Exploitdb Exploits

31,357 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-3830 EXPLOITDB text VERIFIED
Microsoft Office SharePoint Server 2007 Unauthenticated ASP.NET Source Code Disclosure
The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx.
by Daniel Martin
CVE-2009-4612 EXPLOITDB text VERIFIED
Mort Bay Jetty 6.1.x-6.1.21 - Cross-Site Scripting via PATH_INFO to Snoop Page
Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP Snoop page in Mort Bay Jetty 6.1.x through 6.1.21 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) jspsnoop/, (2) jspsnoop/ERROR/, and (3) jspsnoop/IOException/, and possibly the PATH_INFO to (4) snoop.jsp.
by aScii
CVE-2009-3838 EXPLOITDB text VERIFIED
Pegasus Mail 4.41 - Stack-based Buffer Overflow via Long POP3 Error Message
Stack-based buffer overflow in Pegasus Mail (PMail) 4.41 and possibly 4.51 allows remote POP3 servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long error message.
by Francis Provencher
CVE-2009-3577 EXPLOITDB text VERIFIED
Autodesk 3ds Max 6-9 and 2008-2010 - Remote Code Execution via MAXScript DOSCommand Method
Autodesk 3D Studio Max (3DSMax) 6 through 9 and 2008 through 2010 allows remote attackers to execute arbitrary code via a .max file with a MAXScript statement that calls the DOSCommand method, related to "application callbacks."
by Sebastian Tello
EIP-2026-117252 EXPLOITDB text VERIFIED
GPG4Win GNU - Privacy Assistant
by Dr_IDE
CVE-2009-3837 EXPLOITDB text VERIFIED
Eureka Email 2.2q - Remote Code Execution via Long POP3 Error Message
Stack-based buffer overflow in Eureka Email 2.2q allows remote POP3 servers to execute arbitrary code via a long error message.
by Francis Provencher
EIP-2026-112824 EXPLOITDB text VERIFIED
TwonkyMedia Server 4.4.17/5.0.65 - Cross-Site Scripting
by Davide Canali
CVE-2009-4535 EXPLOITDB text VERIFIED
Mongoose < 2.8.0 - Unauthenticated Source Code Exposure via URI Trailing Slash
Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending a / (slash) character to the URI.
by Dr_IDE
EIP-2026-108829 EXPLOITDB text VERIFIED
Joomla! Component Photo Blog alpha 3 < alpha 3a - SQL Injection
by kaMtiEz
CVE-2009-3835 EXPLOITDB text VERIFIED
JShop - SQL Injection via pid Parameter
SQL injection vulnerability in the JShop (com_jshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a product action to index.php.
by Don Tukulesto
CVE-2009-3641 EXPLOITDB text VERIFIED
Snort < 2.8.5.1 - Denial of Service via Crafted IPv6 Packet
Snort before 2.8.5.1, when the -v option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted IPv6 packet that uses the (1) TCP or (2) ICMP protocol.
by laurent gaffie
EIP-2026-102956 EXPLOITDB text VERIFIED
proc File - Descriptors Directory Permissions Bypass
by Pavel Machek
EIP-2026-102703 EXPLOITDB text VERIFIED
Nginx 0.7.0 < 0.7.61 / 0.6.0 < 0.6.38 / 0.5.0 < 0.5.37 / 0.4.0 < 0.4.14 - Denial of Service (PoC)
by Zeus Penguin
CVE-2009-3787 EXPLOITDB text VERIFIED
Vivvo CMS 4.1.5.1 - Path Traversal via File Parameter
files.php in Vivvo CMS 4.1.5.1 allows remote attackers to conduct directory traversal attacks and read arbitrary files via the file parameter with "logs/" in between two . (dot) characters, which is filtered into a "../" sequence.
by Janek Vind
CVE-2009-3641 EXPLOITDB text VERIFIED
Snort < 2.8.5.1 - Denial of Service via Crafted IPv6 Packet
Snort before 2.8.5.1, when the -v option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted IPv6 packet that uses the (1) TCP or (2) ICMP protocol.
by laurent gaffie
EIP-2026-119379 EXPLOITDB text VERIFIED
httpdx 1.4.6b - Source Disclosure
by Dr_IDE
CVE-2009-3789 EXPLOITDB text VERIFIED
OpenDocMan 1.2.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the last_message parameter to (1) add.php, (2) toBePublished.php, (3) index.php, and (4) admin.php; the PATH_INFO to the default URI to (5) category.php, (6) department.php, (7) profile.php, (8) rejects.php, (9) search.php, (10) toBePublished.php, (11) user.php, and (12) view_file.php; and (13) the caller parameter in a Modify User action to user.php.
by Amol Naik
CVE-2009-3789 EXPLOITDB text VERIFIED
OpenDocMan 1.2.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the last_message parameter to (1) add.php, (2) toBePublished.php, (3) index.php, and (4) admin.php; the PATH_INFO to the default URI to (5) category.php, (6) department.php, (7) profile.php, (8) rejects.php, (9) search.php, (10) toBePublished.php, (11) user.php, and (12) view_file.php; and (13) the caller parameter in a Modify User action to user.php.
by Amol Naik
CVE-2009-3789 EXPLOITDB text VERIFIED
OpenDocMan 1.2.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the last_message parameter to (1) add.php, (2) toBePublished.php, (3) index.php, and (4) admin.php; the PATH_INFO to the default URI to (5) category.php, (6) department.php, (7) profile.php, (8) rejects.php, (9) search.php, (10) toBePublished.php, (11) user.php, and (12) view_file.php; and (13) the caller parameter in a Modify User action to user.php.
by Amol Naik
CVE-2009-3789 EXPLOITDB text VERIFIED
OpenDocMan 1.2.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the last_message parameter to (1) add.php, (2) toBePublished.php, (3) index.php, and (4) admin.php; the PATH_INFO to the default URI to (5) category.php, (6) department.php, (7) profile.php, (8) rejects.php, (9) search.php, (10) toBePublished.php, (11) user.php, and (12) view_file.php; and (13) the caller parameter in a Modify User action to user.php.
by Amol Naik
CVE-2009-3789 EXPLOITDB text VERIFIED
OpenDocMan 1.2.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the last_message parameter to (1) add.php, (2) toBePublished.php, (3) index.php, and (4) admin.php; the PATH_INFO to the default URI to (5) category.php, (6) department.php, (7) profile.php, (8) rejects.php, (9) search.php, (10) toBePublished.php, (11) user.php, and (12) view_file.php; and (13) the caller parameter in a Modify User action to user.php.
by Amol Naik
CVE-2009-3789 EXPLOITDB text VERIFIED
OpenDocMan 1.2.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the last_message parameter to (1) add.php, (2) toBePublished.php, (3) index.php, and (4) admin.php; the PATH_INFO to the default URI to (5) category.php, (6) department.php, (7) profile.php, (8) rejects.php, (9) search.php, (10) toBePublished.php, (11) user.php, and (12) view_file.php; and (13) the caller parameter in a Modify User action to user.php.
by Amol Naik
CVE-2009-3789 EXPLOITDB text VERIFIED
OpenDocMan 1.2.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the last_message parameter to (1) add.php, (2) toBePublished.php, (3) index.php, and (4) admin.php; the PATH_INFO to the default URI to (5) category.php, (6) department.php, (7) profile.php, (8) rejects.php, (9) search.php, (10) toBePublished.php, (11) user.php, and (12) view_file.php; and (13) the caller parameter in a Modify User action to user.php.
by Amol Naik
CVE-2009-3789 EXPLOITDB text VERIFIED
OpenDocMan 1.2.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the last_message parameter to (1) add.php, (2) toBePublished.php, (3) index.php, and (4) admin.php; the PATH_INFO to the default URI to (5) category.php, (6) department.php, (7) profile.php, (8) rejects.php, (9) search.php, (10) toBePublished.php, (11) user.php, and (12) view_file.php; and (13) the caller parameter in a Modify User action to user.php.
by Amol Naik
CVE-2009-3789 EXPLOITDB text VERIFIED
OpenDocMan 1.2.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the last_message parameter to (1) add.php, (2) toBePublished.php, (3) index.php, and (4) admin.php; the PATH_INFO to the default URI to (5) category.php, (6) department.php, (7) profile.php, (8) rejects.php, (9) search.php, (10) toBePublished.php, (11) user.php, and (12) view_file.php; and (13) the caller parameter in a Modify User action to user.php.
by Amol Naik
By Source
All 31,357 Writeup 60,510 Exploitdb 50,033 Nomisec 21,972 Metasploit 3,232 Github 2,984 Vulncheck_xdb 909 Inthewild 514 Gitlab 451 Gitee 415 Patchapalooza 312
By Language
text 31,357 python 6,234 ruby 5,922 c 3,592 perl 2,850 html 2,058 php 1,327 bash 460 java 364 c++ 253 javascript 220 shell 101 go 64 postscript 25 xml 24