Exploitdb Exploits

2,814 exploits tracked across all sources.

Sort: Activity Stars
CVE-2005-4270 EXPLOITDB perl VERIFIED
Watchfire Appscan QA - Buffer Overflow
Buffer overflow in Watchfire AppScan QA 5.0.609 and 5.0.134 allows remote web servers to execute arbitrary code via an HTTP 401 response with a WWW-Authenticate header containing a long Realm field.
by Mariano Nuñez
CVE-2005-4296 EXPLOITDB perl VERIFIED
AppServ Open Project 2.5.3 - DoS
AppServ Open Project 2.5.3 allows remote attackers to cause a denial of service via a large HTTP request.
by Rozor
CVE-2005-4080 EXPLOITDB perl VERIFIED
Horde Imp - XSS
Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings that will be executed when viewed using Internet Explorer, which ignores the characters.
by SEC Consult
CVE-2005-3995 EXPLOITDB perl VERIFIED
Sobexsrv <1.0.0-pre4 - RCE
Format string vulnerability in the dosyslog function in the OBEX server (obexsrv.c) for Sobexsrv before 1.0.0-pre4, when the syslog (-S) function is enabled, allows remote attackers to execute arbitrary code via format string specifiers in file name arguments to OBEX commands.
by Kevin Finisterre
CVE-2005-3862 EXPLOITDB perl VERIFIED
Unalz - Buffer Overflow
Buffer overflow in unalz before 0.53 allows remote attackers to execute arbitrary code via long file names in ALZ archives.
by Ulf Harnhammar
CVE-2005-3774 EXPLOITDB perl VERIFIED
Cisco Pix - Denial of Service
Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system, including (1) SYN packets with invalid checksums, which do not result in a RST; or, from an external interface, (2) one byte of "meaningless data," or (3) a TTL that is one less than needed to reach the internal destination.
by Janis Vizulis
CVE-2005-3774 EXPLOITDB perl VERIFIED
Cisco Pix - Denial of Service
Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system, including (1) SYN packets with invalid checksums, which do not result in a RST; or, from an external interface, (2) one byte of "meaningless data," or (3) a TTL that is one less than needed to reach the internal destination.
by Janis Vizulis
CVE-2005-3640 EXPLOITDB perl VERIFIED
Floosietek Ftgate - Memory Corruption
Multiple buffer overflows in the IMAP Groupware Mail server of Floosietek FTGate (FTGate4) 4.1 allow remote attackers to execute arbitrary code via long arguments to various IMAP commands, as demonstrated with the EXAMINE command.
by Luca Ercoli
CVE-2005-4218 EXPLOITDB perl VERIFIED
Phpwebthings - SQL Injection
SQL injection vulnerability in forum.php in PHPWebThings 1.4 allows remote attackers to execute arbitrary SQL commands via the msg parameter, a different vulnerability than CVE-2005-3585.
by AhLam
CVE-2005-3792 EXPLOITDB perl VERIFIED
Francisco Burzi Php-nuke - SQL Injection
Multiple SQL injection vulnerabilities in the Search module in PHP-Nuke 7.8, and possibly other versions before 7.9 with patch 3.1, allows remote attackers to execute arbitrary SQL commands, as demonstrated via the query parameter in a stories type.
by anonymous
CVE-2005-3682 EXPLOITDB perl VERIFIED
Wizz Forum - SQL Injection
Multiple SQL injection vulnerabilities in Wizz Forum 1.20 allow remote attackers to execute arbitrary SQL commands via (1) the AuthID parameter in ForumAuthDetails.php, and the TopicID parameter in (2) ForumTopicDetails.php and (3) ForumReply.php.
by HACKERS PAL
CVE-2005-3575 EXPLOITDB perl VERIFIED
Cynox Cyphor < 0.19 - SQL Injection
SQL injection vulnerability in show.php in Cyphor 0.19 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by HACKERS PAL
CVE-2005-3566 EXPLOITDB perl VERIFIED
Symantec Veritas Cluster Server - Buffer Overflow
Buffer overflow in various ha commands of VERITAS Cluster Server for UNIX before 4.0MP2 allows local users to execute arbitrary code via a long VCSI18N_LANG environment variable to (1) haagent, (2) haalert, (3) haattr, (4) hacli, (5) hacli_runcmd, (6) haclus, (7) haconf, (8) hadebug, (9) hagrp, (10) hahb, (11) halog, (12) hareg, (13) hares, (14) hastatus, (15) hasys, (16) hatype, (17) hauser, and (18) tststew.
by Kevin Finisterre
CVE-2005-3523 EXPLOITDB perl VERIFIED
GpsDrive - RCE
Format string vulnerability in friendsd2 in GpsDrive allows remote attackers to execute arbitrary code via the dir (direction) field.
by Kevin Finisterre
CVE-2005-3523 EXPLOITDB perl VERIFIED
GpsDrive - RCE
Format string vulnerability in friendsd2 in GpsDrive allows remote attackers to execute arbitrary code via the dir (direction) field.
by Kevin Finisterre
CVE-2005-3508 EXPLOITDB perl VERIFIED
Galerie - SQL Injection
SQL injection vulnerability in showGallery.php in Gallery (Galerie) 2.4 allows remote attackers to execute arbitrary SQL commands via the galid parameter.
EIP-2026-113160 EXPLOITDB perl VERIFIED
VuBB Forum RC1 - 'm' SQL Injection
by Devil-00
EIP-2026-103162 EXPLOITDB perl VERIFIED
Lynx 2.8.6dev.13 - Remote Buffer Overflow
by xwings
CVE-2005-3423 EXPLOITDB perl VERIFIED
Subdreamer - SQL Injection
Multiple SQL injection vulnerabilities in Subdreamer 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the loginusername parameter or (2) cookies to (a) subdreamer.php, (b) ipb2.php, (c) phpbb2.php, (d) vbulletin2.php, and (e) vbulletin3.php.
by RusH
EIP-2026-100219 EXPLOITDB perl VERIFIED
Comersus Backoffice 4.x/5.0/6.0 - '/comersus/database/comersus.mdb' Direct Request Database Disclosure
by _6mO_HaCk
CVE-2005-3369 EXPLOITDB perl VERIFIED
Woltlab Burning Board <2.7 - SQL Injection
Multiple SQL injection vulnerabilities in the Info-DB module (info_db.php) in Woltlab Burning Board 2.7 and earlier allow remote attackers to execute arbitrary SQL commands and possibly upload files via the (1) fileid and (2) subkatid parameters.
CVE-2005-4656 EXPLOITDB perl VERIFIED
TClanPortal <1.1.3 - SQL Injection
SQL injection vulnerability in index.php in TClanPortal 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands, and retrieve all usernames and passwords, via the id parameter.
by Devil-00
CVE-2005-3326 EXPLOITDB perl VERIFIED
Mybulletinboard - SQL Injection
SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the awayday parameter.
by Animal
CVE-2005-3305 EXPLOITDB perl VERIFIED
Nuked-klan - SQL Injection
Multiple SQL injection vulnerabilities in Nuked Klan 1.7 allow remote attackers to execute arbitrary SQL commands via the (1) forum_id or (2) thread_id parameter in the Forum file, (3) the link_id in the Links file, (4) the artid parameter in the Sections file, and (5) the dl_id parameter in the Download file.
by papipsycho
EIP-2026-103593 EXPLOITDB perl VERIFIED
Net Portal Dynamic System 5.0 - Register Users Denial of Service
by DarkFig
By Source
All 2,814 Exploitdb 50,121 Writeup 46,839 Nomisec 21,211 Metasploit 3,189 Github 2,279 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,750 c 3,551 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 73 go 41 postscript 25 xml 24