVE-2007-5235 EXPLOITDB text VERIFIED
uebimiau 2.7.2-2.7.10 - Cross-Site Scripting via f_email Parameter
Cross-site scripting (XSS) vulnerability in index.php in Uebimiau 2.7.2 through 2.7.10 allows remote attackers to inject arbitrary web script or HTML via the f_email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Ivan Sanches
CVE-2007-5218 EXPLOITDB text VERIFIED
Don Barnes DRBGuestbook 1.1.13 - Cross-Site Scripting via Action Parameter
Cross-site scripting (XSS) vulnerability in index.php in Don Barnes DRBGuestbook 1.1.13 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
by Gokhan
CVE-2006-3173 EXPLOITDB text VERIFIED
Content*Builder 0.7.5 - Remote File Inclusion via Multiple Parameters
Multiple PHP remote file inclusion vulnerabilities in Content*Builder 0.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) path[cb] parameter to (a) libraries/comment/postComment.php and (b) modules/poll/poll.php, (2) rel parameter to (c) modules/archive/overview.inc.php, and the (3) actualModuleDir parameter to (d) modules/forum/showThread.inc.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
by Mehrad Ansari Targhi
CVE-2007-5221 EXPLOITDB text VERIFIED
Poppawid 2.7 - Remote Code Execution via Form Parameter
PHP remote file inclusion vulnerability in mail/childwindow.inc.php in Poppawid 2.7 allows remote attackers to execute arbitrary PHP code via a URL in the form parameter.
by 0in
CVE-2007-5256 EXPLOITDB text VERIFIED
FSD 2.052 d9 and earlier - Remote Code Execution via Long HELP Command
Multiple stack-based buffer overflows in FSD 2.052 d9 and earlier, and FSFDT FSD 3.000 d9 and earlier, allow (1) remote attackers to execute arbitrary code via a long HELP command on TCP port 3010 to the sysuser::exechelp function in sysuser.cc and (2) remote authenticated users to execute arbitrary code via long commands on TCP port 6809 to the servinterface::sendmulticast function in servinterface.cc, as demonstrated by a PIcallsign command.
by Luigi Auriemma
CVE-2007-5186 EXPLOITDB text VERIFIED
Segue CMS < 1.8.4 - Remote Code Execution via themesdir Parameter
PHP remote file inclusion vulnerability in index.php in Segue CMS 1.8.4 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the themesdir parameter, a different vector than CVE-2006-5497. NOTE: this issue was disputed, but the dispute was retracted after additional analysis.
by kezzap66345
CVE-2007-5185 EXPLOITDB text VERIFIED
phpwcms-xt < 0.0.7_beta - Remote Code Execution via HTML_MENU_DirPath Parameter
Multiple PHP remote file inclusion vulnerabilities in phpWCMS XT 0.0.7 BETA and earlier allow remote attackers to execute arbitrary PHP code via a URL in the HTML_MENU_DirPath parameter to (1) config_HTML_MENU.php and (2) config_PHPLM.php in phpwcms_template/inc_script/frontend_render/navigation/.
by kezzap66345
CVE-2007-5175 EXPLOITDB text VERIFIED
actsite 1.991 Beta - Remote Code Execution via BaseCfg[BaseDir] Parameter
PHP remote file inclusion vulnerability lib/base.php in actSite 1.991 Beta allows remote attackers to execute arbitrary PHP code via a URL in the BaseCfg[BaseDir] parameter.
by DNX
CVE-2007-5174 EXPLOITDB text VERIFIED
actSite 1.56 - Path Traversal via News.php Do Parameter
Directory traversal vulnerability in phpinc/news.php in actSite 1.56 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the do parameter.
by DNX
CVE-2007-5180 EXPLOITDB text VERIFIED
Ohesa Emlak Portali - SQL Injection via Kategori or Emlak Parameter
Multiple SQL injection vulnerabilities in Ohesa Emlak Portali allow remote attackers to execute arbitrary SQL commands via the (1) Kategori parameter in satilik.asp and the (2) Emlak parameter in detay.asp.
by GeFORC3
CVE-2007-5180 EXPLOITDB text VERIFIED
Ohesa Emlak Portali - SQL Injection via Kategori or Emlak Parameter
Multiple SQL injection vulnerabilities in Ohesa Emlak Portali allow remote attackers to execute arbitrary SQL commands via the (1) Kategori parameter in satilik.asp and the (2) Emlak parameter in detay.asp.
by GeFORC3
CVE-2007-5181 EXPLOITDB text VERIFIED
Netkamp Emlak Scripti - SQL Injection via detay.asp ilan_id Parameter
SQL injection vulnerability in detay.asp in Netkamp Emlak Scripti allows remote attackers to execute arbitrary SQL commands via the ilan_id parameter.
by GeFORC3
CVE-2008-6875 EXPLOITDB text VERIFIED
ASP Product Catalog - SQL Injection via cid Parameter
SQL injection vulnerability in default.asp in ASP Product Catalog allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-5220.
by joseph.giron13
CVE-2007-5173 EXPLOITDB text VERIFIED
phpBB Openid 0.2.0 - Remote Code Execution via openid_root_path Parameter
PHP remote file inclusion vulnerability in includes/openid/Auth/OpenID/BBStore.php in phpBB Openid 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the openid_root_path parameter.
by Mehmet Ince
CVE-2007-5178 EXPLOITDB text VERIFIED
mx_glance 2.3.3 - Remote Code Execution via mx_root_path Parameter
contrib/mx_glance_sdesc.php in the mx_glance 2.3.3 module for mxBB places a critical security check within a comment because of a missing comment delimiter, which allows remote attackers to conduct remote file inclusion attacks and execute arbitrary PHP code via a URL in the mx_root_path parameter. NOTE: some sources incorrectly state that phpbb_root_path is the affected parameter.
by bd0rk