Exploitdb Exploits

2,809 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-103847 EXPLOITDB perl VERIFIED
Apache mod_jk 1.2.19/1.2.20 - Remote Buffer Overflow
by eliteboy
CVE-2007-3340 EXPLOITDB perl VERIFIED
BugHunter HTTP SERVER 1.6.2 - Denial of Service via Nonexistent Page Requests
BugHunter HTTP SERVER (httpsv.exe) 1.6.2 allows remote attackers to cause a denial of service (application crash) via a large number of requests for nonexistent pages.
by Prili
CVE-2007-3358 EXPLOITDB perl VERIFIED
SerWeb < 0.9.6 - Remote File Inclusion via _SERWEB[serwebdir] Parameter
PHP remote file inclusion vulnerability in html/load_lang.php in SerWeb 0.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _SERWEB[serwebdir] parameter.
by Kw3[R]Ln
CVE-2007-3292 EXPLOITDB perl VERIFIED
LiveCMS <= 3.4 - Unauthenticated Arbitrary File Upload via Article Image Parameter
Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier allows remote attackers to upload and execute arbitrary PHP code by specifying a PHP file type in a parameter intended for "a small image" associated with an article.
by g00ns
CVE-2007-3291 EXPLOITDB perl VERIFIED
LiveCMS <= 3.4 - Cross-Site Scripting via Article Name Parameter
Cross-site scripting (XSS) vulnerability in LiveCMS 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via an article name, possibly involving the titulo parameter in article.php.
by g00ns
CVE-2007-3290 EXPLOITDB perl VERIFIED
LiveCMS <= 3.4 - SQL Injection via Categoria.php cid Parameter
categoria.php in LiveCMS 3.4 and earlier allows remote attackers to obtain sensitive information via a ' (quote) character in the cid parameter, which reveals the path in a forced SQL error message.
by g00ns
CVE-2007-3293 EXPLOITDB perl VERIFIED
LiveCMS <= 3.4 - SQL Injection via Categoria.php cid Parameter
SQL injection vulnerability in categoria.php in LiveCMS 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by g00ns
CVE-2007-3325 EXPLOITDB perl VERIFIED
LAN Management System < 1.6.9 - Remote File Inclusion via _LIB_DIR Parameter
PHP remote file inclusion vulnerability in lib/language.php in LAN Management System (LMS) 1.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643 and CVE-2007-2205.
by Kw3[R]Ln
CVE-2007-3234 EXPLOITDB perl VERIFIED
Fuzzylime Forum 1.0 - SQL Injection via Topic Parameter
SQL injection vulnerability in low.php in Fuzzylime Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the topic parameter.
by Silentz
CVE-2007-3235 EXPLOITDB perl VERIFIED
Fuzzylime Forum 1.0 - Cross-Site Scripting via Topic Parameter
Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum 1.0 allows remote attackers to inject arbitrary web script or HTML via the topic parameter. NOTE: this might be resultant from SQL injection.
by Silentz
CVE-2007-3159 EXPLOITDB perl VERIFIED
MiniWeb Http Server 0.8.x - Denial of Service via Negative Content-Length Header
http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a denial of service (application crash) via a negative value in the Content-Length HTTP header.
by gbr
CVE-2007-3088 EXPLOITDB perl VERIFIED
Comicsense - SQL Injection via epi Parameter
SQL injection vulnerability in index.php in Comicsense allows remote attackers to execute arbitrary SQL commands via the epi parameter.
by Silentz
EIP-2026-103450 EXPLOITDB perl VERIFIED
DRDoS - Distributed Reflection Denial of Service
by whoppix
CVE-2007-2791 EXPLOITDB perl VERIFIED
HP Tru64 UNIX <5.1B-4/5.1B-3 - Info Disclosure
Unspecified vulnerability in the Secure Shell (SSH) in HP Tru64 UNIX 5.1B-4 and 5.1B-3 allows remote attackers to identify valid users via unspecified vectors, probably related to timing attacks and AuthInteractiveFailureRandomTimeout.
by bunker
CVE-2007-2942 EXPLOITDB perl VERIFIED
My Little Forum <1.7 - SQL Injection
SQL injection vulnerability in user.php in My Little Forum 1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Silentz
CVE-2007-2888 EXPLOITDB perl VERIFIED
UltraISO <8.6.2.2011 - Buffer Overflow
Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows user-assisted remote attackers to execute arbitrary code via a long FILE string (filename) in a .cue file, a related issue to CVE-2007-2761. NOTE: some details are obtained from third party information.
by n00b
CVE-2007-2889 EXPLOITDB perl VERIFIED
Dokeos < 1.6.5 - SQL Injection via scormcontopen Parameter
SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the scormcontopen parameter.
by Silentz
CVE-2007-2901 EXPLOITDB perl VERIFIED
Dokeos < 1.8.0 - Cross-Site Scripting via ImageManager img Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the img parameter to main/inc/lib/fckeditor/editor/plugins/ImageManager/editor.php and other unspecified vectors.
by Silentz
CVE-2007-2884 EXPLOITDB perl VERIFIED
Microsoft Visual Basic 6 - Buffer Overflow
Multiple stack-based buffer overflows in Microsoft Visual Basic 6 allow user-assisted remote attackers to cause a denial of service (CPU consumption) or execute arbitrary code via a Visual Basic Project (vbp) file with a long (1) Description or (2) Company Name (VersionCompanyName) field.
by UmZ
CVE-2007-2884 EXPLOITDB perl VERIFIED
Microsoft Visual Basic 6 - Buffer Overflow
Multiple stack-based buffer overflows in Microsoft Visual Basic 6 allow user-assisted remote attackers to cause a denial of service (CPU consumption) or execute arbitrary code via a Visual Basic Project (vbp) file with a long (1) Description or (2) Company Name (VersionCompanyName) field.
by UmZ
CVE-2007-2902 EXPLOITDB perl VERIFIED
Dokeos < 1.8.0 - Authenticated SQL Injection via Course Parameter
SQL injection vulnerability in main/auth/my_progress.php in Dokeos 1.8.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the course parameter.
by Silentz
EIP-2026-115664 EXPLOITDB perl VERIFIED
Microsoft IIS 6.0 - '/AUX / '.aspx' Remote Denial of Service
by kingcope
CVE-2007-2750 EXPLOITDB perl VERIFIED
SimpNews < 2.40.01 - SQL Injection via print.php newsnr Parameter
SQL injection vulnerability in print.php in SimpNews 2.40.01 and earlier allows remote attackers to execute arbitrary SQL commands via the newsnr parameter.
by Silentz
CVE-2007-2749 EXPLOITDB perl VERIFIED
faqengine < 4.16.03 - SQL Injection via questionref Parameter
SQL injection vulnerability in question.php in FAQEngine 4.16.03 and earlier allows remote attackers to execute arbitrary SQL commands via the questionref parameter in a display action.
by Silentz
CVE-2007-2737 EXPLOITDB perl VERIFIED
MyConference 1.0 for Xoops - SQL Injection via cid Parameter
SQL injection vulnerability in index.php in the MyConference 1.0 module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ajann
By Source
All 2,809 Writeup 62,260 Exploitdb 50,076 Nomisec 22,408 Github 3,623 Metasploit 3,312 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,570 ruby 6,003 c 3,626 perl 2,849 html 2,075 php 1,333 bash 462 java 371 c++ 261 javascript 229 shell 131 go 73 postscript 25 typescript 25