Exploitdb Exploits

1,269 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-4796 EXPLOITDB php VERIFIED
glFusion <1.1.2 - SQL Injection
Multiple SQL injection vulnerabilities in the ExecuteQueries function in private/system/classes/listfactory.class.php in glFusion 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) order and (2) direction parameters to search.php.
by Nine:Situations:Group
EIP-2026-111084 EXPLOITDB php VERIFIED
PHPizabi 0.848b C1 HFP1-3 - Arbitrary File Upload
by EgiX
CVE-2008-6842 EXPLOITDB php VERIFIED
Pluck - Path Traversal
Directory traversal vulnerability in data/modules/blog/module_pages_site.php in Pluck 4.6.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the post parameter.
by Alfons Luja
EIP-2026-111085 EXPLOITDB php VERIFIED
PHPizabi 0.848b C1 HFP1-3 - Remote Command Execution
by YOUCODE
CVE-2009-1068 EXPLOITDB php VERIFIED
Bsplayer Bs.player - Memory Corruption
Stack-based buffer overflow in BS.Player (bsplayer) 2.32 Build 975 Free and 2.34 Build 980 PRO and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long hostname in a .bsl playlist file.
by Nine:Situations:Group
CVE-2009-1039 EXPLOITDB php VERIFIED
Cdex - Memory Corruption
Buffer overflow in CDex 1.70b2 allows remote attackers to execute arbitrary code via a crafted Info header in an Ogg Vorbis (.ogg) file.
by Nine:Situations:Group
EIP-2026-108374 EXPLOITDB php VERIFIED
Joomla! Component com_iJoomla_archive - Blind SQL Injection
by Stack
EIP-2026-108328 EXPLOITDB php VERIFIED
Joomla! Component com_digistore - 'pid' Blind SQL Injection
by InjEctOr5
CVE-2008-6178 EXPLOITDB php VERIFIED
Fckeditor - Code Injection
Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploading this file via a FileUpload action with the application/zip content type, and then accessing this file via a direct request to the file in UserFiles/File/, probably a related issue to CVE-2005-4094. NOTE: some of these details are obtained from third party information.
by Sp3shial
CVE-2009-0528 EXPLOITDB php VERIFIED
Rhadrix If-CMS <2.07 - SQL Injection
SQL injection vulnerability in frame.php in Rhadrix If-CMS 2.07 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by darkjoker
CVE-2009-0446 EXPLOITDB php VERIFIED
WEBalbum 2.4b - SQL Injection
SQL injection vulnerability in photo.php in WEBalbum 2.4b allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Mehmet Ince
CVE-2009-0445 EXPLOITDB php VERIFIED
Dreampics Gallery Builder - SQL Injection
SQL injection vulnerability in index.php in Dreampics Gallery Builder allows remote attackers to execute arbitrary SQL commands via the exhibition_id parameter in a gallery.viewPhotos action.
by Mehmet Ince
CVE-2009-0517 EXPLOITDB php VERIFIED
phpSlash <0.8.1.1 - Code Injection
Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tz_env.class. NOTE: some of these details are obtained from third party information.
by DarkFig
EIP-2026-110995 EXPLOITDB php VERIFIED
phpBLASTER 1.0 RC1 - Blind SQL Injection
by darkjoker
EIP-2026-105995 EXPLOITDB php VERIFIED
CMS Mini 0.2.2 - Remote Command Execution
by darkjoker
CVE-2009-0754 EXPLOITDB php VERIFIED
PHP <4.4.4, <5.1.6 - Code Injection
PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
by strategma
CVE-2009-0394 EXPLOITDB php VERIFIED
PLEs CMS 1.0 beta 4.2 - SQL Injection
SQL injection vulnerability in login.php in Pre Lecture Exercises (PLEs) CMS 1.0 beta 4.2 allows remote attackers to execute arbitrary SQL commands via the school parameter.
by darkjoker
EIP-2026-111115 EXPLOITDB php VERIFIED
phpList 2.10.x - Remote Code Execution / Local File Inclusion
by mozi
EIP-2026-109208 EXPLOITDB php VERIFIED
Lore 1.5.6 - 'article.php' Blind SQL Injection
by OzX
CVE-2009-0406 EXPLOITDB php VERIFIED
Community CMS <0.4 - SQL Injection
SQL injection vulnerability in index.php in Community CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by darkjoker
CVE-2009-0407 EXPLOITDB php VERIFIED
PHP-CMS Project 1 - SQL Injection
SQL injection vulnerability in admin/login.php in PHP-CMS Project 1 allows remote attackers to execute arbitrary SQL commands via the username parameter.
by darkjoker
CVE-2009-0295 EXPLOITDB php VERIFIED
ITLPoll 2.7-2 - SQL Injection
SQL injection vulnerability in index.php in Information Technology Light Poll Information (ITLPoll) 2.7 Stable 2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
by fuzion
EIP-2026-109284 EXPLOITDB php VERIFIED
Mambo Component com_sim 0.8 - Blind SQL Injection
by Mehmet Ince
EIP-2026-101448 EXPLOITDB php VERIFIED
Siemens ADSL SL2-141 - Cross-Site Request Forgery
by spdr
CVE-2009-0279 EXPLOITDB php VERIFIED
Pardal CMS <0.2.0 - SQL Injection
SQL injection vulnerability in comentar.php in Pardal CMS 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by darkjoker
By Source
All 1,269 Exploitdb 50,123 Writeup 46,610 Nomisec 21,121 Metasploit 3,189 Github 2,231 Vulncheck_xdb 900 Inthewild 518 Gitlab 438 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,731 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 259 c++ 245 shell 68 go 41 postscript 25 xml 24