Exploitdb Exploits

1,269 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-0379 EXPLOITDB php VERIFIED
Joomla! com_pcchess - SQL Injection
SQL injection vulnerability in the Prince Clan Chess Club (com_pcchess) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a showgame action to index.php, a different vector than CVE-2008-0761.
by InjEctOr5
CVE-2009-0333 EXPLOITDB php VERIFIED
Joomla! - SQL Injection
SQL injection vulnerability in the WebAmoeba (WA) Ticket System (com_waticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php.
by InjEctOr5
CVE-2009-0421 EXPLOITDB php VERIFIED
Joomla! 1.6.x - SQL Injection
SQL injection vulnerability in the Eventing (com_eventing) 1.6.x component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
by InjEctOr5
CVE-2009-0425 EXPLOITDB php VERIFIED
Blue Eye CMS <1.0.0 - SQL Injection
SQL injection vulnerability in index.php in Blue Eye CMS 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the clanek parameter.
by darkjoker
EIP-2026-104103 EXPLOITDB php VERIFIED
TeamSpeak 2.0.23.17 - Remote File Disclosure
by c411k
EIP-2026-104656 EXPLOITDB php VERIFIED
PHP 5.2.8 - 'popen()' Function Buffer Overflow
by e.wiZz!
EIP-2026-112042 EXPLOITDB php VERIFIED
Silentum Uploader 1.4.0 - Remote File Deletion
by Danny Moules
EIP-2026-111127 EXPLOITDB php VERIFIED
phpMDJ 1.0.3 - 'id_animateur' Blind SQL Injection
by darkjoker
EIP-2026-114460 EXPLOITDB php VERIFIED
XOOPS 2.3.2 - 'mydirname' PHP Remote Code Execution
by StAkeR
EIP-2026-106306 EXPLOITDB php VERIFIED
CuteNews 1.4.6 - 'ip ban' Authorized Cross-Site Scripting / Command Execution
by StAkeR
CVE-2009-0113 EXPLOITDB php VERIFIED
Joomla! <1.5.8 - Path Traversal
Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.5.8 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the X_CMS_LIBRARY_PATH HTTP header.
by irk4z
CVE-2009-0110 EXPLOITDB php VERIFIED
RiotPix <0.61 - SQL Injection
SQL injection vulnerability in read.php in RiotPix 0.61 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
by cOndemned
EIP-2026-109177 EXPLOITDB php VERIFIED
Lito Lite CMS - Multiple Cross-Site Scripting / Blind SQL Injection Vulnerabilities
by darkjoker
CVE-2008-5821 EXPLOITDB php VERIFIED
WebKit <3.2 - DoS
Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote attackers to cause a denial of service (memory consumption and browser crash) via a long ALINK attribute in a BODY element in an HTML document.
by Pr0T3cT10n
EIP-2026-104706 EXPLOITDB php VERIFIED
suPHP 0.7 - 'suPHP_ConfigPath' / 'Safe_Mode()' Restriction Bypass
by Mr.SaFa7
CVE-2008-6919 EXPLOITDB php VERIFIED
Taskdriver < 1.3 - Authentication Bypass
profileedit.php TaskDriver 1.3 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "fook!admin."
by cOndemned
CVE-2008-6853 EXPLOITDB php VERIFIED
Netcat - SQL Injection
SQL injection vulnerability in modules/poll/index.php in AIST NetCat 3.0 and 3.12 allows remote attackers to execute arbitrary SQL commands via the PollID parameter.
by s4avrd0w
CVE-2008-5731 EXPLOITDB php VERIFIED
PGP Desktop <9.0.6-9.9.0 - DoS
The PGPwded device driver (aka PGPwded.sys) in PGP Corporation PGP Desktop 9.0.6 build 6060 and 9.9.0 build 397 allows local users to cause a denial of service (system crash) and possibly gain privileges via a certain METHOD_BUFFERED IOCTL request that overwrites portions of memory, related to a "Driver Collapse." NOTE: some of these details are obtained from third party information.
by Evilcry
CVE-2008-5727 EXPLOITDB php VERIFIED
AIST NetCat <3.12 - SQL Injection
SQL injection vulnerability in modules/auth/password_recovery.php in AIST NetCat 3.12 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the query string.
by s4avrd0w
CVE-2008-6345 EXPLOITDB php VERIFIED
Cms.maury91 Solarcms - SQL Injection
SQL injection vulnerability in Forum.php in SolarCMS 0.53.8 and 1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter to indes.php. NOTE: some of these details are obtained from third party information.
by StAkeR
EIP-2026-101037 EXPLOITDB php VERIFIED
Linksys WAG54G v2 Wireless ADSL Router - HTTPd Denial of Service
by r0ut3r
CVE-2008-6752 EXPLOITDB php VERIFIED
Revou - Improper Input Validation
adminlogin/password.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging does not verify the original password before changing passwords, which allows remote attackers to change the administrator's password and gain privileges via a direct request with modified newpass1 and newpass2 parameters in a Change operation.
by G4N0K
EIP-2026-104815 EXPLOITDB php VERIFIED
2532/Gigs 1.2.2 Stable - Remote Command Execution
by StAkeR
EIP-2026-105039 EXPLOITDB php VERIFIED
Aiyoota! CMS - Blind SQL Injection
by Lidloses_Auge
EIP-2026-107003 EXPLOITDB php VERIFIED
EZ Publish < 3.9.5/3.10.1/4.0.1 - 'token' Privilege Escalation
by s4avrd0w
By Source
All 1,269 Exploitdb 50,123 Writeup 46,610 Nomisec 21,121 Metasploit 3,189 Github 2,231 Vulncheck_xdb 900 Inthewild 518 Gitlab 438 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,731 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 259 c++ 245 shell 68 go 41 postscript 25 xml 24