Exploitdb Exploits

2,814 exploits tracked across all sources.

Sort: Activity Stars
CVE-2006-5588 EXPLOITDB perl VERIFIED
CMS Faethon 2.0 Ultimate - RCE
Multiple PHP remote file inclusion vulnerabilities in CMS Faethon 2.0 Ultimate and earlier, when register_globals and magic_quotes_gpc are enabled, allow remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter to (1) includes/rss-reader.php or (2) admin/config.php, different vectors than CVE-2006-3185.
by r0ut3r
CVE-2006-5562 EXPLOITDB perl VERIFIED
SourceForge (alexandria) 1.0.4 - RCE
PHP remote file inclusion vulnerability in include/database.php in SourceForge (aka alexandria) 1.0.4 allows remote attackers to execute arbitrary PHP code via the sys_dbtype parameter.
by Kw3[R]Ln
CVE-2006-6635 EXPLOITDB perl VERIFIED
JumbaCMS 0.0.1 - RCE
PHP remote file inclusion vulnerability in includes/functions.php in JumbaCMS 0.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the jcms_root_path parameter.
by Kw3[R]Ln
CVE-2006-5478 EXPLOITDB perl VERIFIED
Novell Edirectory - Memory Corruption
Multiple stack-based buffer overflows in Novell eDirectory 8.8.x before 8.8.1 FTF1, and 8.x up to 8.7.3.8, and Novell NetMail before 3.52e FTF2, allow remote attackers to execute arbitrary code via (1) a long HTTP Host header, which triggers an overflow in the BuildRedirectURL function; or vectors related to a username containing a . (dot) character in the (2) SMTP, (3) POP, (4) IMAP, (5) HTTP, or (6) Networked Messaging Application Protocol (NMAP) Netmail services.
by Manuel Santamarina Suarez
CVE-2006-5446 EXPLOITDB perl VERIFIED
Casinosoft Casino Script - SQL Injection
SQL injection vulnerability in lobby/config.php in Casinosoft Casino Script (aka Masvet) 3.2 allows remote attackers to execute arbitrary SQL commands via the cfam parameter.
by G1UK
CVE-2006-5436 EXPLOITDB perl VERIFIED
FreeFAQ 1.0.e - RCE
PHP remote file inclusion vulnerability in index.php in FreeFAQ 1.0.e allows remote attackers to execute arbitrary PHP code via a URL in the faqpath parameter.
by Alireza Ahari
CVE-2006-5555 EXPLOITDB perl VERIFIED
EPNadmin <0.7.1 - RCE
PHP remote file inclusion vulnerability in constantes.inc.php in EPNadmin 0.7 and 0.7.1 allows remote attackers to execute arbitrary PHP code via the langage parameter.
by Kw3[R]Ln
CVE-2005-1181 EXPLOITDB perl VERIFIED
Ariadne CMS 2.4 - Code Injection
NOTE: this issue has been disputed by the vendor. PHP remote code injection vulnerability in loader.php for Ariadne CMS 2.4 allows remote attackers to execute arbitrary PHP code by modifying the ariadne parameter to reference a URL on a remote web server that contains the code. NOTE: the vendor has disputed this issue, saying that loader.php first requires the "ariadne.inc" file, which defines the $ariadne variable, and thus it cannot be modified by an attacker. In addition, CVE personnel have partially verified the dispute via source code inspection of Ariadne 2.4 as available on July 5, 2005
by Fidel Costa
CVE-2006-5444 EXPLOITDB perl VERIFIED
Digium Asterisk - Buffer Overflow
Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow.
by Noam Rathaus
CVE-2006-5399 EXPLOITDB perl VERIFIED
Phprecipebook - Code Injection
PHP remote file inclusion vulnerability in classes/Import_MM.class.php in PHPRecipeBook 2.36, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the g_rb_basedir parameter.
by r0ut3r
CVE-2006-5295 EXPLOITDB perl VERIFIED
Clam Anti-virus Clamav < 0.88.4 - Denial of Service
Unspecified vulnerability in ClamAV before 0.88.5 allows remote attackers to cause a denial of service (scanning service crash) via a crafted Compressed HTML Help (CHM) file that causes ClamAV to "read an invalid memory location."
by Damian Put
CVE-2006-5391 EXPLOITDB perl VERIFIED
Xfire < 1.6.4 - Denial of Service
Xfire 1.64 and earlier allows remote attackers to cause a denial of service (client application crash) via a long string to UDP port 25777.
by n00b
CVE-2006-5509 EXPLOITDB perl VERIFIED
Woltlab Burning Book - SQL Injection
Eval injection vulnerability in addentry.php in WoltLab Burning Book 1.1.2 allows remote attackers to execute arbitrary PHP code via crafted POST requests that store PHP code in a database that is later processed by eval, as demonstrated using SQL injection via the n parameter.
by ShAnKaR
EIP-2026-111451 EXPLOITDB perl VERIFIED
PowerMovieList 0.13/0.14 - Edit User HTML Injection
by MP
EIP-2026-104608 EXPLOITDB perl VERIFIED
Xcode OpenBase 9.1.5 (OSX) - Root File Create Privilege Escalation
by Kevin Finisterre
CVE-2006-7102 EXPLOITDB perl VERIFIED
Matthias Dietrich Phpburningportal Quiz-modul < 1.0.1 - Code Injection
Multiple PHP remote file inclusion vulnerabilities in phpBurningPortal quiz-modul 1.0.1, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the lang_path parameter to (1) quest_delete.php, (2) quest_edit.php, or (3) quest_news.php.
by r0ut3r
EIP-2026-110994 EXPLOITDB perl VERIFIED
phpBBFM 206-3-3 - 'phpbb_root_path' Remote File Inclusion
by Kamalian
EIP-2026-104607 EXPLOITDB perl VERIFIED
Xcode OpenBase 9.1.5 (OSX) - Local Privilege Escalation
by Kevin Finisterre
CVE-2006-5385 EXPLOITDB perl VERIFIED
SpamOborona <1.0b - RCE
PHP remote file inclusion vulnerability in admin/admin_spam.php in the SpamOborona 1.0b and earlier phpBB module allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
by Nima Salehi
EIP-2026-110984 EXPLOITDB perl VERIFIED
phpBB Security 1.0.1 - 'PHP_security.php' Remote File Inclusion
by Nima Salehi
CVE-2006-5418 EXPLOITDB perl VERIFIED
Phpbb Searchindexer - Code Injection
PHP remote file inclusion vulnerability in archive/archive_topic.php in pbpbb archive for search engines (SearchIndexer) (aka phpBBSEI) for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
by Nima Salehi
EIP-2026-110983 EXPLOITDB perl VERIFIED
phpBB RPG Events 1.0 - 'functions_rpg_events' Remote File Inclusion
by Nima Salehi
CVE-2006-5309 EXPLOITDB perl VERIFIED
Prillian French <0.8.0 - RCE
PHP remote file inclusion vulnerability in language/lang_french/lang_prillian_faq.php in the Prillian French 0.8.0 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
by Nima Salehi
CVE-2006-5387 EXPLOITDB perl VERIFIED
phpBB <20.272 - RCE
PHP remote file inclusion vulnerability in mods/iai/includes/constants.php in the PlusXL 20_272 and earlier phpBB module allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
by Nima Salehi
CVE-2006-5415 EXPLOITDB perl VERIFIED
News Defilante Horizontale <4.1.1 - RCE
PHP remote file inclusion vulnerability in includes/functions_newshr.php in the News Defilante Horizontale 4.1.1 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
by Nima Salehi
By Source
All 2,814 Exploitdb 50,121 Writeup 46,831 Nomisec 21,202 Metasploit 3,189 Github 2,265 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,745 c 3,550 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 73 go 41 postscript 25 xml 24