Exploitdb Exploits

2,809 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-1910 EXPLOITDB perl VERIFIED
Borland InterBase 2007 SP2 - Buffer Overflow
Stack-based buffer overflow in the database service (ibserver.exe) in Borland InterBase 2007 SP2 allows remote attackers to execute arbitrary code via a malformed opcode 0x52 request to TCP port 3050. NOTE: this might overlap CVE-2007-5243 or CVE-2007-5244.
by Liu Zhen Hua
CVE-2008-1750 EXPLOITDB perl VERIFIED
Integry Systems LiveCart <1.1.1 - SQL Injection
SQL injection vulnerability in Integry Systems LiveCart 1.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to the /category URI.
by irvian
CVE-2008-6537 EXPLOITDB perl VERIFIED
LightNEasy 1.2 - Unauthenticated Administrator Password Hash Exposure via Setup Action
LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows remote attackers to obtain the hash of the administrator password via the setup "do" action to LightNEasy.php, which is cleared from $_GET but later accessed using $_REQUEST.
by girex
CVE-2008-1727 EXPLOITDB perl VERIFIED
KnowledgeQuest 2.5 and 2.6 - Unauthenticated Arbitrary Admin Account Creation via admincheck.php
KnowledgeQuest 2.5 and 2.6 does not require authentication for access to admincheck.php, which allows remote attackers to create arbitrary admin accounts.
by t0pP8uZz
CVE-2008-1860 EXPLOITDB perl VERIFIED
LokiCMS < 0.3.3 - Remote Code Execution via Default Parameter
Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to inject arbitrary PHP code into includes/Config.php via the default parameter.
by girex
EIP-2026-111270 EXPLOITDB perl VERIFIED
Picture Rating 1.0 - Blind SQL Injection
by t0pP8uZz
CVE-2008-1874 EXPLOITDB perl VERIFIED
xpoze_pro < 3.05 - Authenticated SQL Injection via reed Parameter
SQL injection vulnerability in account/user/mail.html in Xpoze Pro 3.05 and earlier allows remote authenticated users to execute arbitrary SQL commands via the reed parameter.
by t0pP8uZz
CVE-2008-1870 EXPLOITDB perl VERIFIED
PIGMy-SQL <= 1.4.1 - SQL Injection via getdata.php id Parameter
SQL injection vulnerability in getdata.php in PIGMy-SQL 1.4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by t0pP8uZz
CVE-2008-0069 EXPLOITDB perl VERIFIED
XnView < 1.92 - Stack-based Buffer Overflow via Long FontName Parameter in Slideshow File
Stack-based buffer overflow in XnView 1.92 and 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long FontName parameter in a slideshow (.sld) file, a different vector than CVE-2008-1461.
by haluznik
CVE-2008-1713 EXPLOITDB perl VERIFIED
NoticeWare Email Server <4.6.1.0 - DoS
MailServer.exe in NoticeWare Email Server 4.6.1.0 allows remote attackers to cause a denial of service (application crash) via a long string to IMAP port (143/tcp).
by Ray
EIP-2026-106801 EXPLOITDB perl VERIFIED
EggBlog 4.0 - SQL Injection
by girex
CVE-2008-1639 EXPLOITDB perl VERIFIED
Neat weblog 0.2 - SQL Injection via articleId Parameter
SQL injection vulnerability in index.php in Neat weblog 0.2 allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a show action, probably related to the showArticle function in lib/lib_article.include.php.
by Khashayar Fereidani
CVE-2008-1712 EXPLOITDB perl VERIFIED
mxBB 2.0.0 beta - Remote Code Execution via mx_root_path Parameter
PHP remote file inclusion vulnerability in includes/functions_weblog.php in mxBB mx_blogs 2.0.0 beta allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter.
by bd0rk
CVE-2008-1715 EXPLOITDB perl VERIFIED
AuraCMS < 2.2.1 - SQL Injection via Country Parameter
SQL injection vulnerability in content/user.php in AuraCMS 2.2.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter.
by NTOS-Team
CVE-2008-1607 EXPLOITDB perl VERIFIED
Serbay Arslanhan Bomba Haber 2.0 - SQL Injection
SQL injection vulnerability in haberoku.php in Serbay Arslanhan Bomba Haber 2.0 allows remote attackers to execute arbitrary SQL commands via the haber parameter.
by cOndemned
CVE-2008-1558 EXPLOITDB perl VERIFIED
MPlayer - Remote Code Execution via Large streamid SDP Parameter
Uncontrolled array index in the sdpplin_parse function in stream/realrtsp/sdpplin.c in MPlayer 1.0 rc2 allows remote attackers to overwrite memory and execute arbitrary code via a large streamid SDP parameter. NOTE: this issue has been referred to as an integer overflow.
by Guido Landi
CVE-2008-1539 EXPLOITDB perl VERIFIED
PHP-Nuke Platinum 7.6.b.5 - SQL Injection
SQL injection vulnerability in includes/dynamic_titles.php in PHP-Nuke Platinum 7.6.b.5 allows remote attackers to execute arbitrary SQL commands via the p parameter to modules.php for the Forums module.
by Inphex
CVE-2008-1680 EXPLOITDB perl VERIFIED
PHP-Nuke Platinum 7.6.b.5 - Info Disclosure
PHP-Nuke Platinum 7.6.b.5 allows remote attackers to obtain configuration information via a direct request to maintenance/index.php, which reveals settings such as magic_quotes_gpc.
by Inphex
EIP-2026-116355 EXPLOITDB perl VERIFIED
Surgemail 3.8 - IMAP LSUB Command Remote Stack Buffer Overflow
by Leon Juranic
CVE-2008-1509 EXPLOITDB perl VERIFIED
xlportal < 2.2.4 - SQL Injection via Query Parameter
SQL injection vulnerability in index.php in XLPortal 2.2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the query parameter.
by cOndemned
CVE-2008-1478 EXPLOITDB perl VERIFIED
Home FTP Server 1.4.5.89 - Denial of Service via Passive Mode Connection Handling
Home FTP Server 1.4.5.89 allows remote attackers to cause a denial of service (crash) by opening a FTP passive mode connection, then closing the original FTP connection. NOTE: some of these details are obtained from third party information.
by 0in
CVE-2008-1276 EXPLOITDB perl VERIFIED
MailEnable Professional/Enterprise <3.13 - Authenticated RCE via IMAP Commands
Multiple buffer overflows in the IMAP service (MEIMAPS.EXE) in MailEnable Professional Edition and Enterprise Edition 3.13 and earlier allow remote authenticated attackers to execute arbitrary code via long arguments to the (1) FETCH, (2) EXAMINE, and (3) UNSUBSCRIBE commands.
by haluznik
CVE-2008-1398 EXPLOITDB perl VERIFIED
AuraCMS 2.0-2.2.1 - SQL Injection via X-Forwarded-For Header
SQL injection vulnerability in online.php in AuraCMS 2.0 through 2.2.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header.
by NTOS-Team
CVE-2008-1117 EXPLOITDB perl VERIFIED
Timbuktu Pro 8.6.5 - Path Traversal and Arbitrary File Write via Notes Feature
Directory traversal vulnerability in the Notes (aka Flash Notes or instant messages) feature in tb2ftp.dll in Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, allows remote attackers to upload files to arbitrary locations via a destination filename with a \ (backslash) character followed by ../ (dot dot slash) sequences. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4220.
by titon
CVE-2008-1219 EXPLOITDB perl VERIFIED
Kutub-i Sitte <1.1 - SQL Injection
SQL injection vulnerability in the Kutub-i Sitte (KutubiSitte) 1.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the kid parameter in a hadisgoster action to modules.php.
by r080cy90r
By Source
All 2,809 Writeup 62,204 Exploitdb 50,076 Nomisec 22,391 Github 3,608 Metasploit 3,311 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,563 ruby 6,002 c 3,626 perl 2,849 html 2,075 php 1,333 bash 462 java 370 c++ 260 javascript 229 shell 131 go 73 postscript 25 typescript 25