Exploitdb Exploits

2,814 exploits tracked across all sources.

Sort: Activity Stars
CVE-2007-1542 EXPLOITDB perl VERIFIED
Cisco 7940 Router - Denial of Service
Unspecified vulnerability in the Cisco IP Phone 7940 and 7960 running firmware before POS8-6-0 allows remote attackers to cause a denial of service via the Remote-Party-ID sipURI field in a SIP INVITE request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by MADYNES
CVE-2007-1616 EXPLOITDB perl VERIFIED
Scriptmagix Lyrics < 2.0 - SQL Injection
SQL injection vulnerability in index.php in ScriptMagix Lyrics 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the recid parameter.
by ajann
CVE-2007-1539 EXPLOITDB perl VERIFIED
Pragmamx Landkarten - Path Traversal
Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
by bd0rk
CVE-2007-1633 EXPLOITDB perl VERIFIED
Giorgio Ciranni Splatt Forum - Path Traversal
Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
by GoLd_M
CVE-2007-1501 EXPLOITDB perl VERIFIED
Avant Force Avant Browser - Buffer Overflow
Stack-based buffer overflow in Avant Browser 11.0 build 26 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Content-Type HTTP header.
by DATA_SNIPER
CVE-2007-1617 EXPLOITDB perl VERIFIED
Scriptmagix Recipes < 2.0 - SQL Injection
SQL injection vulnerability in index.php in ScriptMagix Recipes 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
by ajann
CVE-2007-1619 EXPLOITDB perl VERIFIED
Scriptmagix Photo Rating < 2.0 - SQL Injection
SQL injection vulnerability in viewcomments.php in ScriptMagix Photo Rating 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the phid parameter.
by ajann
CVE-2007-1615 EXPLOITDB perl VERIFIED
Scriptmagix Jokes < 2.0 - SQL Injection
SQL injection vulnerability in index.php in ScriptMagix Jokes 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
by ajann
CVE-2007-1618 EXPLOITDB perl VERIFIED
Scriptmagix Faq Builder < 2.0 - SQL Injection
SQL injection vulnerability in index.php in ScriptMagix FAQ Builder 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
by ajann
CVE-2007-1621 EXPLOITDB perl VERIFIED
Active PHP Bookmark Notes <0.2.5 - RCE
PHP remote file inclusion vulnerability in templates/head.php in Active PHP Bookmark Notes (APB) 0.2.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the APB_SETTINGS[template_path] parameter. NOTE: this issue might be related to CVE-2003-1254.
by GoLd_M
CVE-2007-1567 EXPLOITDB perl VERIFIED
War FTP Daemon < 1.65 - Buffer Overflow
Stack-based buffer overflow in War FTP Daemon 1.65, and possibly earlier, allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors, as demonstrated by warftp_165.tar by Immunity. NOTE: this might be the same issue as CVE-1999-0256, CVE-2000-0131, or CVE-2006-2171, but due to Immunity's lack of details, this cannot be certain.
by Umesh Wanve
CVE-2007-1518 EXPLOITDB perl VERIFIED
Woltlab Burning Board - SQL Injection
SQL injection vulnerability in usergroups.php in Woltlab Burning Board (wBB) 2.x allows remote attackers to execute arbitrary SQL commands via the array index of the applicationids array.
by x666
CVE-2007-1516 EXPLOITDB perl VERIFIED
Cicoandcico CcMail 1.0 - RCE
PHP remote file inclusion vulnerability in functions/update.php in Cicoandcico CcMail 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the functions_dir parameter.
by Crackers_Child
CVE-2007-1524 EXPLOITDB perl VERIFIED
Zomplog - Path Traversal
Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
by Bl0od3r
EIP-2026-116401 EXPLOITDB perl VERIFIED
TFTP Server 1.3 - Remote Buffer Overflow (Denial of Service) (PoC)
by Umesh Wanve
CVE-2005-3952 EXPLOITDB perl VERIFIED
PHP Labs Top Auction - SQL Injection
SQL injection vulnerability in PHP Labs Top Auction allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters to viewcat.php, or (3) certain search parameters. NOTE: later a disclosure reported the affected version as 1.0.
by ajann
CVE-2007-1425 EXPLOITDB perl VERIFIED
Triexa Sonicmailer Pro < 3.2.3 - SQL Injection
SQL injection vulnerability in index.php in Triexa SonicMailer Pro 3.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the list parameter in an archive action.
by ajann
CVE-2006-0164 EXPLOITDB perl VERIFIED
phgstats <0.5.1 - RCE
phgstats.inc.php in phgstats before 0.5.1, if register_globals is enabled, allows remote attackers to include arbitrary files and execute arbitrary PHP code by modifying the PHGDIR variable.
by bd0rk
CVE-2007-0217 EXPLOITDB perl VERIFIED
Microsoft Internet Explorer <6 - RCE
The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption.
by Mathew Rowley
CVE-2007-1422 EXPLOITDB perl VERIFIED
Duyuru Scripti - SQL Injection
SQL injection vulnerability in goster.asp in fystyq Duyuru Scripti allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-0688.
by Cr@zy_King
CVE-2007-1404 EXPLOITDB perl VERIFIED
Prosysinfo Tftp Server Tftpdwin - Denial of Service
tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 allows remote attackers to cause a denial of service via a long UDP packet that is not properly handled in a recv_from call. NOTE: this issue might be related to CVE-2006-4948.
by Umesh Wanve
CVE-2007-1397 EXPLOITDB perl VERIFIED
Fish - Buffer Overflow
Multiple stack-based buffer overflows in the (1) ExtractRnick and (2) decrypt_topic_332 functions in FiSH allow remote attackers to execute arbitrary code via long strings.
by ilja van sprundel
CVE-2006-0476 EXPLOITDB perl VERIFIED
Nullsoft Winamp - Buffer Overflow
Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field).
by Umesh Wanve
CVE-2007-1373 EXPLOITDB perl VERIFIED
Pmail Mercury Mail Transport System < 4.01b - Buffer Overflow
Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport System) 4.01b and earlier allows remote attackers to execute arbitrary code via a long LOGIN command. NOTE: this might be the same issue as CVE-2006-5961.
by mu-b
CVE-2007-1339 EXPLOITDB perl VERIFIED
Monitor-line Links Management < 1.0 - SQL Injection
SQL injection vulnerability in index.php in Links Management Application 1.0 allows remote attackers to execute arbitrary SQL commands via the lcnt parameter.
by ajann
By Source
All 2,814 Exploitdb 50,121 Writeup 46,830 Nomisec 21,202 Metasploit 3,189 Github 2,258 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,742 c 3,550 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 69 go 41 postscript 25 xml 24