Text Exploits
31,394 exploits tracked across all sources.
Google Urchin < 5.7.03 - Cross-Site Scripting via Login Page Query String
Cross-site scripting (XSS) vulnerability in session.cgi (aka the login page) in Google Urchin 5 5.7.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, a different vulnerability than CVE-2007-4713. NOTE: this can be leveraged to capture login credentials in some browsers that support remembered (auto-completed) passwords.
by pagvac
Wordsmith 1.0 RC1 - Path Traversal via _path Parameter
Directory traversal vulnerability in config.inc.php in Wordsmith 1.0 RC1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _path parameter.
by ShockShadow
Wordsmith 1.0 RC1 - Remote Code Execution via _path Parameter
PHP remote file inclusion vulnerability in config.inc.php in Wordsmith 1.0 RC1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the _path parameter.
by ShockShadow
phpFullAnnu 6.0 - SQL Injection via mod Parameter
SQL injection vulnerability in index.php in phpFullAnnu (PFA) 6.0 allows remote attackers to execute arbitrary SQL commands via the mod parameter.
by IHTeam
Nuke Mobile Entertainment 1 - Remote File Inclusion via module_name Parameter
Directory traversal vulnerability in data/compatible.php in the Nuke Mobile Entertainment 1 addon for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter.
by h4ck3r
David Watters Helplink 0.1.0 - Remote Code Execution via show.php file Parameter
PHP remote file inclusion vulnerability in show.php in David Watters Helplink 0.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
by GoLd_M
Clansphere 2007.4 - SQL Injection via cat_id Parameter
SQL injection vulnerability in mods/banners/navlist.php in Clansphere 2007.4 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to index.php in a banners action.
by IHTeam
Black Lily 2007 - 'products.php?class' SQL Injection
by VerY-SecReT
Xen 3.0.3 - Authenticated Remote Code Execution via Crafted grub.conf File
pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest domain, allows local users with elevated privileges in the guest domain to execute arbitrary commands in domain 0 via a crafted grub.conf file whose contents are used in exec statements.
by Joris van Rantwijk
izicontents < 1_rc6 - Remote Code Execution via gsLanguage Parameter
Multiple PHP remote file inclusion vulnerabilities in iziContents 1 RC6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the gsLanguage parameter to (1) search/search.php, (2) poll/inlinepoll.php, (3) poll/showpoll.php, (4) links/showlinks.php, or (5) links/submit_links.php in modules/.
by irk4z
izicontents < 1_rc6 - Remote Code Execution via URL Parameter Injection
Multiple incomplete blacklist vulnerabilities in iziContents 1 RC6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in (1) the admin_home parameter to modules/poll/poll_summary.php or (2) the rootdp parameter to include/db.php; or a URL in the language_home parameter to (3) search/search.php, (4) poll/inlinepoll.php, (5) poll/showpoll.php, (6) links/showlinks.php, or (7) links/submit_links.php in modules/; related to missing checks in (a) modules/moduleSec.php and (b) include/includeSec.php for inclusion of certain URLs, as demonstrated by an ftps:// URL.
by irk4z
TinyMCE Compressor PHP <1.06 - Path Traversal
Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a trailing null byte (%00) in the (1) theme, (2) language, (3) plugins, or (4) lang parameter.
by irk4z
Neuron News 1.0 - Path Traversal via q Parameter
Directory traversal vulnerability in index.php in Neuron News 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the q parameter.
by Dj7xpl
Joomla Flash Slide Show Component - Remote Code Execution via mosConfig_live_site Parameter
PHP remote file inclusion vulnerability in admin.slideshow1.php in the Flash Slide Show (com_slideshow) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
by ShockShadow
izicontents < 1_rc6 - Remote File Inclusion via Path Traversal in admin_home or rootdp Parameter
Multiple directory traversal vulnerabilities in iziContents 1 RC6 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the admin_home parameter to modules/poll/poll_summary.php or (2) the rootdp parameter to include/db.php.
by irk4z
ADOdb Lite < 1.42 - Remote Code Execution via last_module Parameter
Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter.
by irk4z
Vigile CMS 1.8 - Cross-Site Scripting via Wiki Title Parameter or Download Cat Parameter
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Vigile CMS 1.8 allow remote attackers to inject arbitrary web script or HTML via a request to the wiki module with (1) the title parameter or (2) a "title=" sequence in the PATH_INFO, or a request to the download module with (3) the cat parameter or (4) a "cat=" sequence in the PATH_INFO.
by x0kster
phpBB Plus 1.53-1.53a - Remote Code Execution via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in language/lang_german/lang_main_album.php in phpBB Plus 1.53, and 1.53a before 20070922, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
by Mehrad
Google Mini Search Appliance 3.4.14 - Cross-Site Scripting via ie Parameter
Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance 3.4.14 allows remote attackers to inject arbitrary web script or HTML via the ie parameter to the /search URI.
by Websecurity
WebBatch < 2007c - Exposure of Sensitive Information via dumpinputdata Parameter
webbatch.exe in WebBatch allows remote attackers to obtain sensitive information via the dumpinputdata parameter.
by Doz
WebBatch - Cross-Site Scripting via URL Parameter
Cross-site scripting (XSS) vulnerability in WebBatch allows remote attackers to inject arbitrary web script or HTML via the URL to webbatch.exe.
by Doz
Streamline PHP Media Server 1.0-beta4 - Remote Code Execution via sl_theme_unix_path Parameter
Multiple PHP remote file inclusion vulnerabilities in Streamline PHP Media Server 1.0-beta4 allow remote attackers to execute arbitrary PHP code via a URL in the sl_theme_unix_path parameter to (1) admin_footer.php, (2) info_footer.php, (3) theme_footer.php, (4) browse_footer.php, (5) account_footer.php, or (6) search_footer.php in core/theme/includes/. NOTE: the vulnerability is present only when the administrator does not follow installation instructions about the requirement for .htaccess Limit support.
by BiNgZa
LevelOne WBR3404TX R1.94p0vTIG - Cross-Site Scripting via DD or DU Parameter
Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/ddns in the web management panel for the WBR3404TX broadband router with firmware R1.94p0vTIG allow remote attackers to inject arbitrary web script or HTML via the (1) DD or (2) DU parameter.
by azizov
phpsyncml < 0.1.2 - Remote Code Execution via base_dir Parameter
Multiple PHP remote file inclusion vulnerabilities in phpSyncML 0.1.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the base_dir parameter to (1) Decoder.php and (2) Encoder.php in WBXML/.
by S.W.A.T.
modifyform - 'modifyform.html' Remote File Inclusion
by mozi
By Source