Exploitdb Exploits

2,814 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-107615 EXPLOITDB perl VERIFIED
Horde Help Viewer 3.1 - Remote Command Execution
by deese
CVE-2006-1667 EXPLOITDB perl VERIFIED
Eric Gerdes Crafty Syntax Image Gallery <3.1g - SQL Injection
SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to execute arbitrary SQL commands via the limitquery_s parameter when the $projectid variable is less than 1, which prevents the $limitquery_s from being set within slides.php.
by undefined1_
CVE-2006-1664 EXPLOITDB perl VERIFIED
libxine <1.14 - RCE
Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream.
by Federico L. Bossi Bonin
EIP-2026-107826 EXPLOITDB perl VERIFIED
INDEXU 5.0.1 - 'base_path' Remote File Inclusion
by K-159
CVE-2006-1668 EXPLOITDB perl VERIFIED
Eric Gerdes Crafty Syntax Image Gallery <3.1g - Authenticated RCE
newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to upload and execute arbitrary PHP code via a multipart/form-data POST with a .jpg filename in the fullimage parameter and the ext parameter set to .php.
by undefined1_
EIP-2026-105182 EXPLOITDB perl VERIFIED
AngelineCMS 0.8.1 - 'installpath' Remote File Inclusion
by K-159
CVE-2008-1110 EXPLOITDB perl VERIFIED
xine-lib <1.1.10 - RCE
Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in the xineplug_dmx_asf.so plugin in xine-lib before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted ASF header. NOTE: this issue leads to a crash when an attack uses the CVE-2006-1664 exploit code, but it is different from CVE-2006-1664.
by Federico L. Bossi Bonin
EIP-2026-113161 EXPLOITDB perl VERIFIED
VWar 1.5.0 R12 - Remote File Inclusion
by uid0
EIP-2026-102689 EXPLOITDB perl VERIFIED
mpg123 0.59r - Malformed .mp3 (SIGSEGV) (PoC)
by nitr0us
CVE-2006-1610 EXPLOITDB perl VERIFIED
SQuery <4.5 - RCE
PHP remote file inclusion vulnerability in lib/armygame.php in SQuery 4.5 and earlier, as used in products such as Autonomous LAN party (ALP), allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter. NOTE: this only occurs when register_globals is disabled.
by uid0
CVE-2006-1688 EXPLOITDB perl VERIFIED
SQuery 4.5- - RCE
Multiple PHP remote file inclusion vulnerabilities in SQuery 4.5 and earlier, as used in products such as Autonomous LAN party (ALP), allow remote attackers to execute arbitrary PHP code via a URL in the libpath parameter to scripts in the lib directory including (1) ase.php, (2) devi.php, (3) doom3.php, (4) et.php, (5) flashpoint.php, (6) gameSpy.php, (7) gameSpy2.php, (8) gore.php, (9) gsvari.php, (10) halo.php, (11) hlife.php, (12) hlife2.php, (13) igi2.php, (14) main.lib.php, (15) netpanzer.php, (16) old_hlife.php, (17) pkill.php, (18) q2a.php, (19) q3a.php, (20) qworld.php, (21) rene.php, (22) rvbshld.php, (23) savage.php, (24) simracer.php, (25) sof1.php, (26) sof2.php, (27) unreal.php, (28) ut2004.php, and (29) vietcong.php. NOTE: the lib/armygame.php vector is already covered by CVE-2006-1610. The provenance of most of these additional vectors is unknown, although likely from post-disclosure analysis. NOTE: this only occurs when register_globals is disabled.
by uid0
EIP-2026-111200 EXPLOITDB perl VERIFIED
PHPSelect Submit-A-Link - HTML Injection
by s3rv3r_hack3r
EIP-2026-111176 EXPLOITDB perl VERIFIED
PHPNuke-Clan 3.0.1 - 'vwar_root2' Remote File Inclusion
by uid0
CVE-2006-1541 EXPLOITDB perl VERIFIED
EzASPSite <2.0 RC3 - SQL Injection
SQL injection vulnerability in Default.asp in EzASPSite 2.0 RC3 and earlier allows remote attackers to execute arbitrary SQL commands and obtain the SHA1 hash of the admin password via the Scheme parameter.
by nukedx
EIP-2026-114745 EXPLOITDB perl VERIFIED
Tru64 UNIX 5.0 (Rev. 910) - rdist NLSPATH Buffer Overflow
by Kevin Finisterre
EIP-2026-114744 EXPLOITDB perl VERIFIED
Tru64 UNIX 5.0 (Rev. 910) - edauth NLSPATH Buffer Overflow
by Kevin Finisterre
EIP-2026-107501 EXPLOITDB perl VERIFIED
GreyMatter WebLog 1.21d - Remote Command Execution (2)
by Hessam-x
CVE-2006-0323 EXPLOITDB perl VERIFIED
Realnetworks Helix Player - Memory Corruption
Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations.
by Federico L. Bossi Bonin
EIP-2026-105350 EXPLOITDB perl VERIFIED
Aztek Forum 4.0 - 'myadmin.php' User Privilege Escalation
by Sparah
CVE-2006-1412 EXPLOITDB perl VERIFIED
TFT Gallery 0.10 - Info Disclosure
TFT Gallery 0.10 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the admin password file and obtain password hashes via a direct request to admin/passwd.
by undefined1_
CVE-2006-1481 EXPLOITDB perl VERIFIED
PHP Ticket 0.71 - SQL Injection
SQL injection vulnerability in search.php in PHP Ticket 0.71 allows remote authenticated users to execute arbitrary SQL commands and obtain usernames and passwords via the frm_search_in parameter.
by undefined1_
CVE-2006-0323 EXPLOITDB perl VERIFIED
Realnetworks Helix Player - Memory Corruption
Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations.
by Federico L. Bossi Bonin
CVE-2006-1353 EXPLOITDB perl VERIFIED
ASPPortal <3.1.1 - SQL Injection
Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the downloadid parameter in download_click.asp and (2) content_ID parameter in news/News_Item.asp; authenticated administrators can also conduct attacks via (3) user_id parameter to users/add_edit_user.asp, (4) bannerid parameter to banner_adds/banner_add_edit.asp, (5) cat_id parameter to categories/add_edit_cat.asp, (6) Content_ID parameter to News/add_edit_news.asp, (7) download_id parameter to downloads/add_edit_download.asp, (8) Poll_ID parameter to poll/add_edit_poll.asp, (9) contactid parameter to contactus/contactus_add_edit.asp, (10) sortby parameter to poll/poll_list.asp, and (11) unspecified inputs to downloads/add_edit_download.asp.
by nukedx
CVE-2006-0940 EXPLOITDB perl VERIFIED
ShoutLIVE 1.1.0 - Code Injection
Multiple direct static code injection vulnerabilities in savesettings.php in ShoutLIVE 1.1.0 allow remote attackers to execute arbitrary PHP code via variables that are written to settings.php.
by DarkFig
CVE-2006-1333 EXPLOITDB perl VERIFIED
BetaParticle Blog <=6.0 - SQL Injection
Multiple SQL injection vulnerabilities in BetaParticle Blog 6.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to template_permalink.asp or (2) fldGalleryID parameter to template_gallery_detail.asp.
by nukedx
By Source
All 2,814 Exploitdb 50,121 Writeup 46,839 Nomisec 21,209 Metasploit 3,189 Github 2,279 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,750 c 3,551 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 73 go 41 postscript 25 xml 24