Exploitdb Exploits

2,809 exploits tracked across all sources.

Sort: Activity Stars
CVE-2007-0572 EXPLOITDB perl VERIFIED
Drunken:Golem Gaming Portal <0.5.1 - RCE
PHP remote file inclusion vulnerability in include/irc/phpIRC.php in Drunken:Golem Gaming Portal 0.5.1 Alpha 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
by MackRulZ
CVE-2007-0561 EXPLOITDB perl VERIFIED
Xero Portal 1.2 - Remote File Inclusion via phpbb_root_path Parameter
Multiple PHP remote file inclusion vulnerabilities in Xero Portal 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) admin_linkdb.php, (2) admin_forum_prune.php, (3) admin_extensions.php, (4) admin_board.php, (5) admin_attachments.php, or (6) admin_users.php in admin/.
by Mehmet Ince
CVE-2007-0504 EXPLOITDB perl VERIFIED
Vote! Pro < 4.0 - Remote Code Execution via poll_frame.php poll_id Parameter
Eval injection vulnerability in poll_frame.php in Vote! Pro 4.0, and possibly other scripts, allows remote attackers to execute arbitrary code via the poll_id parameter, which is supplied to an eval function call, a different vulnerability type than CVE-2005-4632.
by r0ut3r
CVE-2007-0535 EXPLOITDB perl VERIFIED
Vote! Pro < 4.0 - Remote Code Execution via poll_id Parameter
Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly earlier, allow remote attackers to execute arbitrary code via requests to unspecified PHP scripts with the poll_id parameter, which is supplied to eval function calls, a different set of vectors than CVE-2007-0504. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
by r0ut3r
CVE-2007-0489 EXPLOITDB perl VERIFIED
VisoHotlink < 1.01 - Remote File Inclusion via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in includes/functions.visohotlink.php in VisoHotlink 1.01 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
by bd0rk
CVE-2007-0501 EXPLOITDB perl VERIFIED
mafia_scum_tools < 2.0.0 - Remote Code Execution via Gen Parameter
PHP remote file inclusion vulnerability in index.php in Mafia Scum Tools 2.0.0 in Matthew Wardrop Advanced Random Generators (adv-random-gen) allows remote attackers to execute arbitrary PHP code via a URL in the gen parameter.
by DeltahackingTEAM
CVE-2007-0499 EXPLOITDB perl VERIFIED
phpIndexPage <= 1.0.1 - Remote Code Execution via env[inc_path] Parameter
PHP remote file inclusion vulnerability in config.php in Sangwan Kim phpIndexPage 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[inc_path] parameter.
by DeltahackingTEAM
CVE-2007-0024 EXPLOITDB perl VERIFIED
Internet Explorer - Remote Code Execution via VML Integer Overflow
Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."
by pang0
CVE-2006-0441 EXPLOITDB perl VERIFIED
Sami FTP Server 2.0.1 - Stack-Based Buffer Overflow via Long USER Command
Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote attackers to execute arbitrary code via a long USER command, which triggers the overflow when the log is viewed.
by UmZ
CVE-2007-0388 EXPLOITDB perl VERIFIED
Woltlab Burning Board < 1.0.2 and <= 2.3.6 - SQL Injection via BoardID Parameters
SQL injection vulnerability in search.php in Woltlab Burning Board (wBB) 1.0.2 and earlier, and 2.3.6 and earlier in the 2.x series, allows remote attackers to execute arbitrary SQL commands via the boardids[1] and other boardids[] parameters.
by 666
CVE-2007-0388 EXPLOITDB perl VERIFIED
Woltlab Burning Board < 1.0.2 and <= 2.3.6 - SQL Injection via BoardID Parameters
SQL injection vulnerability in search.php in Woltlab Burning Board (wBB) 1.0.2 and earlier, and 2.3.6 and earlier in the 2.x series, allows remote attackers to execute arbitrary SQL commands via the boardids[1] and other boardids[] parameters.
by trew
CVE-2007-0354 EXPLOITDB perl VERIFIED
MGB OpenSource Guestbook <= 0.5.4.5 - SQL Injection via email.php id Parameter
SQL injection vulnerability in email.php in MGB OpenSource Guestbook 0.5.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by SlimTim10
CVE-2006-4948 EXPLOITDB perl VERIFIED
ProSysInfo TFTP Server TFTPDWIN <0.4.2 - Buffer Overflow
Stack-based buffer overflow in tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a long file name. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
by Jacopo Cervini
CVE-2006-1255 EXPLOITDB perl VERIFIED
Mercur Messaging 5.0 SP3 - Buffer Overflow
Stack-based buffer overflow in the IMAP service in Mercur Messaging 5.0 SP3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string to the (1) LOGIN or (2) SELECT command, a different set of attack vectors and possibly a different vulnerability than CVE-2003-1177.
by Jacopo Cervini
CVE-2008-4616 EXPLOITDB perl VERIFIED
SpamBam Plugin for WordPress - Comment Restriction Bypass via Server-Supplied Shared Key
The SpamBam plugin for WordPress allows remote attackers to bypass restrictions and add blog comments by using server-supplied values to calculate a shared key.
by Romero
CVE-2006-4071 EXPLOITDB perl VERIFIED
Microsoft Windows XP and Server 2003 - Denial of Service via WMF File Sign Extension
Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file.
by cyanid-E
CVE-2007-0306 EXPLOITDB perl VERIFIED
DigiAffiliate < 1.4 - SQL Injection via visu_user.asp id Parameter
SQL injection vulnerability in visu_user.asp in Digiappz DigiAffiliate 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by ajann
CVE-2007-0168 EXPLOITDB perl VERIFIED
BrightStor ARCserve Backup 9.01-11.5 - Remote Code Execution via Tape Engine RPC Opnum 0xBF
The Tape Engine service in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allows remote attackers to execute arbitrary code via certain data in opnum 0xBF in an RPC request, which is directly executed.
by Tenable NS
CVE-2007-0200 EXPLOITDB perl VERIFIED
Geoffrey Golliher Axiom Photo/News Gallery 0.8.6 - RCE
PHP remote file inclusion vulnerability in template.php in Geoffrey Golliher Axiom Photo/News Gallery (axiompng) 0.8.6 allows remote attackers to execute arbitrary PHP code via a URL in the baseAxiomPath parameter.
by DeltahackingTEAM
CVE-2007-0120 EXPLOITDB perl VERIFIED
Acunetix Web Vulnerability Scanner < 4.0_build_2006-07-17 - Denial of Service via Invalid Content-Length HTTP Requests
Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and earlier allows remote attackers to cause a denial of service (application crash) via multiple HTTP requests containing invalid Content-Length values.
by nitr0us
CVE-2007-0128 EXPLOITDB perl VERIFIED
Digirez < 3.4 - SQL Injection via info_book.asp book_id Parameter
SQL injection vulnerability in info_book.asp in Digirez 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the book_id parameter.
by ajann
CVE-2007-0098 EXPLOITDB perl VERIFIED
VerliAdmin < 0.3 - Directory Traversal via Language Cookie
Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
by Kw3[R]Ln
EIP-2026-103250 EXPLOITDB perl VERIFIED
Xine 0.99.4 - '.m3u' Remote Format String
by Kevin Finisterre
CVE-2007-0017 EXPLOITDB perl VERIFIED
VLC Media Player 0.7.0-0.8.6 - Remote Code Execution via Format String in CDDA/VCDX URI Handler
Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file.
by MoAB
CVE-2007-0017 EXPLOITDB perl VERIFIED
VLC Media Player 0.7.0-0.8.6 - Remote Code Execution via Format String in CDDA/VCDX URI Handler
Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file.
by MoAB
By Source
All 2,809 Writeup 62,302 Exploitdb 50,076 Nomisec 22,417 Github 3,632 Metasploit 3,314 Vulncheck_xdb 929 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,573 ruby 6,005 c 3,628 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 229 shell 131 go 73 postscript 25 typescript 25