Exploitdb Exploits

1,269 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-106511 EXPLOITDB php VERIFIED
DokuWiki 2006-03-09b - 'dwpage.php' System Disclosure
by rgod
EIP-2026-106510 EXPLOITDB php VERIFIED
DokuWiki 2006-03-09b - 'dwpage.php' Remote Code Execution
by rgod
CVE-2006-4636 EXPLOITDB php VERIFIED
SZEWO PhpCommander <3.0 - Path Traversal
Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
by Kacper
CVE-2006-4631 EXPLOITDB php VERIFIED
SoftBB 0.1 - Code Injection
Direct static code injection vulnerability in admin/save_opt.php in SoftBB 0.1, and possibly earlier, allows remote authenticated users to upload and execute arbitrary PHP code via the cache_forum parameter, which saves the code to info_options.php, which is accessible via a direct request.
by Kacper
EIP-2026-110746 EXPLOITDB php VERIFIED
PHP Proxima 6 - completepack Remote Code Execution
by Kacper
EIP-2026-110590 EXPLOITDB php VERIFIED
pHNews alpha 1 - 'templates_dir' Remote Code Execution
by Kacper
EIP-2026-111377 EXPLOITDB php VERIFIED
PmWiki 2.1.19 - 'Zend_Hash_Del_Key_Or_Index' Remote Command Execution
by rgod
CVE-2006-4602 EXPLOITDB php VERIFIED
Tikiwiki Cms/groupware - Unrestricted File Upload
Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is uploaded to the img/wiki/ directory.
by rgod
EIP-2026-110358 EXPLOITDB php VERIFIED
osCommerce 2.1/2.2 - 'product_info.php' SQL Injection
by GulfTech Security
CVE-2006-4458 EXPLOITDB php VERIFIED
Phpgroupware - Path Traversal
Directory traversal vulnerability in calendar/inc/class.holidaycalc.inc.php in phpGroupWare 0.9.16.010 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in the GLOBALS[phpgw_info][user][preferences][common][country] parameter.
by Kacper
EIP-2026-106662 EXPLOITDB php VERIFIED
e107 < 0.75 - GLOBALS Overwrite Remote Code Execution
by rgod
EIP-2026-108027 EXPLOITDB php VERIFIED
iziContents RC6 - Remote Code Execution
by Kacper
CVE-2006-4536 EXPLOITDB php VERIFIED
Cms Frogss - SQL Injection
SQL injection vulnerability in module/rejestracja.php in CMS Frogss 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the podpis parameter.
by Kacper
CVE-2006-4420 EXPLOITDB php VERIFIED
Phaos - Path Traversal
Directory traversal vulnerability in include_lang.php in Phaos 0.9.2 allows remote attackers to include arbitrary local files via ".." sequences in the lang parameter.
by Kacper
EIP-2026-109423 EXPLOITDB php VERIFIED
MercuryBoard 1.1.4 - 'User-Agent' SQL Injection
by rgod
EIP-2026-112109 EXPLOITDB php VERIFIED
Simple Machines Forum (SMF) 1.1 rc2 - Lock Topics
by rgod
EIP-2026-112108 EXPLOITDB php VERIFIED
Simple Machines Forum (SMF) 1.1 rc2 (Windows) - 'lngfile' Local File Inclusion
by rgod
EIP-2026-108832 EXPLOITDB php VERIFIED
Joomla! Component Poll 1.0.10 - Arbitrary Add Votes
by trueend5
CVE-2006-4267 EXPLOITDB php VERIFIED
Devellion Cubecart - SQL Injection
Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) oid parameter in modules/gateway/Protx/confirmed.php and the (2) x_invoice_num parameter in modules/gateway/Authorize/confirmed.php.
by rgod
CVE-2006-4020 EXPLOITDB php VERIFIED
PHP <5.1.4 & <4.4.3 - Buffer Overflow
scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read.
by Andi
CVE-2006-4191 EXPLOITDB php VERIFIED
XMB Software Extreme Message Board < 1.9.6 - Path Traversal
Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
by rgod
EIP-2026-104696 EXPLOITDB php VERIFIED
PHP 4.4.3/5.1.4 - 'objIndex' Local Buffer Overflow
by Heintz
CVE-2006-4043 EXPLOITDB php VERIFIED
myWebland myBloggie <2.1.4 - Info Disclosure
index.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message.
by rgod
CVE-2006-4455 EXPLOITDB php VERIFIED
Xchat < 2.6.7 - Denial of Service
Unspecified vulnerability in Xchat 2.6.7 and earlier allows remote attackers to cause a denial of service (crash) via unspecified vectors involving the PRIVMSG command. NOTE: the vendor has disputed this vulnerability, stating that it does not affect 2.6.7 "or any recent version"
by ratboy
CVE-2006-4042 EXPLOITDB php VERIFIED
Mywebland Mybloggie < 2.1.4 - SQL Injection
Multiple SQL injection vulnerabilities in trackback.php in myWebland myBloggie 2.1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) title, (2) url, (3) excerpt, or (4) blog_name parameters.
by rgod
By Source
All 1,269 Exploitdb 50,121 Writeup 46,692 Nomisec 21,135 Metasploit 3,189 Github 2,237 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,731 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 260 c++ 246 shell 68 go 41 postscript 25 xml 24