Exploitdb Exploits

31,357 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-101188 EXPLOITDB text VERIFIED
Check Point Connectra R62 - '/Login/Login' Arbitrary Script Injection
by Stefan Friedli
EIP-2026-109690 EXPLOITDB text VERIFIED
MyBB 1.4.8 - 'search.php' SQL Injection
by $qL_DoCt0r
CVE-2009-4657 EXPLOITDB text VERIFIED
Xerver 4.32 - Unauthenticated Administrator Access via Port 32123
The administrator package for Xerver 4.32 does not require authentication, which allows remote attackers to alter application settings by connecting to the application on port 32123, as demonstrated by setting the action option to wizardStep1.
by Dr_IDE
CVE-2009-3561 EXPLOITDB text VERIFIED
Xerver HTTP Server 4.32 - Path Traversal via chooseDirectory currentPath Parameter
Directory traversal vulnerability in Xerver HTTP Server 4.32 allows remote attackers to read arbitrary files via a full pathname with a drive letter in the currentPath parameter in a chooseDirectory action.
by Stack
CVE-2009-4658 EXPLOITDB text VERIFIED
Xerver 4.32 - Authenticated Denial of Service via Non-Numeric Web Port Assignment
Xerver 4.32 allows remote authenticated users to cause a denial of service (daemon crash) via a non-numeric web port assignment in the management interface. NOTE: this can be leveraged by non-authenticated attackers using CVE-2009-4657.
by Dr_IDE
CVE-2009-3310 EXPLOITDB text VERIFIED
Zainu 1.0 - SQL Injection via AlbumSongs Album ID Parameter
SQL injection vulnerability in index.php in Zainu 1.0 allows remote attackers to execute arbitrary SQL commands via the album_id parameter in an AlbumSongs action.
by snakespc
CVE-2009-3306 EXPLOITDB text VERIFIED
ClearSite 4.50 - Remote Code Execution via cs_base_path Parameter
PHP remote file inclusion vulnerability in include/header.php in ClearSite 4.50 allows remote attackers to execute arbitrary PHP code via a URL in the cs_base_path parameter.
by EA Ngel
CVE-2009-3307 EXPLOITDB text VERIFIED
FSphp 0.2.1 - Remote File Inclusion via FSPHP_LIB Parameter
Multiple PHP remote file inclusion vulnerabilities in FSphp 0.2.1 allow remote attackers to execute arbitrary PHP code via a URL in the FSPHP_LIB parameter to (1) FSphp.php, (2) navigation.php, and (3) pathwrite.php in lib/.
by NoGe
CVE-2009-3308 EXPLOITDB text VERIFIED
FanUpdate 2.2.1 - SQL Injection via show-cat.php listingid Parameter
SQL injection vulnerability in show-cat.php in FanUpdate 2.2.1 allows remote attackers to execute arbitrary SQL commands via the listingid parameter.
by (In)Security Romania
CVE-2009-3562 EXPLOITDB text VERIFIED
Xerver HTTP Server 4.32 - Cross-Site Scripting via currentPath Parameter
Cross-site scripting (XSS) vulnerability in Xerver HTTP Server 4.32 allows remote attackers to inject arbitrary web script or HTML via the currentPath parameter in a chooseDirectory action.
by Stack
EIP-2026-100739 EXPLOITDB text VERIFIED
Avaya Intuity Audix LX R1.1 - Multiple Remote Vulnerabilities
by pagvac
CVE-2009-3317 EXPLOITDB text VERIFIED
OpenSiteAdmin 0.9.7 BETA - Remote Code Execution via Path Parameter
PHP remote file inclusion vulnerability in pages/pageHeader.php in OpenSiteAdmin 0.9.7 BETA allows remote attackers to execute arbitrary PHP code via a URL in the path parameter, a different vector than CVE-2008-0648.
by EA Ngel
CVE-2009-3315 EXPLOITDB text VERIFIED
NeLogic Nephp Publisher Enterprise 3.5.9 and 4.5 - SQL Injection via Username Field
SQL injection vulnerability in admin/index.php in NeLogic Nephp Publisher Enterprise 3.5.9 and 4.5 allows remote attackers to execute arbitrary SQL commands via the Username field.
by learn3r hacker
EIP-2026-108647 EXPLOITDB text VERIFIED
Joomla! Component F!BB 1.5.96 RC - SQL Injection / HTML Injection
by Jeff Channell
EIP-2026-108633 EXPLOITDB text VERIFIED
Joomla! Component EasyBook 2.0.0rc4 - Multiple HTML Injection Vulnerabilities
by Jeff Channell
CVE-2009-3318 EXPLOITDB text VERIFIED
Roland Breedveld Album (com_album) 1.14 - Path Traversal via Target Parameter
Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.
by DreamTurk
CVE-2009-3313 EXPLOITDB text VERIFIED
FMyClone 2.3 - SQL Injection via comp Parameter
Multiple SQL injection vulnerabilities in FMyClone 2.3 allow remote attackers to execute arbitrary SQL commands via the comp parameter to (1) index.php and (2) editComments.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the id parameter in a comment action to edit.php.
by learn3r hacker
CVE-2009-3309 EXPLOITDB text VERIFIED
CF ShopKart 5.4 beta - SQL Injection via index.cfm itemid Parameter
SQL injection vulnerability in index.cfm in CF ShopKart 5.4 beta allows remote attackers to execute arbitrary SQL commands via the itemid parameter in a ViewDetails action, a different vector than CVE-2008-6320.
by learn3r hacker
CVE-2009-3233 EXPLOITDB text VERIFIED
changetrack 4.3 - OS Command Injection via Filename with CRLF and Shell Metacharacters
changetrack 4.3 allows local users to execute arbitrary commands via CRLF sequences and shell metacharacters in a filename in a directory that is checked by changetrack.
by Rick
CVE-2009-4880 EXPLOITDB text VERIFIED
glibc < 2.10.1 - Denial of Service via strfmon Format String Integer Overflow
Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391.
by Maksymilian Arciemowicz
CVE-2008-6614 EXPLOITDB text VERIFIED
Implied By Design Micro CMS 3.5 - SQL Injection via Login Username or Password Parameter
Multiple SQL injection vulnerabilities in microcms-admin-login.php in Implied By Design (IBD) Micro CMS 3.5 (aka 0.3.5) allow remote attackers to execute arbitrary SQL commands via (1) the administrators_username parameter (aka the Username field) or (2) the administrators_pass parameter (aka the Password field).
by learn3r hacker
CVE-2006-3144 EXPLOITDB text VERIFIED
Implied By Design Micro CMS <3.5 - RCE
PHP remote file inclusion vulnerability in micro_cms_files/microcms-include.php in Implied By Design (IBD) Micro CMS 3.5 (aka 0.3.5) and earlier allows remote attackers to execute arbitrary PHP code via a URL in the microcms_path parameter. NOTE: it was later reported that this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.
by learn3r hacker
CVE-2009-3646 EXPLOITDB text VERIFIED
InterVations NaviCOPA Web Server 3.01 - Unauthenticated Source Code Exposure via ::$DATA Suffix
InterVations NaviCOPA Web Server 3.01 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name.
by Dr_IDE
EIP-2026-112816 EXPLOITDB text VERIFIED
TuttoPHP Morris Guestbook - 'view.php' Cross-Site Scripting
by Moudi
CVE-2009-3311 EXPLOITDB text VERIFIED
RSSMediaScript - Cross-Site Scripting via Page Parameter
Cross-site scripting (XSS) vulnerability in index.php in RSSMediaScript allows remote attackers to inject arbitrary web script or HTML via the page parameter.
by Moudi
By Source
All 31,357 Writeup 60,521 Exploitdb 50,033 Nomisec 21,976 Metasploit 3,232 Github 2,991 Vulncheck_xdb 909 Inthewild 514 Gitlab 451 Gitee 415 Patchapalooza 312
By Language
text 31,357 python 6,235 ruby 5,922 c 3,593 perl 2,850 html 2,059 php 1,327 bash 460 java 364 c++ 253 javascript 220 shell 101 go 65 postscript 25 xml 24