Exploitdb Exploits

2,809 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-1121 EXPLOITDB perl VERIFIED
eazyportal < 1.0 - SQL Injection via session_vars Cookie
SQL injection vulnerability in index.php in eazyPortal 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the session_vars cookie.
by Iron
CVE-2008-5582 EXPLOITDB perl VERIFIED
Nukedit 4.9.x - SQL Injection via Email Parameter
SQL injection vulnerability in utilities/login.asp in Nukedit 4.9.x, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the email parameter.
by r3dm0v3
CVE-2008-1038 EXPLOITDB perl VERIFIED
DBHcms - Remote Code Execution via extmanager_install Parameter
PHP remote file inclusion vulnerability in mod/mod.extmanager.php in DBHcms 1.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the extmanager_install parameter.
by Iron
CVE-2008-0830 EXPLOITDB perl VERIFIED
iPhoto 4.0.3 - Denial of Service via Malformed DPAP URI
The Digital Photo Access Protocol (DPAP) server for iPhoto 4.0.3 allows remote attackers to cause a denial of service (crash) via a malformed dpap: URI, a different vulnerability than CVE-2008-0043.
by David Wharton
CVE-2008-0835 EXPLOITDB perl VERIFIED
Simple CMS <= 1.0.3 - SQL Injection via Area Parameter
SQL injection vulnerability in indexen.php in Simple CMS 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the area parameter.
by JosS
CVE-2008-1176 EXPLOITDB perl VERIFIED
Affiliate Market 0.1 BETA - Cross-Site Scripting via sideblock4 Parameter
Cross-site scripting (XSS) vulnerability in function/sideblock.php in Affiliate Market (affmarket) 0.1 BETA allows remote attackers to inject arbitrary web script or HTML via the sideblock4 parameter.
by Khashayar Fereidani
CVE-2007-6478 EXPLOITDB perl VERIFIED
Rosoft Media Player <4.1.8 - Buffer Overflow
Stack-based buffer overflow in Rosoft Media Player 4.1.7, 4.1.8, and possibly earlier versions allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in a .M3U file. NOTE: some of these details are obtained from third party information.
by securfrog
CVE-2008-0802 EXPLOITDB perl VERIFIED
MediaSlide (com_mediaslide) 0.5 - SQL Injection via albumnum Parameter
SQL injection vulnerability in index.php in the MediaSlide (com_mediaslide) 0.5 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the albumnum parameter in a contact action.
by Inphex
CVE-2008-1177 EXPLOITDB perl VERIFIED
Affiliate Market 0.1 BETA - SQL Injection
SQL injection vulnerability in shop/detail.php in Affiliate Market (affmarket) 0.1 BETA allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Khashayar Fereidani
EIP-2026-113135 EXPLOITDB perl VERIFIED
vKios 2.0.0 - 'cat' SQL Injection
by NTOS-Team
CVE-2008-0735 EXPLOITDB perl VERIFIED
AuraCMS 2.2 - SQL Injection via Albums Parameter
SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in AuraCMS 2.2 allows remote attackers to execute arbitrary SQL commands via the albums parameter.
by DNX
CVE-2007-5056 EXPLOITDB perl VERIFIED
ADOdb Lite < 1.42 - Remote Code Execution via last_module Parameter
Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter.
by Iron
CVE-2007-5056 EXPLOITDB perl VERIFIED
ADOdb Lite < 1.42 - Remote Code Execution via last_module Parameter
Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter.
by Iron
CVE-2008-0661 EXPLOITDB perl VERIFIED
dBpowerAMP Audio Player Release 2 - Buffer Overflow via Long URI in .M3U File
Buffer overflow in dBpowerAMP Audio Player Release 2 allows remote attackers to execute arbitrary code via a .M3U file with a long URI. NOTE: this might be the same issue as CVE-2004-1569.
by securfrog
CVE-2008-0787 EXPLOITDB perl VERIFIED
Mybulletinboard - SQL Injection
SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php.
by F
CVE-2008-0619 EXPLOITDB perl VERIFIED
Nero MediaPlayer < 1.4.0.35 - Remote Code Execution via Long URI in M3U File
Buffer overflow in NeroMediaPlayer.exe in Nero Media Player 1.4.0.35 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (persistent crash) via a long URI in a .M3U file.
by securfrog
CVE-2008-0661 EXPLOITDB perl VERIFIED
dBpowerAMP Audio Player Release 2 - Buffer Overflow via Long URI in .M3U File
Buffer overflow in dBpowerAMP Audio Player Release 2 allows remote attackers to execute arbitrary code via a .M3U file with a long URI. NOTE: this might be the same issue as CVE-2004-1569.
by securfrog
CVE-2008-0676 EXPLOITDB perl VERIFIED
A-Blog 2 - Cross-Site Scripting via Search Words Parameter
Cross-site scripting (XSS) vulnerability in search.php in A-Blog 2 allows remote attackers to inject arbitrary web script or HTML via the words parameter.
by Khashayar Fereidani
CVE-2008-0590 EXPLOITDB perl VERIFIED
WS_FTP Server 6.1.0.0 - Authenticated Buffer Overflow via Long Opendir Command
Buffer overflow in Ipswitch WS_FTP Server with SSH 6.1.0.0 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long opendir command.
by securfrog
CVE-2008-0677 EXPLOITDB perl VERIFIED
A-Blog 2 - SQL Injection via News Action ID Parameter
SQL injection vulnerability in blog.php in A-Blog 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a news action.
by Khashayar Fereidani
CVE-2008-0702 EXPLOITDB perl VERIFIED
Titan FTP Server 6.03 and 6.0.5.549 - Heap-Based Buffer Overflow via USER or PASS Command
Multiple heap-based buffer overflows in Titan FTP Server 6.03 and 6.0.5.549 allow remote attackers to cause a denial of service (daemon crash or hang) and possibly execute arbitrary code via a long argument to the (1) USER or (2) PASS command, different vectors than CVE-2004-1641.
by securfrog
CVE-2008-0770 EXPLOITDB perl VERIFIED
ibProArcade < 3.3.0 - SQL Injection via g_display_order Cookie Parameter
SQL injection vulnerability in arcade.php in ibProArcade 3.3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the g_display_order cookie parameter.
by RST/GHC
CVE-2008-0502 EXPLOITDB perl VERIFIED
Connectix Boards < 0.8.2 - Remote Code Execution via Template Path Parameter
PHP remote file inclusion vulnerability in templates/Official/part_userprofile.php in Connectix Boards 0.8.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the template_path parameter.
by Houssamix
EIP-2026-114498 EXPLOITDB perl VERIFIED
YaBB SE 1.5.5 - Remote Command Execution
by RST/GHC
CVE-2008-0478 EXPLOITDB perl VERIFIED
SetCMS 3.6.5 - Path Traversal and Arbitrary File Execution via set Parameter
Directory traversal vulnerability in index.php in SetCMS 3.6.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the set parameter, as demonstrated by sending a certain CLIENT_IP HTTP header in an enter action to index.php, and injecting PHP sequences into files/enter.set, which is then included by index.php.
by RST/GHC
By Source
All 2,809 Writeup 62,204 Exploitdb 50,076 Nomisec 22,391 Github 3,608 Metasploit 3,311 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,563 ruby 6,002 c 3,626 perl 2,849 html 2,075 php 1,333 bash 462 java 370 c++ 260 javascript 229 shell 131 go 73 postscript 25 typescript 25