Exploitdb Exploits

2,809 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-5666 EXPLOITDB perl VERIFIED
WinFTP FTP Server 2.3.0 - Authenticated Denial of Service via Invalid NLST Command
WinFTP FTP Server 2.3.0, when passive (aka PASV) mode is used, allows remote authenticated users to cause a denial of service via a sequence of FTP sessions that include an invalid "NLST -1" command.
by Julien Bedard
CVE-2008-4295 EXPLOITDB perl VERIFIED
Microsoft Windows Mobile 6.0 - Denial of Service via Bluetooth Long Name Handling
Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.
by Julien Bedard
CVE-2008-4319 EXPLOITDB perl VERIFIED
Libra PHP File Manager < 1.18 - Improper Authentication Bypass via Query String Parameters
fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string.
by Pepelux
EIP-2026-109105 EXPLOITDB perl VERIFIED
Libra File Manager 1.18/2.0 - 'fileadmin.php' Local File Inclusion
by Pepelux
EIP-2026-109065 EXPLOITDB perl VERIFIED
LanSuite 3.3.2 - 'FCKeditor' Arbitrary File Upload
by Stack
CVE-2008-4244 EXPLOITDB perl VERIFIED
Rianxosencabos CMS 0.9 - Unauthenticated Authentication Bypass via Cookie Manipulation
Rianxosencabos CMS 0.9 allows remote attackers to bypass authentication and gain administrative access by setting the usuario and pass cookies to 1.
by ka0x
CVE-2008-5841 EXPLOITDB perl VERIFIED
iGaming CMS < 1.5 - SQL Injection via browse Parameter
Multiple SQL injection vulnerabilities in iGaming 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the browse parameter to (1) previews.php and (2) reviews.php, and the (3) id parameter to index.php in a viewarticle action.
by StAkeR
CVE-2008-4241 EXPLOITDB perl VERIFIED
CJ Ultra Plus 1.0.4 - SQL Injection via SID Cookie
SQL injection vulnerability in CJ Ultra Plus 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via an SID cookie.
by -SmoG-
CVE-2008-7014 EXPLOITDB perl VERIFIED
fhttpd 0.4.2 - Denial of Service via Malformed Authorization Header
fhttpd 0.4.2 allows remote attackers to cause a denial of service (crash) via an Authorization HTTP header with an invalid character after the Basic value.
by Jeremy Brown
EIP-2026-104946 EXPLOITDB perl VERIFIED
Add a link 4 - Security Bypass / SQL Injection
by JosS
CVE-2008-4116 EXPLOITDB perl VERIFIED
Apple iTunes and QuickTime - Heap-Based Buffer Overflow via Long Type Attribute in QuickTime Tag
Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 or (3) .mov file, possibly related to the Check_stack_cookie function and an off-by-one error that leads to a heap-based buffer overflow.
by securfrog
CVE-2008-4203 EXPLOITDB perl VERIFIED
CzarNews < 1.20 - SQL Injection via recook Cookie
SQL injection vulnerability in cn_users.php in CzarNews 1.20 and earlier allows remote attackers to execute arbitrary SQL commands via a recook cookie.
by StAkeR
EIP-2026-112400 EXPLOITDB perl VERIFIED
Sports Clubs Web Panel 0.0.1 - Remote Game Delete
by ka0x
CVE-2008-4345 EXPLOITDB perl VERIFIED
WebPortal CMS < 0.7.4 - SQL Injection via download.php aid Parameter
SQL injection vulnerability in download.php in WebPortal CMS 0.7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter.
by StAkeR
EIP-2026-111241 EXPLOITDB perl VERIFIED
PHPWebGallery 1.3.4 - Blind SQL Injection (2)
by ka0x
CVE-2008-6989 EXPLOITDB perl VERIFIED
ezphotogallery 2.1 - SQL Injection via gallery.php Username Parameter
SQL injection vulnerability in gallery.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.
by Khashayar Fereidani
CVE-2008-6988 EXPLOITDB perl VERIFIED
ezphotogallery 2.1 - Cross-Site Scripting via galleryid, size, or imageid Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Easy Photo Gallery (aka Ezphotogallery) 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) galleryid parameter to gallery.php, and the (2) size or (3) imageid parameters to show.php.
by Khashayar Fereidani
CVE-2008-4492 EXPLOITDB perl VERIFIED
YourOwnBux 4.0 - SQL Injection via usNick Cookie
SQL injection vulnerability in referrals.php in YourOwnBux 4.0 allows remote attackers to execute arbitrary SQL commands via the usNick cookie.
by Tec-n0x
CVE-2008-4072 EXPLOITDB perl VERIFIED
phsBlog 0.2 - SQL Injection via sid or sql_cid Parameter
Multiple SQL injection vulnerabilities in index.php in phsBlog 0.2 allow remote attackers to execute arbitrary SQL commands via (1) the sid parameter in a pickup action or (2) the sql_cid parameter, different vectors than CVE-2008-3588.
by Khashayar Fereidani
CVE-2008-6990 EXPLOITDB perl VERIFIED
ezphotogallery 2.1 - SQL Injection via Gallery Password Parameter
SQL injection vulnerability in gallery.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Khashayar Fereidani
CVE-2008-4380 EXPLOITDB perl VERIFIED
Samsung DVR SHR2040 - Denial of Service via Malformed HTTP Request
The web interface in Samsung DVR SHR2040 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request, related to the filter for configuration properties and "/x" characters.
by Alex Hernandez
CVE-2008-4164 EXPLOITDB perl VERIFIED
MemHT Portal <= 3.9.0 - Exposure of Sensitive Information via Direct Request to cron.php
cron.php in MemHT Portal 3.9.0 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.
by Ams
CVE-2008-4457 EXPLOITDB perl VERIFIED
MemHT Portal < 3.9.0 - SQL Injection via stats_res Cookie
SQL injection vulnerability in inc/inc_statistics.php in MemHT Portal 3.9.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a stats_res cookie to index.php.
by Ams
CVE-2008-4185 EXPLOITDB perl VERIFIED
webCMS Portal Edition - SQL Injection via id Parameter in documentos Action
SQL injection vulnerability in index.php in webCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id parameter in a documentos action, a different vector than CVE-2008-3213.
by JosS
CVE-2008-4186 EXPLOITDB perl VERIFIED
webCMS Portal Edition - SQL Injection via id_doc Parameter
SQL injection vulnerability in index.php in webCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id_doc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by JosS
By Source
All 2,809 Writeup 62,188 Exploitdb 50,076 Nomisec 22,383 Github 3,590 Metasploit 3,311 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,552 ruby 6,001 c 3,625 perl 2,849 html 2,074 php 1,333 bash 462 java 370 c++ 260 javascript 229 shell 131 go 73 postscript 25 typescript 25