Exploitdb Exploits

2,814 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-103250 EXPLOITDB perl VERIFIED
Xine 0.99.4 - '.m3u' Remote Format String
by Kevin Finisterre
CVE-2007-0017 EXPLOITDB perl VERIFIED
Videolan Vlc Media Player - Format String Vulnerability
Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file.
by MoAB
CVE-2007-0017 EXPLOITDB perl VERIFIED
Videolan Vlc Media Player - Format String Vulnerability
Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file.
by MoAB
CVE-2007-0055 EXPLOITDB perl VERIFIED
Fersch Formbankserver - Path Traversal
Directory traversal vulnerability in formbankcgi.exe/AbfrageForm in Formbankserver 1.9 allows remote attackers to read arbitrary files via directory traversal sequences in the Name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
by Bl0od3r
CVE-2006-6910 EXPLOITDB perl VERIFIED
Fersch Formbankserver - Denial of Service
formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begins with Abfrage, allows remote attackers to cause a denial of service (daemon crash) via multiple requests containing many /../ sequences in the Name parameter.
by Bl0od3r
CVE-2007-0138 EXPLOITDB perl VERIFIED
Fersch Formbankserver - Denial of Service
formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begins with (1) AbfrageForm or (2) EingabeForm, allows remote attackers to cause a denial of service (daemon crash) via multiple requests containing many /../ sequences in the Name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
by Bl0od3r
CVE-2006-6859 EXPLOITDB perl VERIFIED
Website Designs FOR Less Click N Print Coupons < 2005-01-00 - SQL Injection
SQL injection vulnerability in coupon_detail.asp in Website Designs For Less Click N' Print Coupons 2005.01 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter.
by ajann
CVE-2006-6823 EXPLOITDB perl VERIFIED
Yrch! 1.0 - RCE
PHP remote file inclusion vulnerability in plugins/metasearch/plug.inc.php in Yrch! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
by DeltahackingTEAM
CVE-2006-6810 EXPLOITDB perl VERIFIED
DB Hub <0.3 - DoS
Unspecified vulnerability in the clear_user_list function in src/main.c in DB Hub 0.3 allows remote attackers to cause a denial of service (application crash) via crafted network traffic, which triggers memory corruption.
by Critical Security
CVE-2006-6878 EXPLOITDB perl VERIFIED
PHP-Update <2.7 - Privilege Escalation
admin/uploads.php in PHP-Update 2.7 and earlier allows remote attackers to gain privileges by setting the rights[7] parameter to 1 during a login action.
by undefined1_
CVE-2006-6879 EXPLOITDB perl VERIFIED
PHP-Update <2.7 - RCE
Unrestricted file upload vulnerability in admin/uploads.php in PHP-Update 2.7 and earlier allows remote authenticated users to upload arbitrary PHP scripts to the gfx/ and files/ directories via the userfile parameter.
by undefined1_
CVE-2006-6349 EXPLOITDB perl VERIFIED
PWP Technologies The Classified Ad System - SQL Injection
Multiple SQL injection vulnerabilities in PWP Technologies The Classified Ad System allow remote attackers to execute arbitrary SQL commands via (1) the main parameter in a view action (includes/mainpage/view.asp) in default.asp or (2) a query in the search engine.
by ajann
CVE-2006-6796 EXPLOITDB perl VERIFIED
MTCMS <2.0 - RCE
PHP remote file inclusion vulnerability in admin/admin_settings.php in MTCMS 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ins_file parameter.
by nuffsaid
CVE-2006-6773 EXPLOITDB perl VERIFIED
Fishyshoop 0.930 beta - RCE
pages/register/register.php in Fishyshoop 0.930 beta allows remote attackers to create arbitrary administrative users by setting the is_admin HTTP POST parameter to 1.
by James Gray
CVE-2006-6774 EXPLOITDB perl VERIFIED
Ciberia Content Federator 1.0 - RCE
PHP remote file inclusion vulnerability in socios/maquetacion_socio.php (members/maquetacion_member.php) in Ciberia Content Federator 1.0 allows remote attackers to execute arbitrary PHP code via the path parameter. NOTE: some of these details are obtained from third party information.
by DeltahackingTEAM
CVE-2006-6790 EXPLOITDB perl VERIFIED
Ultimate PHP Board <2.0b1 - Code Injection
Direct static code injection vulnerability in chat/login.php in Ultimate PHP Board (UPB) 2.0b1 and earlier allows remote attackers to inject arbitrary PHP code via the username parameter, which is injected into chat/text.php.
by nuffsaid
CVE-2006-6765 EXPLOITDB perl VERIFIED
Pagetool 1.07 - RCE
Multiple PHP file inclusion vulnerabilities in src/admin/pt_upload.php in Pagetool 1.07 allow remote attackers to execute arbitrary PHP code via (1) a local filename or FTP/share URI in the config_file parameter or (2) a URL in the ptconf[src] parameter.
by g00ns
CVE-2006-6787 EXPLOITDB perl VERIFIED
Newsletter MX <1.0.2 - SQL Injection
SQL injection vulnerability in admin/admin_mail_adressee.asp in Newsletter MX 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by ajann
CVE-2006-6813 EXPLOITDB perl VERIFIED
Mxmania FUM <1.0.6 - SQL Injection
SQL injection vulnerability in detail.asp in Mxmania File Upload Manager (FUM) 1.0.6 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by ajann
CVE-2006-6775 EXPLOITDB perl VERIFIED
acFTP 1.5 - DoS
acFTP 1.5 allows remote authenticated users to cause a denial of service via a crafted argument to the (1) REST or (2) PBSZ command.
by gbr
CVE-2006-6802 EXPLOITDB perl VERIFIED
Enthrallweb ePages - SQL Injection
SQL injection vulnerability in actualpic.asp in Enthrallweb ePages allows remote attackers to execute arbitrary SQL commands via the Biz_ID parameter.
by ajann
CVE-2006-6806 EXPLOITDB perl VERIFIED
Enthrallweb eMates 1.0 - SQL Injection
SQL injection vulnerability in newsdetail.asp in Enthrallweb eMates 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by ajann
CVE-2006-6805 EXPLOITDB perl VERIFIED
Enthrallweb eJobs - SQL Injection
SQL injection vulnerability in newsdetail.asp in Enthrallweb eJobs allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by ajann
CVE-2006-6755 EXPLOITDB perl VERIFIED
Ixprim 1.2 - Info Disclosure
Ixprim 1.2 allows remote attackers to obtain sensitive information via a direct request for kernel/plugins/fckeditor2/ixprim_api.php, which reveals the path in an error message.
by DarkFig
CVE-2006-6758 EXPLOITDB perl VERIFIED
Http Explorer 1.02 - Path Traversal
Directory traversal vulnerability in Http explorer 1.02 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the URI.
by str0ke
By Source
All 2,814 Exploitdb 50,121 Writeup 46,831 Nomisec 21,202 Metasploit 3,189 Github 2,265 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,745 c 3,550 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 73 go 41 postscript 25 xml 24