Exploitdb Exploits

2,814 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-106657 EXPLOITDB perl VERIFIED
e107 0.7.8 - 'mailout.php' (Authenticated) Access Escalation
by Gammarays
CVE-2007-1906 EXPLOITDB perl VERIFIED
Ecardmax.com Hot Editor - Path Traversal
Directory traversal vulnerability in richedit/keyboard.php in eCardMAX HotEditor (Hot Editor) 4.0, and the HotEditor plugin for MyBB, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the first parameter.
by Liz0ziM
CVE-2007-1934 EXPLOITDB perl VERIFIED
Php-nuke Eboard Module - Path Traversal
Directory traversal vulnerability in member.php in the eBoard 1.0.7 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[name] parameter.
by bd0rk
CVE-2007-2367 EXPLOITDB perl VERIFIED
Wserve HTTP Server <4.6 - Buffer Overflow
Buffer overflow in wserve_console.exe in Wserve HTTP Server (whttp) 4.6 allows remote attackers to cause a denial of service (forced application exit) via a long directory name in the URI.
by WiLdBoY
CVE-2007-2370 EXPLOITDB perl VERIFIED
John Mordo Jobs <2.4 - SQL Injection
SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a jobsview action. NOTE: the module name was originally reported as Job Listings.
by ajann
CVE-2007-1819 EXPLOITDB perl VERIFIED
HP Mercury Quality Center - Memory Corruption
Stack-based buffer overflow in the SPIDERLib.Loader ActiveX control (Spider90.ocx) 9.1.0.4353 in TestDirector (TD) for Mercury Quality Center 9.0 before Patch 12.1, and 8.2 SP1 before Patch 32, allows remote attackers to execute arbitrary code via a long ProgColor property.
by ri0t
CVE-2007-1960 EXPLOITDB perl VERIFIED
Xoops Rha7 Downloads Module - SQL Injection
SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS, and possibly other versions up to 1.10, allows remote attackers to execute arbitrary SQL commands via the lid parameter.
by ajann
CVE-2007-1983 EXPLOITDB perl VERIFIED
Cyboards PHP Lite 1.21 - RCE
PHP remote file inclusion vulnerability in include/default_header.php in Cyboards PHP Lite 1.21 allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter, a different vector than CVE-2006-2871.
by bd0rk
CVE-2007-1897 EXPLOITDB perl VERIFIED
Wordpress < 2.1.2 - SQL Injection
SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable.
by Sumit Siddharth
CVE-2007-1882 EXPLOITDB perl VERIFIED
HP Mercury Quality Center <9.1.0.4352 - SQL Injection
qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury Quality Center 9.0 build 9.1.0.4352 allows remote authenticated users to execute arbitrary SQL commands via the RunQuery method.
by Isma Khan
CVE-2007-1974 EXPLOITDB perl VERIFIED
Wf-sections < 1.07 - SQL Injection
SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php.
by ajann
CVE-2007-1974 EXPLOITDB perl VERIFIED
Wf-sections < 1.07 - SQL Injection
SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php.
by ajann
CVE-2007-1811 EXPLOITDB perl VERIFIED
Chapi Tiny Event < 1.01 - SQL Injection
SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action.
by ajann
CVE-2007-1807 EXPLOITDB perl VERIFIED
Peak Xoops Myalbum P < 2.0 - SQL Injection
SQL injection vulnerability in modules/myalbum/viewcat.php in the myAlbum-P 2.0 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by ajann
CVE-2007-1810 EXPLOITDB perl VERIFIED
Kaotik Kshop < 1.17 - SQL Injection
SQL injection vulnerability in product_details.php in the Kshop 1.17 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter.
by ajann
CVE-2007-1813 EXPLOITDB perl VERIFIED
Inconnueteam Ecal - SQL Injection
SQL injection vulnerability in display.php in the eCal 2.24 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the katid parameter.
by ajann
CVE-2007-1808 EXPLOITDB perl VERIFIED
Camportail < 1.1 - SQL Injection
SQL injection vulnerability in show.php in the Camportail 1.1 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the camid parameter in a showcam action.
by ajann
CVE-2007-1816 EXPLOITDB perl VERIFIED
Xoops Tutoriais Module - SQL Injection
SQL injection vulnerability in viewcat.php in the Tutoriais module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by ajann
CVE-2007-1815 EXPLOITDB perl VERIFIED
Xoops Library Module - SQL Injection
SQL injection vulnerability in viewcat.php in the Library module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by ajann
CVE-2007-1814 EXPLOITDB perl VERIFIED
Xoops Core Module - SQL Injection
SQL injection vulnerability in viewcat.php in the Core module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-0377.
by ajann
CVE-2007-1845 EXPLOITDB perl VERIFIED
PHP Fusion Expanded Calendar Module - SQL Injection
SQL injection vulnerability in show_event.php in the Expanded Calendar (calendar_panel) 2.00 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the m_month parameter.
by UNIQUE-KEY
CVE-2007-1847 EXPLOITDB perl VERIFIED
Xoops Repository Module - SQL Injection
SQL injection vulnerability in viewcat.php in the Repository module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by ajann
CVE-2007-1846 EXPLOITDB perl VERIFIED
Xoops Malaika System Myads Module < 2.04 - SQL Injection
SQL injection vulnerability in index.php in the MyAds 2.04jp and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter, different vectors than CVE-2006-3341.
by ajann
CVE-2007-1801 EXPLOITDB perl VERIFIED
Sblog - Path Traversal
Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
by GoLd_M
CVE-2007-1838 EXPLOITDB perl VERIFIED
Xoops Friendfinder Module < 3.3 - SQL Injection
SQL injection vulnerability in view.php in the Friendfinder 3.3 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter.
by ajann
By Source
All 2,814 Exploitdb 50,121 Writeup 46,830 Nomisec 21,202 Metasploit 3,189 Github 2,258 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,742 c 3,550 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 69 go 41 postscript 25 xml 24