Exploitdb Exploits

2,814 exploits tracked across all sources.

Sort: Activity Stars
CVE-2006-6047 EXPLOITDB perl VERIFIED
Etomite - Path Traversal
Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
by Revenge
CVE-2006-7235 EXPLOITDB perl VERIFIED
5E5 Teamtek Universal FTP Server - Improper Input Validation
Teamtek Universal FTP Server 1.0.50 allows remote attackers to cause a denial of service (daemon crash or hang) via (1) multiple STOR (aka PUT) commands, or an MKD command followed by (2) a '*' argument, (3) a '|' argument, (4) spaces, or (5) a long string. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Praveen Darhanam
CVE-2006-6131 EXPLOITDB perl VERIFIED
Kerio WebSTAR <5.4.2 - Privilege Escalation
Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 and earlier allows local users with webstar privileges to gain root privileges via a malicious libucache.dylib helper library in the current working directory.
by Kevin Finisterre
CVE-2006-7235 EXPLOITDB perl VERIFIED
5E5 Teamtek Universal FTP Server - Improper Input Validation
Teamtek Universal FTP Server 1.0.50 allows remote attackers to cause a denial of service (daemon crash or hang) via (1) multiple STOR (aka PUT) commands, or an MKD command followed by (2) a '*' argument, (3) a '|' argument, (4) spaces, or (5) a long string. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Adriel T. Desautels
CVE-2006-7185 EXPLOITDB perl VERIFIED
CMSmelborp Beta - RCE
PHP remote file inclusion vulnerability in includes/user_standard.php in CMSmelborp Beta allows remote attackers to execute arbitrary PHP code via a URL in the relative_root parameter.
by DeltahackingTEAM
CVE-2006-5880 EXPLOITDB perl VERIFIED
Isystems Munch Pro - SQL Injection
SQL injection vulnerability on the subMenu page in switch.asp in Munch Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
by ajann
CVE-2006-5887 EXPLOITDB perl VERIFIED
Dynamic Dataworx Nuschool - SQL Injection
SQL injection vulnerability in CampusNewsDetails.asp in Dynamic Dataworx NuSchool 1.0 allows remote attackers to execute arbitrary SQL commands via the NewsID parameter.
by ajann
CVE-2006-5886 EXPLOITDB perl VERIFIED
Dynamic Dataworx Nurealestate - SQL Injection
SQL injection vulnerability in propertysdetails.asp in Dynamic Dataworx NuRealestate (NuRems) 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the PropID parameter.
by ajann
CVE-2006-5881 EXPLOITDB perl VERIFIED
Dynamic Dataworx Nucommunity - SQL Injection
SQL injection vulnerability in cl_CatListing.asp in Dynamic Dataworx NuCommunity 1.0 allows remote attackers to execute arbitrary SQL commands via the cl_cat_ID parameter.
by ajann
CVE-2006-5866 EXPLOITDB perl VERIFIED
Phpmanta < 1.0.2 - Path Traversal
Directory traversal vulnerability in Mdoc/view-sourcecode.php for phpManta 1.0.2 and earlier allows remote attackers to read and include arbitrary files via ".." sequences in the file parameter.
by ajann
CVE-2006-5892 EXPLOITDB perl VERIFIED
THE NET Guys Aspired2poll < 1.0 - SQL Injection
SQL injection vulnerability in MoreInfo.asp in The Net Guys ASPired2Poll 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by ajann
EIP-2026-109028 EXPLOITDB perl VERIFIED
KnowledgeBuilder 2.2 - 'visEdit_Control.Class.php' Remote File Inclusion
by igi
CVE-2006-5852 EXPLOITDB perl VERIFIED
OpenBase SQL <10.0.1 - Privilege Escalation
Untrusted search path vulnerability in openexec in OpenBase SQL before 10.0.1 allows local users to gain privileges via a modified PATH that references a malicious helper binary, as demonstrated by (1) cp, (2) rm, and (3) killall, different vectors than CVE-2006-5327.
by Kevin Finisterre
CVE-2006-5851 EXPLOITDB perl VERIFIED
Openbase - Symlink Following
openexec in OpenBase SQL before 10.0.1 allows local users to create arbitrary files via a symlink attack on the /tmp/output file, a different vulnerability than CVE-2006-5328.
by Kevin Finisterre
CVE-2006-5787 EXPLOITDB perl VERIFIED
IPrimal Forums <20061105 - Auth Bypass
admin/index.php in IPrimal Forums as of 20061105 allows remote attackers to bypass authentication and modify user passwords via a direct request, possibly related to an authentication issue in admin/chk_admin.php.
by Bl0od3r
CVE-2006-5802 EXPLOITDB perl VERIFIED
THE WEB Drivers Simple Forum - SQL Injection
SQL injection vulnerability in message_details.php in The Web Drivers Simple Forum, dated 20060318, allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Bl0od3r
CVE-2006-5828 EXPLOITDB perl VERIFIED
Deltascripts Php Classifieds - SQL Injection
SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
by ajann
CVE-2006-5728 EXPLOITDB perl VERIFIED
Dxmsoft XM Easy Personal FTP Server - Resource Management Error
XM Easy Personal FTP Server 5.2.1 and earlier allows remote authenticated users to cause a denial of service via a long argument to the NLST command, possibly involving the -al flags.
by boecke
CVE-2006-5850 EXPLOITDB perl VERIFIED
Essentia Web Server - Buffer Overflow
Stack-based buffer overflow in Essentia Web Server 2.15 for Windows allows remote attackers to execute arbitrary code via a long URI, as demonstrated by a GET or HEAD request. NOTE: some of these details are obtained from third party information.
by CorryL
EIP-2026-111106 EXPLOITDB perl VERIFIED
PHPKIT 1.6.1R2 - 'search_user' SQL Injection
by x23
EIP-2026-111104 EXPLOITDB perl VERIFIED
PHPKit 1.6.1 - 'popup.php' SQL Injection
by x23
CVE-2006-5505 EXPLOITDB perl VERIFIED
PHP File Inclusion - RCE
Multiple PHP file inclusion vulnerabilities in 2BGal 3.0 allow remote attackers to execute arbitrary PHP code via the lang parameter to (1) admin/configuration.inc.php, (2) admin/creer_album.inc.php, (3) admin/changepwd.php.inc, and unspecified other files. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
by Kw3[R]Ln
CVE-2006-5614 EXPLOITDB perl VERIFIED
Microsoft Windows NT Helper Components - Denial of Service
Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a malformed DNS query, which results in a null pointer dereference.
by x82
EIP-2026-118966 EXPLOITDB perl VERIFIED
Novell eDirectory 8.8 - NDS Server Remote Stack Overflow
by FistFuXXer
CVE-2006-7132 EXPLOITDB perl VERIFIED
Cynux Softwares Phpmydesk - Path Traversal
Directory traversal vulnerability in pmd-config.php in PHPMyDesk 1.0beta allows remote attackers to include arbitrary local files via the pmdlang parameter to viewticket.php.
by Kw3[R]Ln
By Source
All 2,814 Exploitdb 50,121 Writeup 46,831 Nomisec 21,202 Metasploit 3,189 Github 2,265 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,745 c 3,550 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 73 go 41 postscript 25 xml 24