Text Exploits
31,394 exploits tracked across all sources.
Php Blue Dragon CMS 3.0.0 - Remote File Inclusion via vsDragonRootPath Parameter
PHP remote file inclusion vulnerability in public_includes/pub_blocks/activecontent.php in Php Blue Dragon CMS 3.0.0 allows remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter, a different vector than CVE-2006-2392, CVE-2006-3076, and CVE-2006-6958.
by Kacper
Web News 1.1 - Remote File Inclusion via config[root_ordner] Parameter
Multiple PHP remote file inclusion vulnerabilities in Web News 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php, (2) news.php, or (3) feed.php.
by Rizgar
Web News 1.1 - Remote File Inclusion via config[root_ordner] Parameter
Multiple PHP remote file inclusion vulnerabilities in Web News 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php, (2) news.php, or (3) feed.php.
by Rizgar
Web News 1.1 - Remote File Inclusion via config[root_ordner] Parameter
Multiple PHP remote file inclusion vulnerabilities in Web News 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php, (2) news.php, or (3) feed.php.
by Rizgar
Shoutbox 1.0 - Remote File Inclusion via Root Parameter
PHP remote file inclusion vulnerability in shoutbox.php in Shoutbox 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
by Rizgar
Ncaster 1.7.2 - Remote File Inclusion via adminfolder Parameter
PHP remote file inclusion vulnerability in admin/addons/archive/archive.php in Ncaster 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the adminfolder parameter.
by k1n9k0ng
Gaestebuch 1.5 - Remote File Inclusion via config[root_ordner] Parameter
PHP remote file inclusion vulnerability in index.php in Gaestebuch 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter.
by Rizgar
File Uploader 1.1 - Remote File Inclusion via config[root_ordner] Parameter
Multiple PHP remote file inclusion vulnerabilities in File Uploader 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php or (2) datei.php.
by Rizgar
File Uploader 1.1 - Remote File Inclusion via config[root_ordner] Parameter
Multiple PHP remote file inclusion vulnerabilities in File Uploader 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php or (2) datei.php.
by Rizgar
Mapos Bilder Galerie - Remote Code Execution via config[root_ordner] Parameter
Multiple PHP remote file inclusion vulnerabilities in Mapos Bilder Galerie 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php, (2) galerie.php, or (3) anzagien.php. NOTE: A later report states that 1.1 is also affected, but that the filename for vector 3 is anzeigen.php.
by Rizgar
NetBSD/OpenBSD - Local Privilege Escalation
Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing.
by Robert N. M. Watson
fishcart < 3.2_rc2 - Remote File Inclusion via docroot Parameter
PHP remote file inclusion vulnerability in fc_functions/fc_example.php in FishCart 3.2 RC2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the docroot parameter.
by k1n9k0ng
Coppermine Photo Gallery <1.3.1 - RCE
PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter.
by Ma$tEr-0F-De$a$t0r
Microsoft Internet Explorer 6 - Position:Relative Denial of Service
by Hamachiya2
VietPHP - Remote File Inclusion via dirpath or language Parameter
Multiple PHP remote file inclusion vulnerabilities in VietPHP allow remote attackers to execute arbitrary PHP code via a URL in (1) the dirpath parameter to (a) _functions.php, or (2) the language parameter to (b) admin/index.php or (c) index.php.
by master-of-desastor
VietPHP - Remote File Inclusion via dirpath or language Parameter
Multiple PHP remote file inclusion vulnerabilities in VietPHP allow remote attackers to execute arbitrary PHP code via a URL in (1) the dirpath parameter to (a) _functions.php, or (2) the language parameter to (b) admin/index.php or (c) index.php.
by master-of-desastor
VietPHP - Remote File Inclusion via dirpath or language Parameter
Multiple PHP remote file inclusion vulnerabilities in VietPHP allow remote attackers to execute arbitrary PHP code via a URL in (1) the dirpath parameter to (a) _functions.php, or (2) the language parameter to (b) admin/index.php or (c) index.php.
by master-of-desastor
Andreas Robertz PHPNews 0.93 - Remote File Inclusion via format_menue Parameter
PHP remote file inclusion vulnerability in admin/inc/change_action.php in Andreas Robertz PHPNews 0.93 allows remote attackers to execute arbitrary PHP code via a URL in the format_menue parameter.
by kezzap66345
IDevSpot PhpHostBot <= 1.06 - Remote File Inclusion via svr_rootscript Parameter
PHP remote file inclusion vulnerability in order/login.php in IDevSpot PhpHostBot 1.06 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the svr_rootscript parameter, a different vector than CVE-2007-4094 and CVE-2006-3776.
by K-159
FrontAccounting 1.12 Build 31 - RCE
PHP remote file inclusion vulnerability in config.php in FrontAccounting 1.12 Build 31 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter.
by kezzap66345
Microsoft Visual Database Tools <7.0 - Buffer Overflow
Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL in Microsoft Visual Database Tools Database Designer 7.0 for Microsoft Visual Studio 6 allows remote attackers to execute arbitrary code via a long argument to the NotSafe method. NOTE: this may overlap CVE-2007-2885 or CVE-2005-2127.
by DeltahackingTEAM
Kai Blankenhorn Bitfolge snif <1.5.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) 1.5.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) path and (2) download parameters.
by r0t
Prozilla Pub Site Directory - SQL Injection
SQL injection vulnerability in directory.php in Prozilla Pub Site Directory allows remote attackers to execute arbitrary SQL commands via the cat parameter.
by t0pP8uZz
LANAI CMS 1.2.14 - SQL Injection via FAQ, EZSHOPINGCART, or GALLERY Module Parameters
Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid parameter in an faqviewgroup action in the FAQ Modules, (2) the cid parameter in the EZSHOPINGCART Modules, or (3) the gid parameter in a view action in the GALLERY Modules.
by k1tk4t
BlueCat Networks Proteus IPAM <2.0.2.0 - Path Traversal
Directory traversal vulnerability in the BlueCat Networks Proteus IPAM appliance 2.0.2.0 (Adonis DNS/DHCP appliance 5.0.2.8) allows remote authenticated administrators, with certain TFTP privileges, to create and overwrite arbitrary files via a .. (dot dot) in a pathname. NOTE: this can be leveraged for administrative access by overwriting /etc/shadow.
by defaultroute
By Source