Exploitdb Exploits

2,814 exploits tracked across all sources.

Sort: Activity Stars
CVE-2007-2750 EXPLOITDB perl VERIFIED
SimpNews <2.40.01 - SQL Injection
SQL injection vulnerability in print.php in SimpNews 2.40.01 and earlier allows remote attackers to execute arbitrary SQL commands via the newsnr parameter.
by Silentz
CVE-2007-2749 EXPLOITDB perl VERIFIED
FAQEngine <4.16.03 - SQL Injection
SQL injection vulnerability in question.php in FAQEngine 4.16.03 and earlier allows remote attackers to execute arbitrary SQL commands via the questionref parameter in a display action.
by Silentz
CVE-2007-2737 EXPLOITDB perl VERIFIED
MyConference 1.0 - SQL Injection
SQL injection vulnerability in index.php in the MyConference 1.0 module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ajann
CVE-2007-2738 EXPLOITDB perl VERIFIED
Glossaire <1.7 - SQL Injection
SQL injection vulnerability in glossaire-p-f.php in the Glossaire 1.7 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the sid parameter in an ImprDef action.
by ajann
CVE-2007-2622 EXPLOITDB perl VERIFIED
TaskDriver <1.2 - SQL Injection
Multiple SQL injection vulnerabilities in TaskDriver 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to login.php or (2) the taskid parameter to notes.php.
by Silentz
CVE-2007-2599 EXPLOITDB perl VERIFIED
TutorialCMS <1.00 - SQL Injection
Multiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or (3) the search parameter to search.php.
by Silentz
CVE-2007-2600 EXPLOITDB perl VERIFIED
TutorialCMS <1.00 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or the (3) search parameter to search.php.
by Silentz
CVE-2007-2598 EXPLOITDB perl VERIFIED
SimpleNews 1.0.0 FINAL - SQL Injection
SQL injection vulnerability in print.php in SimpleNews 1.0.0 FINAL allows remote attackers to execute arbitrary SQL commands via the news_id parameter.
by Silentz
CVE-2007-2560 EXPLOITDB perl VERIFIED
ACGVannu <1.3 - Path Traversal
Directory traversal vulnerability in theme/acgv.php in ACGVannu 1.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the rubrik parameter.
by BeyazKurt
CVE-2007-2628 EXPLOITDB perl VERIFIED
Justin Koivisto SecurityAdmin <4.0.2 - RCE
PHP remote file inclusion vulnerability in include/logout.php in Justin Koivisto SecurityAdmin for PHP (aka PHPSecurityAdmin, PSA) 4.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the PSA_PATH parameter.
by ilker Kandemir
CVE-2007-2506 EXPLOITDB perl VERIFIED
Progress Software Progress <9.1e - DoS
WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO.
by Eelko Neven
CVE-2007-2270 EXPLOITDB perl VERIFIED
Linksys Spa941 - Denial of Service
The Linksys SPA941 VoIP Phone allows remote attackers to cause a denial of service (device reboot) via a 0377 (0xff) character in the From header, and possibly certain other locations, in a SIP INVITE request.
by MADYNES
CVE-2007-2270 EXPLOITDB perl VERIFIED
Linksys Spa941 - Denial of Service
The Linksys SPA941 VoIP Phone allows remote attackers to cause a denial of service (device reboot) via a 0377 (0xff) character in the From header, and possibly certain other locations, in a SIP INVITE request.
by MADYNES
CVE-2007-2211 EXPLOITDB perl VERIFIED
Mybulletinboard < 1.2.5 - SQL Injection
SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action.
by 0x86
EIP-2026-116537 EXPLOITDB perl VERIFIED
Winamp 5.33 - '.avi' Remote Denial of Service
by DeltahackingTEAM
CVE-2007-2212 EXPLOITDB perl VERIFIED
Mybb - SQL Injection
Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) month parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by 0x86
CVE-2007-2186 EXPLOITDB perl VERIFIED
Foxit Pdf Reader - Denial of Service
Foxit Reader 2.0 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.
by n00b
CVE-2007-2180 EXPLOITDB perl VERIFIED
Nullsoft Winamp - Buffer Overflow
Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file.
by WiLdBoY
CVE-2007-2145 EXPLOITDB perl VERIFIED
MiniGal b13 - Code Injection
The imagecomments function in classes.php in MiniGal b13 allows remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the input parameter. NOTE: some of these details are obtained from third party information.
by Dj7xpl
CVE-2007-2146 EXPLOITDB perl VERIFIED
MiniGal b13 - Code Injection
The imagecomments function in classes.php in MiniGal b13 allow remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the (1) name or (2) email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Dj7xpl
CVE-2007-2143 EXPLOITDB perl VERIFIED
Joomla! Be2004-2 - RCE
PHP remote file inclusion vulnerability in index.php in the Be2004-2 template for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
by Cold Zero
EIP-2026-113224 EXPLOITDB perl VERIFIED
Web Service Deluxe News Manager 1.0.1 Deluxe - 'footer.php' Local File Inclusion
by BeyazKurt
CVE-2007-2303 EXPLOITDB perl VERIFIED
News Manager Deluxe - Path Traversal
Directory traversal vulnerability in includes/footer.php in News Manager Deluxe (NMDeluxe) 1.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter.
by BeyazKurt
EIP-2026-109753 EXPLOITDB perl VERIFIED
MyBulletinBoard (MyBB) 1.2.2 - 'CLIENT-IP' SQL Injection
by Elekt
CVE-2007-2313 EXPLOITDB perl VERIFIED
Shotcast 1.0 RC2 - RCE
PHP remote file inclusion vulnerability in getinfo1.php in the Shotcast 1.0 RC2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter.
by bd0rk
By Source
All 2,814 Exploitdb 50,121 Writeup 46,830 Nomisec 21,202 Metasploit 3,189 Github 2,258 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,742 c 3,550 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 69 go 41 postscript 25 xml 24