Exploitdb Exploits

31,346 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-4491 EXPLOITDB CRITICAL text VERIFIED
thttpd 2.25b0 - Remote Code Execution via Terminal Emulator Escape Sequence
thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
by evilaliv3
CVSS 9.8
CVE-2009-4492 EXPLOITDB text VERIFIED
WEBrick 1.3.1 - Terminal Emulator Escape Sequence Injection via HTTP Request
WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
by evilaliv3
CVE-2009-4493 EXPLOITDB text VERIFIED
Orion Application Server 2.0.7 - Code Injection
Orion Application Server 2.0.7 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
by evilaliv3
CVE-2009-4487 EXPLOITDB text VERIFIED
nginx 0.7.64 - Terminal Emulator Escape Sequence Injection via Log File
nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
by evilaliv3
CVE-2009-4490 EXPLOITDB text VERIFIED
mini_httpd 1.19 - Remote Command Execution via Terminal Emulator Escape Sequence
mini_httpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
by evilaliv3
CVE-2009-4496 EXPLOITDB text VERIFIED
Boa 0.94.14rc21 - Remote Command Execution via Terminal Emulator Escape Sequence
Boa 0.94.14rc21 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
by evilaliv3
CVE-2009-4494 EXPLOITDB text VERIFIED
AOLserver 4.5.1 - Terminal Emulator Escape Sequence Injection via HTTP Request
AOLserver 4.5.1 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
by evilaliv3
CVE-2010-0376 EXPLOITDB text
JCE-Tech PHP Calendars - Cross-Site Scripting via cat Parameter in product_list.php
Cross-site scripting (XSS) vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: this issue is reportedly resultant from a forced SQL error message that occurs from exploitation of CVE-2010-0375.
by LionTurk
CVE-2010-0375 EXPLOITDB text
JCE-Tech PHP Calendars - SQL Injection via cat Parameter
SQL injection vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by LionTurk
EIP-2026-116639 EXPLOITDB text VERIFIED
YPOPS! 0.9.7.3 - Buffer Overflow (SEH)
by blake
EIP-2026-114590 EXPLOITDB text VERIFIED
ZeeWays Script - SQL Injection
by SyRiAn_34G13
EIP-2026-112600 EXPLOITDB text VERIFIED
TermiSBloG 1.0 - SQL Injections
by Cyber_945
EIP-2026-112236 EXPLOITDB text VERIFIED
Smart Statistics 1.0 - 'smart_Statistics_admin.php' Cross-Site Scripting
by R3d-D3V!L
EIP-2026-112163 EXPLOITDB text VERIFIED
Simply Classified 0.2 - Cross-Site Scripting / Cross-Site Request Forgery
by mr_me
CVE-2010-1069 EXPLOITDB text
ProArcadeScript - SQL Injection via Games ID Parameter
SQL injection vulnerability in games/game.php in ProArcadeScript allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Err0R
CVE-2010-1071 EXPLOITDB text
phpmdj 1.0.3 - SQL Injection via profil.php id Parameter
SQL injection vulnerability in profil.php in phpMDJ 1.0.3 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by k4cp3r & Ablus
CVE-2010-0380 EXPLOITDB text
JCE-Tech PHP Calendars - Unauthenticated Settings Modification via Direct install.php Request
install.php in JCE-Tech PHP Calendars, downloaded 20100121, allows remote attackers to bypass intended access restrictions and modify application settings via a direct request. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation.
by LionTurk
CVE-2010-0942 EXPLOITDB text VERIFIED
jVideoDirect (com_jvideodirect) - Path Traversal via Controller Parameter
Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
by FL0RiX
CVE-2010-0944 EXPLOITDB text VERIFIED
JCollection (com_jcollection) for Joomla! - Path Traversal via Controller Parameter
Directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
by FL0RiX
CVE-2010-0943 EXPLOITDB text VERIFIED
Joomla! JA Showcase (com_jashowcase) - Path Traversal via Controller Parameter
Directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php.
by FL0RiX
EIP-2026-108324 EXPLOITDB text VERIFIED
Joomla! Component com_dashboard - Directory Traversal
by FL0RiX
EIP-2026-106453 EXPLOITDB text VERIFIED
DigitalHive - 'mt' Cross-Site Scripting
by ViRuSMaN
EIP-2026-101654 EXPLOITDB text
D-Link Routers - Authentication Bypass (2)
by SourceSec DevTeam
EIP-2026-100302 EXPLOITDB text VERIFIED
Egreetings 1.0b - Remote Database Disclosure
by ViRuSMaN
CVE-2010-1067 EXPLOITDB text VERIFIED
E-membres 1.0 - Unauthenticated Sensitive Information Exposure via Direct Database Request
E-membres 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/bdEMembres.mdb.
by ViRuSMaN
By Source
All 31,346 Writeup 60,488 Exploitdb 50,014 Nomisec 21,943 Metasploit 3,232 Github 2,951 Vulncheck_xdb 909 Inthewild 514 Gitlab 443 Gitee 415 Patchapalooza 312
By Language
text 31,346 python 6,204 ruby 5,922 c 3,592 perl 2,849 html 2,056 php 1,327 bash 460 java 364 c++ 252 javascript 220 shell 100 go 64 postscript 25 xml 24