Exploitdb Exploits

31,346 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-4091 EXPLOITDB text VERIFIED
Simplog 0.9.3.2 - Unauthenticated Comment Editing and Deletion via comments.php
comments.php in Simplog 0.9.3.2, and possibly earlier, does not properly restrict access, which allows remote attackers to edit or delete comments via the (1) edit or (2) del action.
by Amol Naik
EIP-2026-115868 EXPLOITDB text VERIFIED
Mozilla Thunderbird 2.0.0.23 Mozilla SeaMonkey 2.0 - 'jar50.dll' Null Pointer Dereference
by Marcin Ressel
EIP-2026-114090 EXPLOITDB text VERIFIED
WordPress Plugin Subscribe to Comments 2.0 - Multiple Cross-Site Scripting Vulnerabilities
by MustLive
CVE-2009-4089 EXPLOITDB text VERIFIED
telepark.wiki <2.4.23 - Auth Bypass
telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and (1) delete arbitrary pages via a modified pageID parameter to ajax/deletePage.php or (2) delete arbitrary comments via a modified pageID parameter to ajax/deleteComment.php.
by Abysssec
CVE-2009-4093 EXPLOITDB text VERIFIED
Simplog 0.9.3.2 - Cross-Site Scripting via Name or Email Parameters
Multiple cross-site scripting (XSS) vulnerabilities in comments.php in Simplog 0.9.3.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) cname (Name) or (2) email parameters.
by Amol Naik
CVE-2015-4181 EXPLOITDB HIGH text VERIFIED
phpMyBackupPro 2.1-2.5 - Path Traversal via View Parameter
Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2015-4180.
by Amol Naik
CVSS 7.5
CVE-2009-4047 EXPLOITDB text VERIFIED
PHD Help Desk 1.43 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in PHD Help Desk 1.43 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to area.php; the (2) pagina, (3) sentido, (4) q_registros, and (5) orden parameters to area.php; (6) the q_registros parameter to solic_display.php; (7) the PATH_INFO to area_list.php; (8) the q_registros parameter to area_list.php; (9) the PATH_INFO to atributo.php; the (10) pagina, (11) q_registros, and (12) orden parameters to atributo_list.php; (13) an arbitrary parameter name beginning with "sentido" to atributo_list.php; and (14) the PATH_INFO to caso_insert.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Amol Naik
CVE-2009-4047 EXPLOITDB text VERIFIED
PHD Help Desk 1.43 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in PHD Help Desk 1.43 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to area.php; the (2) pagina, (3) sentido, (4) q_registros, and (5) orden parameters to area.php; (6) the q_registros parameter to solic_display.php; (7) the PATH_INFO to area_list.php; (8) the q_registros parameter to area_list.php; (9) the PATH_INFO to atributo.php; the (10) pagina, (11) q_registros, and (12) orden parameters to atributo_list.php; (13) an arbitrary parameter name beginning with "sentido" to atributo_list.php; and (14) the PATH_INFO to caso_insert.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Amol Naik
CVE-2009-4047 EXPLOITDB text VERIFIED
PHD Help Desk 1.43 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in PHD Help Desk 1.43 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to area.php; the (2) pagina, (3) sentido, (4) q_registros, and (5) orden parameters to area.php; (6) the q_registros parameter to solic_display.php; (7) the PATH_INFO to area_list.php; (8) the q_registros parameter to area_list.php; (9) the PATH_INFO to atributo.php; the (10) pagina, (11) q_registros, and (12) orden parameters to atributo_list.php; (13) an arbitrary parameter name beginning with "sentido" to atributo_list.php; and (14) the PATH_INFO to caso_insert.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Amol Naik
CVE-2009-4047 EXPLOITDB text VERIFIED
PHD Help Desk 1.43 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in PHD Help Desk 1.43 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to area.php; the (2) pagina, (3) sentido, (4) q_registros, and (5) orden parameters to area.php; (6) the q_registros parameter to solic_display.php; (7) the PATH_INFO to area_list.php; (8) the q_registros parameter to area_list.php; (9) the PATH_INFO to atributo.php; the (10) pagina, (11) q_registros, and (12) orden parameters to atributo_list.php; (13) an arbitrary parameter name beginning with "sentido" to atributo_list.php; and (14) the PATH_INFO to caso_insert.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Amol Naik
CVE-2009-4047 EXPLOITDB text VERIFIED
PHD Help Desk 1.43 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in PHD Help Desk 1.43 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to area.php; the (2) pagina, (3) sentido, (4) q_registros, and (5) orden parameters to area.php; (6) the q_registros parameter to solic_display.php; (7) the PATH_INFO to area_list.php; (8) the q_registros parameter to area_list.php; (9) the PATH_INFO to atributo.php; the (10) pagina, (11) q_registros, and (12) orden parameters to atributo_list.php; (13) an arbitrary parameter name beginning with "sentido" to atributo_list.php; and (14) the PATH_INFO to caso_insert.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Amol Naik
CVE-2009-4047 EXPLOITDB text VERIFIED
PHD Help Desk 1.43 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in PHD Help Desk 1.43 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to area.php; the (2) pagina, (3) sentido, (4) q_registros, and (5) orden parameters to area.php; (6) the q_registros parameter to solic_display.php; (7) the PATH_INFO to area_list.php; (8) the q_registros parameter to area_list.php; (9) the PATH_INFO to atributo.php; the (10) pagina, (11) q_registros, and (12) orden parameters to atributo_list.php; (13) an arbitrary parameter name beginning with "sentido" to atributo_list.php; and (14) the PATH_INFO to caso_insert.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Amol Naik
EIP-2026-108962 EXPLOITDB text VERIFIED
kalimat new system 1.0 - 'index.php' SQL Injection
by ProF.Code
CVE-2009-4112 EXPLOITDB text VERIFIED
Cacti <0.8.7e - Privilege Escalation
Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands.
by MustLive
EIP-2026-106560 EXPLOITDB text VERIFIED
Dow Group - 'new.php' SQL Injection
by ProF.Code
EIP-2026-105852 EXPLOITDB text VERIFIED
Cifshanghai - 'chanpin_info.php' CMS SQL Injection
by ProF.Code
EIP-2026-101521 EXPLOITDB text VERIFIED
Alteon OS BBI (Nortell) - Cross-Site Scripting / Cross-Site Request Forgery
by Alexey Sintsov
EIP-2026-114124 EXPLOITDB text VERIFIED
WordPress Plugin Trashbin 0.1 - 'mtb_undelete' Cross-Site Scripting
by MustLive
CVE-2009-4651 EXPLOITDB text VERIFIED
Webee Comments 1.1.1, 1.2, 2.0 - Cross-Site Scripting via BBCode Tags
Multiple cross-site scripting (XSS) vulnerabilities in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) color, (2) img, or (3) url BBCode tags in unspecified vectors.
by Jeff Channell
CVE-2009-4650 EXPLOITDB text VERIFIED
Webee Comments (com_webeecomment) 1.1.1, 1.2, 2.0 - SQL Injection
SQL injection vulnerability in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a default action to index2.php. NOTE: some of these details are obtained from third party information.
by Jeff Channell
EIP-2026-110347 EXPLOITDB text VERIFIED
OS Commerce 2.2r2 - Authentication Bypass
by Stuart Udall
EIP-2026-104066 EXPLOITDB text VERIFIED
Samba 3.0.10 < 3.3.5 - Format String / Security Bypass
by Jeremy Allison
CVE-2009-1284 EXPLOITDB text VERIFIED
BibTeX 0.99 - Denial of Service via Long .bib File
Buffer overflow in BibTeX 0.99 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a long .bib bibliography file.
by Vincent Lafevre
CVE-2009-4171 EXPLOITDB text VERIFIED
Yahoo! Messenger 9.0.0.2162 - Denial of Service via YahooBridgeLib.dll RegisterMe Method
An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument.
by HACKATTACK
EIP-2026-104126 EXPLOITDB text VERIFIED
WebKit - 'Document()' Remote Information Disclosure
by Chris Evans
By Source
All 31,346 Writeup 60,509 Exploitdb 50,014 Nomisec 21,957 Metasploit 3,232 Github 2,978 Vulncheck_xdb 909 Inthewild 514 Gitlab 443 Gitee 415 Patchapalooza 312
By Language
text 31,346 python 6,226 ruby 5,922 c 3,592 perl 2,849 html 2,056 php 1,327 bash 460 java 364 c++ 252 javascript 220 shell 101 go 64 postscript 25 xml 24