Exploitdb Exploits

2,012 exploits tracked across all sources.

Sort: Activity Stars
CVE-2007-1696 EXPLOITDB html VERIFIED
Active WEB Softwares Active Newsletter < 4.3 - SQL Injection
SQL injection vulnerability in ViewNewspapers.asp in Active Newsletter 4.3 and earlier allows remote attackers to execute arbitrary SQL commands via the NewsPaperID parameter.
by ajann
CVE-2007-1622 EXPLOITDB html VERIFIED
Wordpress - XSS
Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF.
by Alexander Concha
EIP-2026-107518 EXPLOITDB html VERIFIED
Guesbara 1.2 - Administrator Password Change
by Kacper
CVE-2007-1553 EXPLOITDB html VERIFIED
Guestbara <1.2 - RCE
admin/configuration.php in Guestbara 1.2 and earlier allows remote attackers to modify the e-mail, name, and password of the admin account by setting the zapis parameter to "ok" and providing modified admin_mail, login, and pass parameters.
by Kacper
CVE-2007-1510 EXPLOITDB html VERIFIED
Particle Blogger - SQL Injection
SQL injection vulnerability in post.php in Particle Blogger 1.0.0 through 1.2.0 allows remote attackers to execute arbitrary SQL commands via the postid parameter.
by WiLdBoY
CVE-2007-1471 EXPLOITDB html VERIFIED
Orion-Blog 2.0 - Auth Bypass
admin/default.asp in Orion-Blog 2.0 allows remote attackers to bypass authentication controls and gain privileges via a direct URL request for admin/AdminBlogNewsEdit.asp.
by WiLdBoY
CVE-2007-1517 EXPLOITDB html VERIFIED
Paul Knierim Wsn Guest - SQL Injection
SQL injection vulnerability in comments.php in WSN Guest 1.02 and 1.21 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by WiLdBoY
CVE-2007-1525 EXPLOITDB html VERIFIED
Dayfox Blog <4 - Code Injection
Direct static code injection vulnerability in postpost.php in Dayfox Blog (dfblog) 4 allows remote attackers to execute arbitrary PHP code via the cat parameter, which can be executed via a request to posts.php.
by Dj7xpl
CVE-2007-1440 EXPLOITDB html VERIFIED
Jgbbs - SQL Injection
SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 allows remote attackers to execute arbitrary SQL commands via the author parameter.
by WiLdBoY
CVE-2007-1572 EXPLOITDB html VERIFIED
Sourceforge Jgbbs < 3.0 - SQL Injection
SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter, a different vector than CVE-2007-1440. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by WiLdBoY
CVE-2007-1428 EXPLOITDB html VERIFIED
PHP Labs Jobsitepro - SQL Injection
SQL injection vulnerability in search.php in PHP Labs JobSitePro 1.0 allows remote attackers to execute arbitrary SQL commands via the salary parameter.
by ajann
CVE-2007-1402 EXPLOITDB html VERIFIED
Rediff Toolbar - Denial of Service
The Rediff Toolbar 2.0 ActiveX control in redifftoolbar.dll allows remote attackers to cause a denial of service via unspecified manipulations, possibly involving improper initialization or blank arguments.
by Umesh Wanve
CVE-2007-1377 EXPLOITDB html VERIFIED
Adobe Acrobat Reader - Denial of Service
AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236.
by shinnai
CVE-2007-1403 EXPLOITDB html VERIFIED
Macromedia Shockwave - Buffer Overflow
Multiple stack-based buffer overflows in an ActiveX control in SwDir.dll 10.1.4.20 in Macromedia Shockwave allow remote attackers to cause a denial of service (Internet Explorer 7 crash) and possibly execute arbitrary code via a long (1) BGCOLOR, (2) SRC, (3) AutoStart, (4) Sound, (5) DrawLogo, or (6) DrawProgress property value, different vectors than CVE-2006-6885.
by shinnai
CVE-2006-3890 EXPLOITDB html VERIFIED
SKY Software Fileview Activex Control < 10.0 - Buffer Overflow
Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object, a different vulnerability than CVE-2006-5198.
by prdelka
CVE-2007-1947 EXPLOITDB html VERIFIED
Firebug <1.04 - XSS
Cross-zone scripting vulnerability in the DOM templates (domplates) used by the console.log function in the Firebug extension before 1.04 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome by overwriting the toString function via a certain function declaration, related to incorrect identification of anonymous JavaScript functions, a different issue than CVE-2007-1878.
by Thor Larholm
EIP-2026-102630 EXPLOITDB html VERIFIED
Konqueror 3.5.5 - JavaScript Read of FTP Iframe Denial of Service
by mark
CVE-2007-1308 EXPLOITDB html VERIFIED
KDE Konqueror - Resource Management Error
ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference.
by mark
CVE-2007-1297 EXPLOITDB html VERIFIED
AJDating 1.0 - SQL Injection
SQL injection vulnerability in view_profile.php in AJDating 1.0 allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
by ajann
CVE-2007-1296 EXPLOITDB html VERIFIED
AJ Classifieds 1.0 - SQL Injection
SQL injection vulnerability in postingdetails.php in AJ Classifieds 1.0 allows remote attackers to execute arbitrary SQL commands via the postingid parameter.
by ajann
CVE-2007-1294 EXPLOITDB html VERIFIED
DivX Player <1.3.0 - DoS
A certain ActiveX control in the DivXBrowserPlugin (npdivx32.dll) in DivX Web Player, as distributed with DivX Player 1.3.0, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via large values to DivxWP.Resize, related to resizing images.
by shinnai
CVE-2007-1231 EXPLOITDB html VERIFIED
SQLiteManager 1.2.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) database name, (2) table name, (3) ViewName, (4) view, (5) trigger, and (6) function fields in main.php and certain other files.
by Simon Bonnard
EIP-2026-110988 EXPLOITDB html VERIFIED
PHPBB2 - 'Admin_Ug_Auth.php' Administrative Bypass
by Hasadya Raed
CVE-2007-1162 EXPLOITDB html VERIFIED
CCRP BrowseDialog Server - DoS
A certain ActiveX control in the Common Controls Replacement Project (CCRP) CCRP BrowseDialog Server (ccrpbds6.dll) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) IsFolderAvailable or (2) RootFolder property value, different vectors than CVE-2007-0371.
by shinnai
CVE-2007-0981 EXPLOITDB html VERIFIED
Mozilla based browsers <2.0.0.2 - CSRF
Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.
by Michal Zalewski
By Source
All 2,012 Exploitdb 50,121 Writeup 46,830 Nomisec 21,202 Metasploit 3,189 Github 2,258 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,742 c 3,550 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 69 go 41 postscript 25 xml 24