Exploitdb Exploits

2,809 exploits tracked across all sources.

Sort: Activity Stars
CVE-2006-7235 EXPLOITDB perl VERIFIED
Teamtek Universal FTP Server 1.0.50 - Denial of Service via STOR or MKD Command
Teamtek Universal FTP Server 1.0.50 allows remote attackers to cause a denial of service (daemon crash or hang) via (1) multiple STOR (aka PUT) commands, or an MKD command followed by (2) a '*' argument, (3) a '|' argument, (4) spaces, or (5) a long string. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Adriel T. Desautels
CVE-2006-7185 EXPLOITDB perl VERIFIED
CMSmelborp Beta - Remote File Inclusion via relative_root Parameter
PHP remote file inclusion vulnerability in includes/user_standard.php in CMSmelborp Beta allows remote attackers to execute arbitrary PHP code via a URL in the relative_root parameter.
by DeltahackingTEAM
CVE-2006-5880 EXPLOITDB perl VERIFIED
Munch Pro 1.0 - SQL Injection via subMenu Page catid Parameter
SQL injection vulnerability on the subMenu page in switch.asp in Munch Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
by ajann
CVE-2006-5887 EXPLOITDB perl VERIFIED
Dynamic Dataworx NuSchool 1.0 - SQL Injection via CampusNewsDetails.asp NewsID Parameter
SQL injection vulnerability in CampusNewsDetails.asp in Dynamic Dataworx NuSchool 1.0 allows remote attackers to execute arbitrary SQL commands via the NewsID parameter.
by ajann
CVE-2006-5886 EXPLOITDB perl VERIFIED
Dynamic Dataworx NuRealestate 1.0 - SQL Injection via PropID Parameter
SQL injection vulnerability in propertysdetails.asp in Dynamic Dataworx NuRealestate (NuRems) 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the PropID parameter.
by ajann
CVE-2006-5881 EXPLOITDB perl VERIFIED
Dynamic Dataworx NuCommunity 1.0 - SQL Injection via cl_cat_ID Parameter
SQL injection vulnerability in cl_CatListing.asp in Dynamic Dataworx NuCommunity 1.0 allows remote attackers to execute arbitrary SQL commands via the cl_cat_ID parameter.
by ajann
CVE-2006-5866 EXPLOITDB perl VERIFIED
phpmanta < 1.0.2 - Directory Traversal via File Parameter
Directory traversal vulnerability in Mdoc/view-sourcecode.php for phpManta 1.0.2 and earlier allows remote attackers to read and include arbitrary files via ".." sequences in the file parameter.
by ajann
CVE-2006-5892 EXPLOITDB perl VERIFIED
ASPired2Poll < 1.0 - SQL Injection via MoreInfo.asp id Parameter
SQL injection vulnerability in MoreInfo.asp in The Net Guys ASPired2Poll 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by ajann
EIP-2026-109028 EXPLOITDB perl VERIFIED
KnowledgeBuilder 2.2 - 'visEdit_Control.Class.php' Remote File Inclusion
by igi
CVE-2006-5852 EXPLOITDB perl VERIFIED
OpenBase SQL <10.0.1 - Privilege Escalation
Untrusted search path vulnerability in openexec in OpenBase SQL before 10.0.1 allows local users to gain privileges via a modified PATH that references a malicious helper binary, as demonstrated by (1) cp, (2) rm, and (3) killall, different vectors than CVE-2006-5327.
by Kevin Finisterre
CVE-2006-5851 EXPLOITDB perl VERIFIED
OpenBase SQL < 10.0.1 - Arbitrary File Creation via Symlink Attack on /tmp/output
openexec in OpenBase SQL before 10.0.1 allows local users to create arbitrary files via a symlink attack on the /tmp/output file, a different vulnerability than CVE-2006-5328.
by Kevin Finisterre
CVE-2006-5787 EXPLOITDB perl VERIFIED
IPrimal Forums <20061105 - Auth Bypass
admin/index.php in IPrimal Forums as of 20061105 allows remote attackers to bypass authentication and modify user passwords via a direct request, possibly related to an authentication issue in admin/chk_admin.php.
by Bl0od3r
CVE-2006-5802 EXPLOITDB perl VERIFIED
The Web Drivers Simple Forum - SQL Injection via message_details.php id Parameter
SQL injection vulnerability in message_details.php in The Web Drivers Simple Forum, dated 20060318, allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Bl0od3r
CVE-2006-5828 EXPLOITDB perl VERIFIED
DeltaScripts PHP Classifieds <= 7.1 - SQL Injection via detail.php user_id Parameter
SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
by ajann
CVE-2006-5728 EXPLOITDB perl VERIFIED
XM Easy Personal FTP Server <= 5.2.1 - Authenticated Denial of Service via NLST Command
XM Easy Personal FTP Server 5.2.1 and earlier allows remote authenticated users to cause a denial of service via a long argument to the NLST command, possibly involving the -al flags.
by boecke
CVE-2006-5850 EXPLOITDB perl VERIFIED
Essentia Web Server 2.15 - Remote Code Execution via Long URI
Stack-based buffer overflow in Essentia Web Server 2.15 for Windows allows remote attackers to execute arbitrary code via a long URI, as demonstrated by a GET or HEAD request. NOTE: some of these details are obtained from third party information.
by CorryL
EIP-2026-111106 EXPLOITDB perl VERIFIED
PHPKIT 1.6.1R2 - 'search_user' SQL Injection
by x23
EIP-2026-111104 EXPLOITDB perl VERIFIED
PHPKit 1.6.1 - 'popup.php' SQL Injection
by x23
CVE-2006-5505 EXPLOITDB perl VERIFIED
2BGal 3.0 - Remote PHP File Inclusion via Lang Parameter
Multiple PHP file inclusion vulnerabilities in 2BGal 3.0 allow remote attackers to execute arbitrary PHP code via the lang parameter to (1) admin/configuration.inc.php, (2) admin/creer_album.inc.php, (3) admin/changepwd.php.inc, and unspecified other files. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
by Kw3[R]Ln
CVE-2006-5614 EXPLOITDB perl VERIFIED
Microsoft Windows NAT Helper Components - Denial of Service via Malformed DNS Query
Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a malformed DNS query, which results in a null pointer dereference.
by x82
EIP-2026-118966 EXPLOITDB perl VERIFIED
Novell eDirectory 8.8 - NDS Server Remote Stack Overflow
by FistFuXXer
CVE-2006-7132 EXPLOITDB perl VERIFIED
PHPMyDesk 1.0beta - Directory Traversal via pmdlang Parameter
Directory traversal vulnerability in pmd-config.php in PHPMyDesk 1.0beta allows remote attackers to include arbitrary local files via the pmdlang parameter to viewticket.php.
by Kw3[R]Ln
CVE-2006-5588 EXPLOITDB perl VERIFIED
CMS Faethon < 2.0_ultimate - Remote File Inclusion via mainpath Parameter
Multiple PHP remote file inclusion vulnerabilities in CMS Faethon 2.0 Ultimate and earlier, when register_globals and magic_quotes_gpc are enabled, allow remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter to (1) includes/rss-reader.php or (2) admin/config.php, different vectors than CVE-2006-3185.
by r0ut3r
CVE-2006-5562 EXPLOITDB perl VERIFIED
SourceForge (alexandria) 1.0.4 - RCE
PHP remote file inclusion vulnerability in include/database.php in SourceForge (aka alexandria) 1.0.4 allows remote attackers to execute arbitrary PHP code via the sys_dbtype parameter.
by Kw3[R]Ln
CVE-2006-6635 EXPLOITDB perl VERIFIED
JumbaCMS 0.0.1 - Remote File Inclusion via jcms_root_path Parameter
PHP remote file inclusion vulnerability in includes/functions.php in JumbaCMS 0.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the jcms_root_path parameter.
by Kw3[R]Ln
By Source
All 2,809 Writeup 62,302 Exploitdb 50,076 Nomisec 22,418 Github 3,633 Metasploit 3,314 Vulncheck_xdb 929 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,574 ruby 6,005 c 3,628 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 229 shell 131 go 73 postscript 25 typescript 25