Exploitdb Exploits

2,809 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-109068 EXPLOITDB perl VERIFIED
LaserNet CMS 1.5 - Arbitrary File Upload
by t0pP8uZz
CVE-2008-2791 EXPLOITDB perl VERIFIED
Comparison Engine Power Script 1.0 - SQL Injection via id Parameter
SQL injection vulnerability in product.detail.php in Kalptaru Infotech Comparison Engine Power Script 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Mr.SQL
CVE-2008-2815 EXPLOITDB perl VERIFIED
MyMarket 1.72 - SQL Injection via Shopping Index ID Parameter
SQL injection vulnerability in shopping/index.php in MyMarket 1.72 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by anonymous
CVE-2008-2922 EXPLOITDB perl VERIFIED
dana_irc_client < 1.3 - Stack-based Buffer Overflow via Long IRC Message
Stack-based buffer overflow in artegic Dana IRC client 1.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long IRC message.
by t0pP8uZz
EIP-2026-106474 EXPLOITDB perl VERIFIED
DIY - 'did' Blind SQL Injection
by Mr.SQL
CVE-2008-2918 EXPLOITDB perl VERIFIED
Cartweaver 3.0 - SQL Injection via details.php prodId Parameter
SQL injection vulnerability in details.php in Application Dynamics Cartweaver 3.0 allows remote attackers to execute arbitrary SQL commands via the prodId parameter, possibly a related issue to CVE-2006-2046.3.
by anonymous
CVE-2007-5962 EXPLOITDB perl VERIFIED
Red Hat Enterprise Linux 5 and Fedora 6-8 - Denial of Service via CWD Command Memory Leak
Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a large number of CWD commands, as demonstrated by an attack on a daemon with the deny_file configuration option.
by Praveen Darshanam
CVE-2008-2907 EXPLOITDB perl VERIFIED
WebChamado 1.1 - SQL Injection via eml Parameter
SQL injection vulnerability in admin/index.php in WebChamado 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the eml parameter.
by CWH Underground
EIP-2026-109288 EXPLOITDB perl VERIFIED
Mambo Component Galleries 1.0 - 'aid' SQL Injection
by Houssamix
CVE-2008-2919 EXPLOITDB perl VERIFIED
Gryphon gllcTS2 4.2.4 - SQL Injection via listing.php sort Parameter
SQL injection vulnerability in listing.php in Gryphon gllcTS2 4.2.4 allows remote attackers to execute arbitrary SQL commands via the sort parameter.
by anonymous
CVE-2008-7181 EXPLOITDB perl VERIFIED
Butterfly Organizer 2.0.0 - Unauthenticated Arbitrary Category and Account Deletion via Parameter Manipulation
Butterfly Organizer 2.0.0 allows remote attackers to (1) delete arbitrary categories via a modified tablehere parameter to category-delete.php with the is_js_confirmed parameter set to 1, or (2) delete arbitrary accounts via the mytable parameter to delete.php.
by Stack
CVE-2008-2909 EXPLOITDB perl VERIFIED
Clever Copy 3.0 - SQL Injection via Search Type Parameter
SQL injection vulnerability in results.php in Clever Copy 3.0 allows remote attackers to execute arbitrary SQL commands via the searchtype parameter.
by anonymous
CVE-2008-2755 EXPLOITDB perl VERIFIED
jamm_cms - SQL Injection via id Parameter
SQL injection vulnerability in index.php in JAMM CMS allows remote attackers to execute arbitrary SQL commands via the id parameter.
by anonymous
CVE-2008-7180 EXPLOITDB perl VERIFIED
Telephone Directory 2008 - Unauthenticated Arbitrary Contact Deletion via id Parameter
del_query1.php in Telephone Directory 2008 allows remote attackers to delete arbitrary contacts via a direct request with a modified id variable.
by Stack
CVE-2008-2676 EXPLOITDB perl VERIFIED
iJoomla News Portal (com_news_portal) < 1.0 - SQL Injection via Itemid Parameter
SQL injection vulnerability in the iJoomla News Portal (com_news_portal) component 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
by ilker Kandemir
CVE-2008-2700 EXPLOITDB perl VERIFIED
Galatolo WebManager 1.0 - SQL Injection via view.php id Parameter
SQL injection vulnerability in view.php in Galatolo WebManager 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Stack
CVE-2008-2692 EXPLOITDB perl VERIFIED
Joomla com_yvcomment <= 1.16.0 - SQL Injection via ArticleID Parameter
SQL injection vulnerability in the yvComment (com_yvcomment) component 1.16.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the ArticleID parameter in a comment action to index.php.
by His0k4
CVE-2008-2701 EXPLOITDB perl VERIFIED
Joomla com_gameq <= 4.0 - SQL Injection via category_id Parameter
SQL injection vulnerability in the GameQ (com_gameq) component 4.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a page action to index.php.
by His0k4
CVE-2008-2573 EXPLOITDB perl VERIFIED
freeSSHd 1.2.1 - Authenticated Stack-Based Buffer Overflow via SSH_FXP_OPENDIR Command
Stack-based buffer overflow in SFTP in freeSSHd 1.2.1 allows remote authenticated users to execute arbitrary code via a long directory name in an SSH_FXP_OPENDIR (aka opendir) command.
by ryujin
CVE-2008-2119 EXPLOITDB perl VERIFIED
Asterisk Open Source < 1.2.29 and Business Edition < B.2.5.3 - Denial of Service via SIP INVITE Without From Header
Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer.
by Armando Oliveira
CVE-2008-2564 EXPLOITDB perl VERIFIED
JotLoader < 1.2.1.a - SQL Injection via cid Parameter
SQL injection vulnerability in the JotLoader (com_jotloader) component 1.2.1.a and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php.
by His0k4
CVE-2008-2569 EXPLOITDB perl VERIFIED
Joomla EasyBook Component 1.1 - SQL Injection via gbid Parameter
SQL injection vulnerability in the EasyBook (com_easybook) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a deleteentry action to index.php.
by ZAMUT
CVE-2008-2630 EXPLOITDB perl VERIFIED
JooBlog (com_jb2) 0.1.1 - SQL Injection via CategoryID Parameter
SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter in a category action to index.php.
by His0k4
CVE-2008-5051 EXPLOITDB perl VERIFIED
JooBlog 0.1.1 - SQL Injection via PostID Parameter
SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PostID parameter to index.php.
by His0k4
CVE-2008-2631 EXPLOITDB perl VERIFIED
MDaemon < 9.6.5 - Denial of Service via Crafted HTTP POST Request
The WordClient interface in Alt-N Technologies MDaemon 9.6.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted HTTP POST request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by securfrog
By Source
All 2,809 Writeup 62,194 Exploitdb 50,076 Nomisec 22,389 Github 3,603 Metasploit 3,311 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,561 ruby 6,002 c 3,626 perl 2,849 html 2,075 php 1,333 bash 462 java 370 c++ 260 javascript 229 shell 131 go 73 postscript 25 typescript 25