Exploitdb Exploits

2,809 exploits tracked across all sources.

Sort: Activity Stars
CVE-2005-1931 EXPLOITDB perl VERIFIED
GoodTech SMTP Server 5.14 - Denial of Service via RCPT TO Command
GoodTech SMTP Server 5.14 allows remote attackers to cause a denial of service (application crash) via a RCPT TO command with an invalid argument, as demonstrated using an "A" character.
by Reed Arvin
CVE-2005-1701 EXPLOITDB perl VERIFIED
PortailPHP 1.3 - SQL Injection via id Parameter
SQL injection vulnerability in PortailPHP 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter to the (1) News, (2) File, (3) Liens, or (4) Faq modules.
by Alberto Trivero
CVE-2005-1777 EXPLOITDB perl VERIFIED
PostNuke 0.750 - SQL Injection via readpmsg.php start Parameter
SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to execute arbitrary SQL commands via the start parameter.
by K-C0d3r
CVE-2005-1833 EXPLOITDB perl VERIFIED
MyBulletinBoard < 1.00_rc4 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to calendar.php, (2) idsql parameter to online.php, (3) usersearch parameter to memberlist.php, (4) pid parameter to editpost.php, (5) fid parameter to forumdisplay.php, (6) tid parameter to newreply.php, (7) sid parameter to search.php, (8) tid or (9) pid parameter to showthread.php, (10) tid parameter to usercp2.php, (11) tid parameter to printthread.php, or (12) pid parameter to reputation.php.
by Alberto Trivero
CVE-2005-1500 EXPLOITDB perl VERIFIED
myBloggie 2.1.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the keyword parameter in search.php; or (2) the date_no parameter in viewdate mode, (3) the cat_id parameter in viewcat mode, the (4) month_no or (5) year parameter in viewmonth mode, or (6) post_id parameter in viewid mode to index.php. NOTE: item (1) was discovered to affect 2.1.3 as well.
by Alberto Trivero
CVE-2005-1787 EXPLOITDB perl VERIFIED
phpstat 1.5 - Unauthenticated Authentication Bypass via $check Variable
setup.php in phpStat 1.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the $check variable.
by Alpha_Programmer
CVE-2005-1598 EXPLOITDB perl VERIFIED
Invision Power Board <= 2.0.3 - SQL Injection via Cookie Password Hash
SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash (pass_hash) that modifies the internal $pid variable.
by Petey Beege
CVE-2005-1779 EXPLOITDB perl VERIFIED
MaxWebPortal 1.35, 1.36, 2.0, 20050418 Next - SQL Injection via memKey Parameter
SQL injection vulnerability in password.asp in MaxWebPortal 1.35, 1.36, 2.0, and 20050418 Next allows remote attackers to execute arbitrary SQL commands via the memKey parameter.
by Alpha_Programmer
EIP-2026-111410 EXPLOITDB perl VERIFIED
PortailPHP 1.3 - 'ID' SQL Injection
by CENSORED Search Vulnerabilities
EIP-2026-113458 EXPLOITDB perl VERIFIED
Woltlab Burning Board 2.3.1 - 'register.php' SQL Injection
by deluxe89
CVE-2005-1628 EXPLOITDB perl VERIFIED
WebAPP 0.9.9.2.1 - Remote Command Execution via apage.cgi f Parameter
apage.cgi in WebAPP 0.9.9.2.1, and possibly earlier versions, allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter.
by Alpha_Programmer
EIP-2026-114648 EXPLOITDB perl VERIFIED
ZPanel 2.5b10 - SQL Injection
by RusH
CVE-2005-1629 EXPLOITDB perl VERIFIED
Photopost PHP Pro - SQL Injection via Verifykey Parameter
SQL injection vulnerability in member.php for Photopost PHP Pro allows remote attackers to execute arbitrary SQL commands via the verifykey parameter.
by basher13
CVE-2004-2275 EXPLOITDB perl VERIFIED
i-mall.cgi - Remote Command Execution via p Parameter
i-mall.cgi in I-Mall Commerce allows remote attackers to execute arbitrary commands via shell metacharacters via the p parameter.
by Jerome Athias
CVE-2005-1396 EXPLOITDB perl VERIFIED
Ce/Ceterm <2.5.4 - Local Privilege Escalation
Race condition in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier allows local users to write to arbitrary files via a symlink attack on the ce_edit_log temporary file.
by Kevin Finisterre
EIP-2026-115335 EXPLOITDB perl VERIFIED
Golden FTP Server Pro 2.52 - 'USER' Remote Buffer Overflow
by Reed Arvin
CVE-2005-1349 EXPLOITDB perl VERIFIED
Convert::UUlib < 1.050 - Buffer Overflow via Malformed Read Parameter
Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows remote attackers to execute arbitrary code via a malformed parameter to a read operation.
by CorryL
CVE-2005-1348 EXPLOITDB perl VERIFIED
MailEnable Enterprise < 1.04 and Professional < 1.54 - Remote Code Execution via HTTP Authorization Header
Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and earlier and Professional 1.54 and earlier allows remote attackers to execute arbitrary code via a long HTTP Authorization header.
by CorryL
CVE-2005-1289 EXPLOITDB perl VERIFIED
e-cart 2004 1.1 - Remote Command Execution via Shell Metacharacters in art Parameter
index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and possibly (2) cat parameters.
by z
CVE-2005-0560 EXPLOITDB perl VERIFIED
Exchange Server 2000 and 2003 - Remote Code Execution via X-LINK2STATE SMTP Request
Heap-based buffer overflow in the SvrAppendReceivedChunk function in xlsasink.dll in the SMTP service of Exchange Server 2000 and 2003 allows remote attackers to execute arbitrary code via a crafted X-LINK2STATE extended verb request to the SMTP port.
by Evgeny Pinchuk
CVE-2005-1134 EXPLOITDB perl VERIFIED
Serendipity <= 0.8 - SQL Injection via url_id or entry_id Parameters
SQL injection vulnerability in exit.php for Serendipity 0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) url_id or (2) entry_id parameters.
by kre0n
CVE-2005-0048 EXPLOITDB perl VERIFIED
Microsoft Windows 2000 and XP - Remote Code Execution via Malformed IP Packet Options
Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."
by Song Liu
CVE-2005-0404 EXPLOITDB perl VERIFIED
KMail 1.7.1 in KDE 3.3.2 - Email Spoofing via HTML Formatted Email
KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email information, such as whether the email has been digitally signed or encrypted, via HTML formatted email.
by Noam Rathaus
CVE-2005-0689 EXPLOITDB perl VERIFIED
The Includer - Remote Command Execution via Shell Metacharacters in URL or Template Parameter
includer.cgi in The Includer allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the URL or (2) the template parameter.
by K-C0d3r
CVE-2005-0689 EXPLOITDB perl VERIFIED
The Includer - Remote Command Execution via Shell Metacharacters in URL or Template Parameter
includer.cgi in The Includer allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the URL or (2) the template parameter.
by GreenwooD
By Source
All 2,809 Writeup 62,466 Exploitdb 50,076 Nomisec 22,446 Github 3,667 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,592 ruby 6,006 c 3,631 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 133 go 73 postscript 25 typescript 25