Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2007-4899 EXPLOITDB text VERIFIED
Boinc Forum < 5.10.20 - Cross-Site Scripting via Forum ID or Search String Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Boinc Forum 5.10.20 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to forum_forum.php, or the search_string parameter to forum_text_search_action.php in a (2) titles or (3) bodies search.
by Doz
CVE-2007-4938 EXPLOITDB text VERIFIED
MPlayer - Heap-based Buffer Overflow via AVI File Indx Truck Size
Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.
by Code Audit Labs
CVE-2007-4939 EXPLOITDB text VERIFIED
Media Player Classic < 6.4.9.0 - Heap-Based Buffer Overflow via AVI File Indx Chunk
Heap-based buffer overflow in mplayerc.exe in Media Player Classic (MPC) 6.4.9.0 and earlier, as used standalone and in mympc (aka CD-Storm) 1.0.0.1, StormPlayer 1.0.4, and possibly other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with an "indx truck size" of 0xffffffff, and certain wLongsPerEntry and nEntriesInuse values.
by Code Audit Labs
CVE-2007-4941 EXPLOITDB text VERIFIED
KMPlayer < 2.9.3.1210 - Denial of Service via Malformed AVI File
KMPlayer 2.9.3.1210 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a .avi file with certain large "indx truck size" and nEntriesInuse values.
by Code Audit Labs
CVE-2007-4907 EXPLOITDB text VERIFIED
X-Cart - Remote Code Execution via xcart_dir Parameter
Multiple PHP remote file inclusion vulnerabilities in X-Cart allow remote attackers to execute arbitrary PHP code via a URL in the xcart_dir parameter to (1) config.php, (2) prepare.php, (3) smarty.php, (4) customer/product.php, (5) provider/auth.php, and (6) admin/auth.php.
by aLiiF
CVE-2007-4906 EXPLOITDB text VERIFIED
NuclearBB Alpha 2 - Remote Code Execution via root_path Parameter
PHP remote file inclusion vulnerability in tasks/send_queued_emails.php in NuclearBB Alpha 2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.
by Rootshell Security
CVE-2007-4905 EXPLOITDB text VERIFIED
AuraCMS 2.1 - Unauthenticated Arbitrary File Upload via mod/contak.php Image Parameter
Unrestricted file upload vulnerability in mod/contak.php in AuraCMS 2.1 allows remote attackers to upload and execute arbitrary PHP files via the image parameter, which places a file under files/.
by k1tk4t
CVE-2007-4886 EXPLOITDB text VERIFIED
AuraCMS 1.x and 2.x - Remote Code Execution via pilih Parameter URL Injection
Incomplete blacklist vulnerability in index.php in AuraCMS 1.x and probably 2.x allows remote attackers to execute arbitrary PHP code via a (1) UNC share pathname, or a (2) ftp, (3) ftps, or (4) ssh2.sftp URL, in the pilih parameter, for which PHP remote file inclusion is blocked only for http URLs.
by k1tk4t
EIP-2026-112175 EXPLOITDB text VERIFIED
SisfoKampus - 'dwoprn.php' Arbitrary File Download
by PUPET
CVE-2007-4895 EXPLOITDB text VERIFIED
Sisfo Kampus 2006 - Path Traversal via dwoprn.php f Parameter
Directory traversal vulnerability in dwoprn.php in Sisfo Kampus 2006 (Semarang 3) allows remote attackers to read arbitrary files via the f parameter.
by k-one
CVE-2007-4834 EXPLOITDB text VERIFIED
phpRealty 0.02 - Remote Code Execution via MGR Parameter File Inclusion
Multiple PHP remote file inclusion vulnerabilities in phpRealty 0.02 allow remote attackers to execute arbitrary PHP code via a URL in the MGR parameter to (1) index.php, (2) p_ins.php, and (3) u_ins.php in manager/admin/.
by QTRinux
EIP-2026-111166 EXPLOITDB text VERIFIED
PHPMyQuote 0.20 - '/index.php' SQL Injection / Cross-Site Scripting
by Yollubunlar.Org
CVE-2007-4908 EXPLOITDB text VERIFIED
AuraCMS <= 2.1 - Remote File Inclusion via Pilih Parameter
Directory traversal vulnerability in index.php in AuraCMS 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pilih parameter.
by k1tk4t
CVE-2007-3997 EXPLOITDB text VERIFIED
PHP 4.0.0-4.4.7 - Remote Bypass of safe_mode and open_basedir via MySQL LOCAL INFILE
The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.
by Mattias Bengtsson
CVE-2007-4838 EXPLOITDB text VERIFIED
CellFactor Revolution < 1.03 - Remote Code Execution via Long Packet String
Multiple buffer overflows in CellFactor Revolution 1.03 and earlier allow remote attackers to execute arbitrary code via a long string in a (1) 0x21, (2) 0x22, or (3) 0x23 packet.
by Luigi Auriemma
EIP-2026-100502 EXPLOITDB text VERIFIED
Proxy Anket 3.0.1 - 'anket.asp' SQL Injection
by Yollubunlar.Org
CVE-2007-4804 EXPLOITDB text VERIFIED
AuraCMS 1.5rc - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in AuraCMS 1.5rc allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) hal.php, (2) cetak.php, (3) lihat.php, (4) pesan.php, and (5) teman.php, different vectors than CVE-2007-4171. NOTE: the scripts may be accessed through requests to the product's top-level default URI, using the pilih parameter, in some circumstances.
by k1tk4t
CVE-2007-4818 EXPLOITDB text VERIFIED
Txx CMS 0.2 - Remote Code Execution via doc_root Parameter
Multiple PHP remote file inclusion vulnerabilities in Txx CMS 0.2 allow remote attackers to execute arbitrary PHP code via a URL in the doc_root parameter to (1) addons/plugin.php, (2) addons/sidebar.php, (3) mail/index.php, or (4) mail/mailbox.php in modules/.
by Nice Name Crew
CVE-2007-4807 EXPLOITDB text VERIFIED
Focus/SIS 2.2 - Remote Code Execution via Staticpath Parameter
Multiple PHP remote file inclusion vulnerabilities in Focus/SIS 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the staticpath parameter to (1) modules/Discipline/CategoryBreakdownTime.php or (2) modules/Discipline/StudentFieldBreakdown.php.
by ThE TiGeR
CVE-2007-4806 EXPLOITDB text VERIFIED
Focus/SIS 1.0 - Remote Code Execution via FocusPath Parameter
PHP remote file inclusion vulnerability in modules/Discipline/CategoryBreakdownTime.php in Focus/SIS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the FocusPath parameter.
by ThE TiGeR
CVE-2007-4816 EXPLOITDB text VERIFIED
BaoFeng Storm - Multiple Buffer Overflows in ActiveX Control via Long Property Values
Multiple buffer overflows in the BaoFeng2 storm ActiveX control in Mps.dll allow remote attackers to have an unknown impact via a long (1) URL, (2) backImage, or (3) titleImage property value; (4) a long first argument to the advancedOpen method; a long argument to the (5) isDVDPath or (6) rawParse method; or (7) a .smpl file with a long path attribute in an item element in a PlayList.
by ZhenHan.Liu
CVE-2007-4815 EXPLOITDB text VERIFIED
Markus Iser ED Engine 0.8999 alpha - Remote Code Execution via Codebase Parameter
Multiple PHP remote file inclusion vulnerabilities in WebED in Markus Iser ED Engine 0.8999 alpha allow remote attackers to execute arbitrary PHP code via a URL in the Codebase parameter to (1) channeledit.php, (2) post.php, (3) view.php, or (4) viewitem.php in source/mod/rss/.
by MhZ91
CVE-2007-4819 EXPLOITDB text VERIFIED
Txx CMS 0.2 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in Txx CMS 0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by Nice Name Crew
CVE-2007-4896 EXPLOITDB text VERIFIED
Toms Gaestebuch <= 1.01 - Cross-Site Scripting via lang or einst Parameter
Multiple cross-site scripting (XSS) vulnerabilities in admin/header.php in Toms Gaestebuch 1.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) lang[adminseite], (2) lang[ueberschrift], or (3) einst[metachar] parameter, different vectors than CVE-2007-4711.
by hd1979
CVE-2007-4808 EXPLOITDB text VERIFIED
TLM CMS 3.2 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in TLM CMS 3.2 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php in a lirenews action, (2) the idnews parameter to goodies.php in a lire action, (3) the id parameter to file.php in a voir action, (4) the ID parameter to affichage.php, (5) the id_sal parameter to mod_forum/afficher.php, or (6) the id_sujet parameter to mod_forum/messages.php. NOTE: it was later reported that goodies.php and affichage.php scripts are reachable through index.php, and 1.1 is also affected. NOTE: it was later reported that the goodies.php vector also affects 3.1.
by k1tk4t