Exploitdb Exploits

4,759 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-1697 EXPLOITDB python VERIFIED
HP OpenView Network Node Manager <7.53-7.51 - Buffer Overflow
Stack-based buffer overflow in ovwparser.dll in HP OpenView Network Node Manager (OV NNM) 7.53, 7.51, and earlier allows remote attackers to execute arbitrary code via a long URI in an HTTP request processed by ovas.exe, as demonstrated by a certain topology/homeBaseView request. NOTE: some of these details are obtained from third party information.
by muts
EIP-2026-115958 EXPLOITDB python VERIFIED
Novel eDirectory HTTP - Denial of Service
by muts
CVE-2008-1855 EXPLOITDB python VERIFIED
McAfee CMA 3.6.0.574 - Memory Corruption
FrameworkService.exe in McAfee Common Management Agent (CMA) 3.6.0.574 Patch 3 and earlier, as used by ePolicy Orchestrator (ePO) and ProtectionPilot (PrP), allows remote attackers to corrupt memory and cause a denial of service (CMA Framework service crash) via a long invalid method in requests for the /spin//AVClient//AVClient.csp URI, a different vulnerability than CVE-2006-5274.
by muts
CVE-2008-1650 EXPLOITDB python VERIFIED
EasyNews 4.0 - SQL Injection
SQL injection vulnerability in dynamicpages/index.php in EasyNews 4.0 allows remote attackers to execute arbitrary SQL commands via the read parameter in an edp_Help_Internal_News action.
by Khashayar Fereidani
CVE-2008-1649 EXPLOITDB python VERIFIED
EasyNews 4.0 - XSS
Cross-site scripting (XSS) vulnerability in staticpages/easypublish/index.php in EasyNews 4.0 allows remote attackers to inject arbitrary web script or HTML via the read parameter in an edp_pupublish action.
by Khashayar Fereidani
CVE-2008-1651 EXPLOITDB python VERIFIED
EasyNews 4.0 - Path Traversal
Directory traversal vulnerability in admin/login.php in EasyNews 4.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
by Khashayar Fereidani
CVE-2008-1611 EXPLOITDB python VERIFIED
TFTP Server SP 1.4 - Buffer Overflow
Stack-based buffer overflow in TFTP Server SP 1.4 for Windows allows remote attackers to cause a denial of service or execute arbitrary code via a long filename in a read or write request.
by muts
CVE-2008-1610 EXPLOITDB python VERIFIED
TallSoft Quick TFTP Server Pro 2.1 - Buffer Overflow
Stack-based buffer overflow in TallSoft Quick TFTP Server Pro 2.1 allows remote attackers to cause a denial of service or execute arbitrary code via a long mode field in a read or write request.
by muts
EIP-2026-116031 EXPLOITDB python VERIFIED
PacketTrap Networks pt360 2.0.39 TFTPD - Remote Denial of Service
by muts
CVE-2008-6539 EXPLOITDB python VERIFIED
Holger Schurig Destar - Code Injection
Static code injection vulnerability in user/settings/ in DeStar 0.2.2-5 allows remote authenticated users to add arbitrary administrators and inject arbitrary Python code into destar_cfg.py via a crafted pin parameter.
by nonroot
CVE-2008-6538 EXPLOITDB python VERIFIED
Holger Schurig Destar - Improper Input Validation
DeStar 0.2.2-5 allows remote attackers to add arbitrary users via a direct request to config/add/CfgOptUser.
by nonroot
EIP-2026-118915 EXPLOITDB python VERIFIED
Mitsubishi Electric GB-50A - Multiple Remote Authentication Bypass Vulnerabilities
by Chris Withers
CVE-2008-1591 EXPLOITDB python VERIFIED
PostNuke <0.764 - SQL Injection
The pnVarPrepForStore function in PostNuke 0.764 and earlier skips input sanitization when magic_quotes_runtime is enabled, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via input associated with server variables, as demonstrated by the CLIENT_IP HTTP header (HTTP_CLIENT_IP variable).
by The:Paradox
EIP-2026-116196 EXPLOITDB python VERIFIED
Rosoft Media Player 4.1.8 - RML Stack Buffer Overflow (PoC)
by Wiktor Sierocinski
CVE-2008-1498 EXPLOITDB python VERIFIED
NetWin Surgemail <3.8k4-4 - Buffer Overflow
Stack-based buffer overflow in the IMAP service in NetWin Surgemail 3.8k4-4 and earlier allows remote authenticated users to execute arbitrary code via a long first argument to the LIST command.
by ryujin
CVE-2008-1218 EXPLOITDB python VERIFIED
Dovecot <1.0.13, <1.1.rc3 - Command Injection
Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
by kingcope
CVE-2008-1358 EXPLOITDB python VERIFIED
Alt-N Technologies MDaemon 9.6.4 - Buffer Overflow
Stack-based buffer overflow in the IMAP server in Alt-N Technologies MDaemon 9.6.4 allows remote authenticated users to execute arbitrary code via a FETCH command with a long BODY.
by ryujin
CVE-2008-1117 EXPLOITDB python VERIFIED
Timbuktu Pro <8.7 - Path Traversal
Directory traversal vulnerability in the Notes (aka Flash Notes or instant messages) feature in tb2ftp.dll in Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, allows remote attackers to upload files to arbitrary locations via a destination filename with a \ (backslash) character followed by ../ (dot dot slash) sequences. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4220.
by Core Security
CVE-2008-1118 EXPLOITDB python VERIFIED
Timbuktu Pro <8.7 - Info Disclosure
Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, does not perform input validation before logging information fields taken from packets from a remote peer, which allows remote attackers to generate crafted log entries, and possibly avoid detection of attacks, via modified (1) computer name, (2) user name, and (3) IP address fields.
by Core Security
CVE-2008-1275 EXPLOITDB python VERIFIED
MailEnable <3.x - DoS
Multiple unspecified vulnerabilities in the SMTP service in MailEnable Standard Edition 1.x, Professional Edition 3.x and earlier, and Enterprise Edition 3.x and earlier allow remote attackers to cause a denial of service (crash) via crafted (1) EXPN or (2) VRFY commands.
by ryujin
CVE-2008-0985 EXPLOITDB python VERIFIED
Google Android SDK - Memory Corruption
Heap-based buffer overflow in the GIF library in the WebKit framework for Google Android SDK m3-rc37a and earlier allows remote attackers to execute arbitrary code via a crafted GIF file whose logical screen height and width are different than the actual height and width.
by Alfredo Ortega
CVE-2007-0919 EXPLOITDB python VERIFIED
Nickolas Grigoriadis MiniWebsvr 0.0.6 - Path Traversal
Directory traversal vulnerability in Nickolas Grigoriadis Mini Web server (MiniWebsvr) 0.0.6 allows remote attackers to list the directory immediately above the web root via a ..%00 sequence in the URI.
by gbr
CVE-2008-1119 EXPLOITDB python VERIFIED
Centreon <1.4.2.3 - Path Traversal
Directory traversal vulnerability in include/doc/get_image.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter.
by Julien CAYSSOL
CVE-2008-5160 EXPLOITDB python VERIFIED
MyServer 0.8.11 - DoS
Unspecified vulnerability in MyServer 0.8.11 allows remote attackers to cause a denial of service (daemon crash) via multiple invalid requests with the HTTP GET, DELETE, OPTIONS, and possibly other methods, related to a "204 No Content error."
by shinnai
CVE-2008-0811 EXPLOITDB python VERIFIED
Auracms - SQL Injection
Multiple SQL injection vulnerabilities in AuraCMS 1.62 allow remote attackers to execute arbitrary SQL commands via (1) the kid parameter to (a) mod/dl.php or (b) mod/links.php, and (2) the query parameter to search.php.
by NTOS-Team
By Source
All 4,759 Writeup 54,687 Exploitdb 50,186 Nomisec 21,443 Metasploit 3,228 Github 2,587 Vulncheck_xdb 904 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,364 ruby 5,960 python 5,949 c 3,580 perl 2,854 html 2,056 php 1,334 bash 459 java 362 javascript 260 c++ 250 shell 95 go 55 postscript 25 xml 24