Exploitdb Exploits

2,012 exploits tracked across all sources.

Sort: Activity Stars
CVE-2007-2247 EXPLOITDB html VERIFIED
Phpmyspace - SQL Injection
SQL injection vulnerability in modules/news/article.php in phpMySpace Gold 8.10 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
by John Martinelli
CVE-2007-2339 EXPLOITDB html VERIFIED
Phorum < 5.1.20 - SQL Injection
Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow remote attackers to execute arbitrary SQL commands via (1) a modified recipients parameter name in (a) pm.php; (2) the curr parameter to the (b) badwords (aka censorlist) or (c) banlist module in admin.php; or (3) the "Edit groups / Add group" field in the (d) groups module in admin.php.
by Janek Vind
CVE-2007-2167 EXPLOITDB html VERIFIED
AimStats 3.2 - Code Injection
Static code injection vulnerability in process.php in AimStats 3.2 allows remote attackers to inject PHP code into config.php via the number parameter in an update action.
by Dj7xpl
CVE-2007-2168 EXPLOITDB html VERIFIED
AimStats <3.2 - Code Injection
Static code injection vulnerability in process.php in AimStats 3.2 and earlier allows remote attackers to inject PHP code into config.php via the databasehost parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Dj7xpl
CVE-2007-1872 EXPLOITDB html VERIFIED
Toenda Software Development Toendacms - XSS
Cross-site scripting (XSS) vulnerability in toendaCMS 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search id.
by Hanno Boeck
CVE-2007-1559 EXPLOITDB html VERIFIED
Roxio Cineplayer - Buffer Overflow
Multiple stack-based buffer overflows in SonicDVDDashVRNav.dll in Roxio CinePlayer 3.2 allow remote attackers to execute arbitrary code via (1) unspecified long property values to SonicMediaPlayer.dll or (2) long arguments to unspecified methods in SonicMediaPlayer.dll.
by Carsten Eiram
CVE-2007-1996 EXPLOITDB html VERIFIED
Codebreak < 1.1.2 - Code Injection
PHP remote file inclusion vulnerability in codebreak.php in CodeBreak, probably 1.1.2 and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the process_method parameter.
by John Martinelli
CVE-2007-0919 EXPLOITDB html VERIFIED
Nickolas Grigoriadis MiniWebsvr 0.0.6 - Path Traversal
Directory traversal vulnerability in Nickolas Grigoriadis Mini Web server (MiniWebsvr) 0.0.6 allows remote attackers to list the directory immediately above the web root via a ..%00 sequence in the URI.
by shinnai
EIP-2026-103505 EXPLOITDB html VERIFIED
Gran Paradiso 3.0a3 - Non-Existent applet Denial of Service
by shinnai
CVE-2007-2011 EXPLOITDB html VERIFIED
Deskpro - XSS
Cross-site scripting (XSS) vulnerability in login.php in DeskPro 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
by John Martinelli
CVE-2007-1962 EXPLOITDB html VERIFIED
Xoops Wf-snippets < 1.02 - SQL Injection
SQL injection vulnerability in index.php in the WF-Snippets 1.02 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action.
by ajann
CVE-2002-1887 EXPLOITDB html VERIFIED
phpMyNewsletter <0.6.10 - RCE
PHP remote file inclusion vulnerability in customize.php for phpMyNewsletter 0.6.10 allows remote attackers to execute arbitrary PHP code via the l parameter.
by frog-m@n
CVE-2007-1961 EXPLOITDB html VERIFIED
PHPBB 2.2 - RCE
PHP remote file inclusion vulnerability in mutant_functions.php in the Mutant 0.9.2 portal for phpBB 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
by bd0rk
CVE-2007-1979 EXPLOITDB html VERIFIED
Xoops Popnupblog < 2.52 - SQL Injection
SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the get_blogid_from_postid function in class/PopnupBlogUtils.php. NOTE: later versions such as 3.03 and 3.05 might also be affected.
by ajann
CVE-2007-1974 EXPLOITDB html VERIFIED
Wf-sections < 1.07 - SQL Injection
SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php.
by ajann
CVE-2007-3554 EXPLOITDB html VERIFIED
HP Instant Support - Buffer Overflow
Stack-based buffer overflow in the HPSDDX Class (SDD) ActiveX control in sdd.dll in HP Instant Support - Driver Check before 1.5.0.3 allows remote attackers to execute arbitrary code via a long argument to the queryHub function.
by John Heasman
CVE-2007-1806 EXPLOITDB html VERIFIED
RED Mexico Rm+soft Gallery - SQL Injection
SQL injection vulnerability in categos.php in the RM+Soft Gallery (rmgallery) 1.0 module for Xoops allows remote attackers to execute arbitrary SQL commands via the idcat parameter.
by ajann
CVE-2007-1805 EXPLOITDB html VERIFIED
Myxoops Debaser < 0.92 - SQL Injection
SQL injection vulnerability in genre.php in the debaser 0.92 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the genreid parameter.
by ajann
CVE-2007-1817 EXPLOITDB html VERIFIED
Lykoszine Lykos Reviews Module - SQL Injection
SQL injection vulnerability in index.php in the Lykos Reviews (lykos_reviews) 1.00 module for Xoops allows remote attackers to execute arbitrary SQL commands via the uid parameter in a u action.
by ajann
CVE-2007-0976 EXPLOITDB html VERIFIED
ActSoft DVD-Tools - Buffer Overflow
Buffer overflow in the ActSoft DVD-Tools ActiveX control (dvdtools.ocx) allows remote attackers to execute arbitrary code via a long DVD_TOOLS.OpenDVD property value.
by Umesh Wanve
CVE-2007-1771 EXPLOITDB html VERIFIED
Ay System Solutions WCS 2.7.1 - RCE
PHP remote file inclusion vulnerability in manage/javascript/formjavascript.php in Ay System Solutions Web Content System (WCS) 2.7.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[JavascriptEdit] parameter.
by kezzap66345
CVE-2007-1776 EXPLOITDB html VERIFIED
Design FOR Joomla D4j Ezine < 2.8 - SQL Injection
SQL injection vulnerability in index.php in the DesignForJoomla.com D4J eZine (com_ezine) 2.8 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in a read action.
by ajann
CVE-2006-7206 EXPLOITDB html VERIFIED
Microsoft Internet Explorer - Denial of Service
Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating a ADODB.Recordset object and making a series of calls to the NextRecordset method with a long string argument, which causes an "invalid memory access" in the SysFreeString function, a different issue than CVE-2006-3510 and CVE-2006-3899.
by anonymous
CVE-2007-1706 EXPLOITDB html VERIFIED
Ewebquiz - SQL Injection
SQL injection vulnerability in eWebQuiz.asp in eWebQuiz 8 allows remote attackers to execute arbitrary SQL commands via the QuizID parameter.
by ajann
CVE-2010-2359 EXPLOITDB html VERIFIED
Activewebsoftwares Ewebquiz - SQL Injection
SQL injection vulnerability in eWebQuiz.asp in ActiveWebSoftwares.com eWebquiz 8 allows remote attackers to execute arbitrary SQL commands via the QuizType parameter, a different vector than CVE-2007-1706.
by ajann
By Source
All 2,012 Exploitdb 50,121 Writeup 46,830 Nomisec 21,202 Metasploit 3,189 Github 2,258 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,742 c 3,550 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 69 go 41 postscript 25 xml 24