Exploitdb Exploits

2,809 exploits tracked across all sources.

Sort: Activity Stars
CVE-2007-2738 EXPLOITDB perl VERIFIED
Xoops Glossaire Module < 1.7 - SQL Injection via sid Parameter
SQL injection vulnerability in glossaire-p-f.php in the Glossaire 1.7 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the sid parameter in an ImprDef action.
by ajann
CVE-2007-2622 EXPLOITDB perl VERIFIED
TaskDriver < 1.2 - SQL Injection via Username or Taskid Parameter
Multiple SQL injection vulnerabilities in TaskDriver 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to login.php or (2) the taskid parameter to notes.php.
by Silentz
CVE-2007-2599 EXPLOITDB perl VERIFIED
TutorialCMS < 1.00 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or (3) the search parameter to search.php.
by Silentz
CVE-2007-2600 EXPLOITDB perl VERIFIED
TutorialCMS < 1.00 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or the (3) search parameter to search.php.
by Silentz
CVE-2007-2598 EXPLOITDB perl VERIFIED
SimpleNews 1.0.0 FINAL - SQL Injection
SQL injection vulnerability in print.php in SimpleNews 1.0.0 FINAL allows remote attackers to execute arbitrary SQL commands via the news_id parameter.
by Silentz
CVE-2007-2560 EXPLOITDB perl VERIFIED
ACGVannu < 1.3 - Directory Traversal via Rubrik Parameter
Directory traversal vulnerability in theme/acgv.php in ACGVannu 1.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the rubrik parameter.
by BeyazKurt
CVE-2007-2628 EXPLOITDB perl VERIFIED
Justin Koivisto SecurityAdmin <4.0.2 - RCE
PHP remote file inclusion vulnerability in include/logout.php in Justin Koivisto SecurityAdmin for PHP (aka PHPSecurityAdmin, PSA) 4.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the PSA_PATH parameter.
by ilker Kandemir
CVE-2007-2506 EXPLOITDB perl VERIFIED
Progress Software Progress <9.1e - DoS
WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO.
by Eelko Neven
CVE-2007-2270 EXPLOITDB perl VERIFIED
Linksys SPA941 - Denial of Service via SIP INVITE From Header
The Linksys SPA941 VoIP Phone allows remote attackers to cause a denial of service (device reboot) via a 0377 (0xff) character in the From header, and possibly certain other locations, in a SIP INVITE request.
by MADYNES
CVE-2007-2270 EXPLOITDB perl VERIFIED
Linksys SPA941 - Denial of Service via SIP INVITE From Header
The Linksys SPA941 VoIP Phone allows remote attackers to cause a denial of service (device reboot) via a 0377 (0xff) character in the From header, and possibly certain other locations, in a SIP INVITE request.
by MADYNES
CVE-2007-2211 EXPLOITDB perl VERIFIED
MyBulletinBoard < 1.2.5 - SQL Injection via Calendar Day Parameter
SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action.
by 0x86
EIP-2026-116537 EXPLOITDB perl VERIFIED
Winamp 5.33 - '.avi' Remote Denial of Service
by DeltahackingTEAM
CVE-2007-2212 EXPLOITDB perl VERIFIED
MyBB <= 1.2.5 - SQL Injection via Calendar Year or Month Parameter
Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) month parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by 0x86
CVE-2007-2186 EXPLOITDB perl VERIFIED
Foxit Reader 2.0 - Denial of Service via Crafted PDF Document
Foxit Reader 2.0 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.
by n00b
CVE-2007-2180 EXPLOITDB perl VERIFIED
Nullsoft Winamp 5.3 - Denial of Service via Crafted WMV File
Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file.
by WiLdBoY
CVE-2007-2145 EXPLOITDB perl VERIFIED
MiniGal b13 - Remote Code Execution via Image Comments Input Parameter
The imagecomments function in classes.php in MiniGal b13 allows remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the input parameter. NOTE: some of these details are obtained from third party information.
by Dj7xpl
CVE-2007-2146 EXPLOITDB perl VERIFIED
MiniGal b13 - Remote Code Execution via Name or Email Parameter
The imagecomments function in classes.php in MiniGal b13 allow remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the (1) name or (2) email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Dj7xpl
CVE-2007-2143 EXPLOITDB perl VERIFIED
Joomla Be2004-2 Template - Remote File Inclusion via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in index.php in the Be2004-2 template for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
by Cold Zero
EIP-2026-113224 EXPLOITDB perl VERIFIED
Web Service Deluxe News Manager 1.0.1 Deluxe - 'footer.php' Local File Inclusion
by BeyazKurt
CVE-2007-2303 EXPLOITDB perl VERIFIED
News Manager Deluxe 1.0.1 - Remote File Inclusion via Template Parameter
Directory traversal vulnerability in includes/footer.php in News Manager Deluxe (NMDeluxe) 1.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter.
by BeyazKurt
EIP-2026-109753 EXPLOITDB perl VERIFIED
MyBulletinBoard (MyBB) 1.2.2 - 'CLIENT-IP' SQL Injection
by Elekt
CVE-2007-2313 EXPLOITDB perl VERIFIED
mx_shotcast 1.0 RC2 - Remote File Inclusion via mx_root_path Parameter
PHP remote file inclusion vulnerability in getinfo1.php in the Shotcast 1.0 RC2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter.
by bd0rk
EIP-2026-106657 EXPLOITDB perl VERIFIED
e107 0.7.8 - 'mailout.php' (Authenticated) Access Escalation
by Gammarays
CVE-2007-1906 EXPLOITDB perl VERIFIED
eCardMAX HotEditor 4.0 - Local File Inclusion via richedit/keyboard.php Parameter
Directory traversal vulnerability in richedit/keyboard.php in eCardMAX HotEditor (Hot Editor) 4.0, and the HotEditor plugin for MyBB, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the first parameter.
by Liz0ziM
CVE-2007-1934 EXPLOITDB perl VERIFIED
eBoard 1.0.7 module for PHP-Nuke - Directory Traversal via GLOBALS[name] Parameter
Directory traversal vulnerability in member.php in the eBoard 1.0.7 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[name] parameter.
by bd0rk
By Source
All 2,809 Writeup 62,282 Exploitdb 50,076 Nomisec 22,409 Github 3,626 Metasploit 3,312 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,570 ruby 6,003 c 3,626 perl 2,849 html 2,075 php 1,333 bash 462 java 371 c++ 261 javascript 229 shell 131 go 73 postscript 25 typescript 25