Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2007-5177 EXPLOITDB text VERIFIED
MambAds < 1.5 - SQL Injection via caid Parameter
SQL injection vulnerability in index.php in the MambAds (com_mambads) 1.5 and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the caid parameter.
by Sniper456
CVE-2007-5149 EXPLOITDB text VERIFIED
North Country Public Radio Public Media Manager 1.3 - Remote Code Execution via NewsCMS indir Parameter
PHP remote file inclusion vulnerability in NewsCMS/news/newstopic_inc.php in North Country Public Radio Public Media Manager (PMM) 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the indir parameter.
by 0in
CVE-2007-5157 EXPLOITDB text VERIFIED
PHP Fidonet Tosser 1.3.0 - Remote Code Execution via SRC_PATH Parameter
PHP remote file inclusion vulnerability in phfito-post.php in Alex Kocharin PHP Fidonet Tosser (PhFiTo) 1.3.0 in phpFidoNode allows remote attackers to execute arbitrary PHP code via a URL in the SRC_PATH parameter to phfito-post.
by w0cker
CVE-2007-5138 EXPLOITDB text VERIFIED
lustig.cms BETA 2.5 - Remote Code Execution via Forum View Parameter
PHP remote file inclusion vulnerability in forum/forum.php in lustig.cms BETA 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the view parameter.
by GoLd_M
CVE-2007-5140 EXPLOITDB text VERIFIED
IntegraMOD Nederland 1.4.2 - Remote Code Execution via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in includes/archive/archive_topic.php in IntegraMOD Nederland 1.4.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
by Mehmet Ince
CVE-2007-5139 EXPLOITDB text VERIFIED
chupix_cms 0.2.3 - Remote Code Execution via Repertoire Parameter
PHP remote file inclusion vulnerability in admin/include/header.php in chupix 0.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the repertoire parameter.
by 0in
CVE-2007-5142 EXPLOITDB text VERIFIED
Solidweb Novus 1.0 - Cross-Site Scripting via buscar.asp p Parameter
Cross-site scripting (XSS) vulnerability in buscar.asp in Solidweb Novus 1.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Zutr4
CVE-2007-5122 EXPLOITDB text VERIFIED
SoftBiz Classifieds PLUS - SQL Injection via store_info.php id Parameter
SQL injection vulnerability in store_info.php in SoftBiz Classifieds PLUS allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Khashayar Fereidani
CVE-2007-5117 EXPLOITDB text VERIFIED
FrontAccounting 1.13 - Remote Code Execution via path_to_root Parameter
Multiple PHP remote file inclusion vulnerabilities in FrontAccounting (FA) 1.13, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter to (1) access/login.php and (2) includes/lang/language.php, different vectors than CVE-2007-4279.
by kezzap66345
CVE-2007-5131 EXPLOITDB text VERIFIED
Interspire ActiveKB NX 2.x - SQL Injection via catId Parameter
SQL injection vulnerability in index.php in Interspire ActiveKB NX 2.x allows remote attackers to execute arbitrary SQL commands via the catId parameter in a browse action. NOTE: it was separately reported that ActiveKB 1.5 is also affected.
by Luna-Tic/XTErner
CVE-2007-5123 EXPLOITDB text VERIFIED
Novus 1.0 - SQL Injection via nota_id Parameter
SQL injection vulnerability in notas.asp in Novus 1.0 allows remote attackers to execute arbitrary SQL commands via the nota_id parameter.
by ka0x
CVE-2007-4874 EXPLOITDB text VERIFIED
SimpNews 2.41.03 - Cross-Site Scripting via l_username and backurl Parameters
Multiple cross-site scripting (XSS) vulnerabilities in SimpNews 2.41.03 allow remote attackers to inject arbitrary web script or HTML via the (1) l_username parameter to admin/layout2b.php, and the (2) backurl parameter to comment.php.
by Jesper Jurcenoks
CVE-2007-4874 EXPLOITDB text VERIFIED
SimpNews 2.41.03 - Cross-Site Scripting via l_username and backurl Parameters
Multiple cross-site scripting (XSS) vulnerabilities in SimpNews 2.41.03 allow remote attackers to inject arbitrary web script or HTML via the (1) l_username parameter to admin/layout2b.php, and the (2) backurl parameter to comment.php.
by Jesper Jurcenoks
CVE-2007-5127 EXPLOITDB text VERIFIED
SimpGB 1.46.02 - Cross-Site Scripting via l_username or l_emoticonlist Parameter
Multiple cross-site scripting (XSS) vulnerabilities in SimpGB 1.46.02 allow remote attackers to inject arbitrary web script or HTML via (1) the l_username parameter to the default URI under admin/ or (2) the l_emoticonlist parameter to admin/emoticonlist.php.
by netVigilance
CVE-2007-5127 EXPLOITDB text VERIFIED
SimpGB 1.46.02 - Cross-Site Scripting via l_username or l_emoticonlist Parameter
Multiple cross-site scripting (XSS) vulnerabilities in SimpGB 1.46.02 allow remote attackers to inject arbitrary web script or HTML via (1) the l_username parameter to the default URI under admin/ or (2) the l_emoticonlist parameter to admin/emoticonlist.php.
by netVigilance
CVE-2007-5092 EXPLOITDB text VERIFIED
Dance Music Module for phpNuke - Path Traversal via ACCEPT_FILE Array Parameter
Directory traversal vulnerability in index.php in the Dance Music module for phpNuke, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in an ACCEPT_FILE array parameter to modules.php.
by waraxe
CVE-2007-5120 EXPLOITDB text VERIFIED
JSPWiki 2.4.103 and 2.5.139-beta - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in JSPWiki 2.4.103 and 2.5.139-beta allow remote attackers to inject arbitrary web script or HTML via the (1) group and (2) members parameters in (a) NewGroup.jsp; the (3) edittime parameter in (b) Edit.jsp; the (4) edittime, (5) author, and (6) link parameters in (c) Comment.jsp; the (7) loginname, (8) wikiname, (9) fullname, and (10) email parameters in (d) UserPreferences.jsp and (e) Login.jsp; the (11) r1 and (12) r2 parameters in (f) Diff.jsp; and the (13) changenote parameter in (g) PageInfo.jsp.
by Jason Kratzer
CVE-2007-5120 EXPLOITDB text VERIFIED
JSPWiki 2.4.103 and 2.5.139-beta - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in JSPWiki 2.4.103 and 2.5.139-beta allow remote attackers to inject arbitrary web script or HTML via the (1) group and (2) members parameters in (a) NewGroup.jsp; the (3) edittime parameter in (b) Edit.jsp; the (4) edittime, (5) author, and (6) link parameters in (c) Comment.jsp; the (7) loginname, (8) wikiname, (9) fullname, and (10) email parameters in (d) UserPreferences.jsp and (e) Login.jsp; the (11) r1 and (12) r2 parameters in (f) Diff.jsp; and the (13) changenote parameter in (g) PageInfo.jsp.
by Jason Kratzer
CVE-2007-5120 EXPLOITDB text VERIFIED
JSPWiki 2.4.103 and 2.5.139-beta - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in JSPWiki 2.4.103 and 2.5.139-beta allow remote attackers to inject arbitrary web script or HTML via the (1) group and (2) members parameters in (a) NewGroup.jsp; the (3) edittime parameter in (b) Edit.jsp; the (4) edittime, (5) author, and (6) link parameters in (c) Comment.jsp; the (7) loginname, (8) wikiname, (9) fullname, and (10) email parameters in (d) UserPreferences.jsp and (e) Login.jsp; the (11) r1 and (12) r2 parameters in (f) Diff.jsp; and the (13) changenote parameter in (g) PageInfo.jsp.
by Jason Kratzer
CVE-2007-5120 EXPLOITDB text VERIFIED
JSPWiki 2.4.103 and 2.5.139-beta - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in JSPWiki 2.4.103 and 2.5.139-beta allow remote attackers to inject arbitrary web script or HTML via the (1) group and (2) members parameters in (a) NewGroup.jsp; the (3) edittime parameter in (b) Edit.jsp; the (4) edittime, (5) author, and (6) link parameters in (c) Comment.jsp; the (7) loginname, (8) wikiname, (9) fullname, and (10) email parameters in (d) UserPreferences.jsp and (e) Login.jsp; the (11) r1 and (12) r2 parameters in (f) Diff.jsp; and the (13) changenote parameter in (g) PageInfo.jsp.
by Jason Kratzer
CVE-2007-5120 EXPLOITDB text VERIFIED
JSPWiki 2.4.103 and 2.5.139-beta - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in JSPWiki 2.4.103 and 2.5.139-beta allow remote attackers to inject arbitrary web script or HTML via the (1) group and (2) members parameters in (a) NewGroup.jsp; the (3) edittime parameter in (b) Edit.jsp; the (4) edittime, (5) author, and (6) link parameters in (c) Comment.jsp; the (7) loginname, (8) wikiname, (9) fullname, and (10) email parameters in (d) UserPreferences.jsp and (e) Login.jsp; the (11) r1 and (12) r2 parameters in (f) Diff.jsp; and the (13) changenote parameter in (g) PageInfo.jsp.
by Jason Kratzer
CVE-2007-5120 EXPLOITDB text VERIFIED
JSPWiki 2.4.103 and 2.5.139-beta - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in JSPWiki 2.4.103 and 2.5.139-beta allow remote attackers to inject arbitrary web script or HTML via the (1) group and (2) members parameters in (a) NewGroup.jsp; the (3) edittime parameter in (b) Edit.jsp; the (4) edittime, (5) author, and (6) link parameters in (c) Comment.jsp; the (7) loginname, (8) wikiname, (9) fullname, and (10) email parameters in (d) UserPreferences.jsp and (e) Login.jsp; the (11) r1 and (12) r2 parameters in (f) Diff.jsp; and the (13) changenote parameter in (g) PageInfo.jsp.
by Jason Kratzer
CVE-2007-5089 EXPLOITDB text VERIFIED
sk.log 0.5.3 - Remote Code Execution via SKIN_URL Parameter
PHP remote file inclusion vulnerability in php-inc/log.inc.php in sk.log 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SKIN_URL parameter.
by w0cker
CVE-2007-5098 EXPLOITDB text VERIFIED
DFD Cart < 1.1.4 - Remote Code Execution via set_depth Parameter
Multiple PHP remote file inclusion vulnerabilities in DFD Cart 1.1.4 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the set_depth parameter to (1) app.lib/product.control/core.php/product.control.config.php, or (2) customer.browse.list.php or (3) customer.browse.search.php in app.lib/product.control/core.php/customer.area/.
by BiNgZa
EIP-2026-105427 EXPLOITDB text VERIFIED
bcoos 1.0.10 Arcade Module - 'index.php' SQL Injection
by nights shadow