Exploitdb Exploits

2,809 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-1936 EXPLOITDB CRITICAL perl VERIFIED
cpCommerce 1.2.0-1.2.8 - Remote File Inclusion and Directory Traversal via GLOBALS[prefix] Parameter
_functions.php in cpCommerce 1.2.x, possibly including 1.2.9, sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass a protection mechanism to conduct remote file inclusion and directory traversal attacks, execute arbitrary PHP code, or read arbitrary files via the GLOBALS[prefix] parameter, a different vector than CVE-2003-1500.
by StAkeR
CVSS 9.8
CVE-2009-1831 EXPLOITDB perl VERIFIED
Nullsoft Winamp < 5.552 - Remote Code Execution via Crafted MAKI File
The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer overflow.
by Encrypt3d.M!nd
EIP-2026-106499 EXPLOITDB perl VERIFIED
Dog Pedigree Online Database 1.0.1b - Blind SQL Injection
by YEnH4ckEr
EIP-2026-106168 EXPLOITDB perl VERIFIED
Coppermine Photo Gallery 1.4.22 - SQL Injection
by girex
EIP-2026-116640 EXPLOITDB perl VERIFIED
Zervit Web Server 0.04 - GET Remote Buffer Overflow (PoC)
by Stack
CVE-2006-0074 EXPLOITDB perl VERIFIED
PHPenpals < 1.1 - SQL Injection via profile.php personalID Parameter
SQL injection vulnerability in profile.php in PHPenpals allows remote attackers to execute arbitrary SQL commands via the personalID parameter. NOTE: it was later reported that 1.1 and earlier are affected.
by Br0ly
CVE-2009-1815 EXPLOITDB perl VERIFIED
Sonic Spot Audioactive Player 1.93b - Stack-based Buffer Overflow via Playlist File
Stack-based buffer overflow in Sonic Spot Audioactive Player 1.93b allows remote attackers to execute arbitrary code via a long string in a playlist file, as demonstrated by a long .mp3 URL in a .m3u file.
by hack4love
CVE-2009-1814 EXPLOITDB perl VERIFIED
PHPenpals < 1.1 - SQL Injection via mail.php ID Parameter
SQL injection vulnerability in mail.php in PHPenpals 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: the profile.php vector is already covered by CVE-2006-0074.
by Br0ly
CVE-2009-2010 EXPLOITDB perl VERIFIED
Haudenschilt Family Connections CMS <1.9 - SQL Injection
Multiple SQL injection vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 1.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) thread parameter to messageboard.php, (2) member parameter to profile.php, (3) pid parameter to gallery/index.php, and the (4) fcms_login_id cookie parameter.
by YEnH4ckEr
CVE-2009-5137 EXPLOITDB perl VERIFIED
Mini-stream CastRipper 2.50.70 - Stack-based Buffer Overflow via Long URL in PLS Playlist
Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a long URL in the [playlist] section in a .pls file, a different vector than CVE-2009-1667.
by zAx
CVE-2009-1667 EXPLOITDB perl VERIFIED
Mini-stream CastRipper 2.50.70 - Stack-based Buffer Overflow via Long Entry in .m3u File
Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a long entry in a .m3u file, a different vector than CVE-2009-5137.
by Stack
CVE-2009-1667 EXPLOITDB perl VERIFIED
Mini-stream CastRipper 2.50.70 - Stack-based Buffer Overflow via Long Entry in .m3u File
Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a long entry in a .m3u file, a different vector than CVE-2009-5137.
by [0]x80->[H]4x²0r
CVE-2009-1778 EXPLOITDB perl VERIFIED
BigACE CMS 2.5 - SQL Injection via Username Parameter
SQL injection vulnerability in the new user registration feature in BigACE CMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
by YEnH4ckEr
EIP-2026-118773 EXPLOITDB perl VERIFIED
Mereo 1.8.0 - Arbitrary File Disclosure
by Cyber-Zone
CVE-2009-1661 EXPLOITDB perl VERIFIED
uTopic 1.0 - SQL Injection via Rating Parameter
SQL injection vulnerability in admin/utopic.php in uTopic 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the rating parameter to index.php.
by YEnH4ckEr
EIP-2026-106802 EXPLOITDB perl VERIFIED
EggBlog 4.1.1 - Local Directory Traversal
by StAkeR
CVE-2009-1660 EXPLOITDB perl VERIFIED
ViPlay3 3.0 and earlier - Stack-based Buffer Overflow via Long File Entry in .vpl File
Stack-based buffer overflow in URUWorks ViPlay3 3.0 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long file entry in a .vpl file.
by LiquidWorm
CVE-2009-1910 EXPLOITDB perl VERIFIED
RTWebalbum 1.0.462 - SQL Injection via AlbumId Parameter
SQL injection vulnerability in index.php in RTWebalbum 1.0.462 allows remote attackers to execute arbitrary SQL commands via the AlbumId parameter.
by YEnH4ckEr
CVE-2009-1643 EXPLOITDB perl VERIFIED
Soritong MP3 Player 1.0 - Stack-Based Buffer Overflow via Crafted .m3u File
Stack-based buffer overflow in Sorinara Soritong MP3 Player 1.0 allows remote attackers to execute arbitrary code via a crafted .m3u file.
by Stack
CVE-2009-1644 EXPLOITDB perl VERIFIED
Sorinara Streaming Audio Player 0.9 - Stack-based Buffer Overflow via Crafted PLA File
Stack-based buffer overflow in Sorinara Streaming Audio Player 0.9 allows remote attackers to execute arbitrary code via a crafted .pla file.
by Hakxer
CVE-2009-1646 EXPLOITDB perl VERIFIED
Mini-stream RM Downloader 3.0.0.9 - Stack-based Buffer Overflow via Long RTSP URL
Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long rtsp URL in a .ram file.
by G4N0K
CVE-2009-1645 EXPLOITDB perl VERIFIED
Mini-stream Easy RM-MP3 Converter 3.0.0.7 - Remote Code Execution via Long RTSP URL or HREF Attribute
Multiple stack-based buffer overflows in Mini-stream Easy RM-MP3 Converter 3.0.0.7 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file.
by G4N0K
CVE-2009-1645 EXPLOITDB perl VERIFIED
Mini-stream Easy RM-MP3 Converter 3.0.0.7 - Remote Code Execution via Long RTSP URL or HREF Attribute
Multiple stack-based buffer overflows in Mini-stream Easy RM-MP3 Converter 3.0.0.7 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file.
by G4N0K
CVE-2009-1641 EXPLOITDB perl VERIFIED
Mini-stream Ripper 3.0.1.1 - Remote Code Execution via Long RTSP URL or HREF Attribute
Multiple stack-based buffer overflows in Mini-stream Ripper 3.0.1.1 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file.
by G4N0K
CVE-2009-1641 EXPLOITDB perl VERIFIED
Mini-stream Ripper 3.0.1.1 - Remote Code Execution via Long RTSP URL or HREF Attribute
Multiple stack-based buffer overflows in Mini-stream Ripper 3.0.1.1 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file.
by G4N0K
By Source
All 2,809 Writeup 62,029 Exploitdb 50,076 Nomisec 22,334 Github 3,515 Metasploit 3,299 Vulncheck_xdb 927 Inthewild 514 Gitlab 470 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,514 ruby 5,989 c 3,622 perl 2,849 html 2,072 php 1,332 bash 462 java 370 c++ 257 javascript 228 shell 130 go 72 postscript 25 typescript 25