Exploitdb Exploits

31,357 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-3312 EXPLOITDB text VERIFIED
phppollscript < 1.3 - Remote Code Execution via include_class Parameter
PHP remote file inclusion vulnerability in php/init.poll.php in phpPollScript 1.3 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a crafted URL in the include_class parameter.
by cr4wl3r
CVE-2009-3320 EXPLOITDB text VERIFIED
Zenas PaoLink 1.0 - Cross-Site Scripting via PATH_INFO
Cross-site scripting (XSS) vulnerability in scrivi.php in Zenas PaoLink (aka Pao-Link) 1.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
by Moudi
CVE-2009-3493 EXPLOITDB text VERIFIED
Zenas PaoBacheca Guestbook 2.1 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in Zenas PaoBacheca Guestbook 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) scrivi.php and (2) index.php.
by Moudi
CVE-2009-3493 EXPLOITDB text VERIFIED
Zenas PaoBacheca Guestbook 2.1 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in Zenas PaoBacheca Guestbook 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) scrivi.php and (2) index.php.
by Moudi
CVE-2009-3647 EXPLOITDB text VERIFIED
YABSoft Mega File Hosting Script 1.2 - Cross-Site Scripting via emaullinks.php moudi Parameter
Cross-site scripting (XSS) vulnerability in emaullinks.php in YABSoft Mega File Hosting Script (aka MFH or MFHS) 1.2 allows remote attackers to inject arbitrary web script or HTML via the moudi parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Moudi
CVE-2009-3669 EXPLOITDB text VERIFIED
com_foobla_suggestions 1.5.11 - SQL Injection via idea_id Parameter
SQL injection vulnerability in the foobla Suggestions (com_foobla_suggestions) component 1.5.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the idea_id parameter to index.php.
by Chip d3 bi0s
CVE-2009-3314 EXPLOITDB text VERIFIED
Elite Gaming Ladders 3.2 - SQL Injection via Platform Parameter
SQL injection vulnerability in ladders.php in Elite Gaming Ladders 3.2 allows remote attackers to execute arbitrary SQL commands via the platform parameter.
by snakespc
CVE-2009-3667 EXPLOITDB text VERIFIED
AdsDX 3.05 - SQL Injection via Username Parameter
SQL injection vulnerability in admin/index.php in AdsDX 3.05 allows remote attackers to execute arbitrary SQL commands via the Username.
by snakespc
CVE-2009-3234 EXPLOITDB text VERIFIED
Linux Kernel 2.6.31-rc1 - Buffer Overflow via perf_counter_open System Call
Buffer overflow in the perf_copy_attr function in kernel/perf_counter.c in the Linux kernel 2.6.31-rc1 allows local users to cause a denial of service (crash) and execute arbitrary code via a "big size data" to the perf_counter_open system call.
by Xiao Guangrong
EIP-2026-118685 EXPLOITDB text VERIFIED
Installshield 2009 15.0.0.53 Premier - 'ISWiAutomation15.dll' ActiveX Arbitrary File Overwrite
by the_Edit0r
EIP-2026-118332 EXPLOITDB text VERIFIED
BRS Webweaver 1.33 - '/Scripts' Access Restriction Bypass
by Usman Saeed
EIP-2026-117800 EXPLOITDB text VERIFIED
Protector Plus AntiVirus 8/9 - Local Privilege Escalation
by Maxim A. Kulakov
CVE-2009-3863 EXPLOITDB text VERIFIED
Novell Groupwise Client 7.0.3.1294 - Buffer Overflow
Buffer overflow in the gxmim1.dll ActiveX control in Novell Groupwise Client 7.0.3.1294 allows remote attackers to cause a denial of service (application crash) via a long argument to the SetFontFace method.
by Francis Provencher
CVE-2009-3662 EXPLOITDB text VERIFIED
FileCopa FTP Server 5.01 - Denial of Service via Crafted NOOP Commands
FileCopa FTP Server 5.01 allows remote attackers to cause a denial of service (server hang) via a large number of crafted NOOP commands.
by Asheesh kumar Mani Tripathi
CVE-2008-6447 EXPLOITDB text VERIFIED
QuikSoft EasyMail MailStore ActiveX emmailstore.dll 6.5.0.3 - Buffer Overflow via CreateStore Method
Buffer overflow in emmailstore.dll 6.5.0.3 in the QuikSoft EasyMail MailStore ActiveX control allows remote attackers to execute arbitrary code via a long first argument to the CreateStore method.
by Francis Provencher
EIP-2026-115199 EXPLOITDB text VERIFIED
EasyMail Quicksoft 6.0.2.0 - ActiveX Remote Code Execution (PoC)
by Francis Provencher
CVE-2009-3244 EXPLOITDB text VERIFIED
Adobe Shockwave Player < 11.5.1.601 - Heap-Based Buffer Overflow via PlayerVersion Property
Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe Shockwave Player 11.5.1.601 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PlayerVersion property value.
by Francis Provencher
EIP-2026-112663 EXPLOITDB text VERIFIED
Three Pillars Help Desk 3.0 - Authentication Bypass
by snakespc
CVE-2009-3661 EXPLOITDB text VERIFIED
Blueconstantmedia Com Djcatalog - SQL Injection
Multiple SQL injection vulnerabilities in the DJ-Catalog (com_djcatalog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a showItem action and (2) cid parameter in a show action to index.php.
by Chip d3 bi0s
EIP-2026-107711 EXPLOITDB text VERIFIED
iBoutique.MALL 1.2 - 'cat' Blind SQL Injection
by InjEctOr5
CVE-2009-3660 EXPLOITDB text VERIFIED
efront < 3.5.4 - Remote Code Execution via path Parameter
PHP remote file inclusion vulnerability in libraries/database.php in Efront 3.5.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation.
by cr4wl3r
CVE-2009-3243 EXPLOITDB text VERIFIED
Wireshark 1.2.0-1.2.1 - Denial of Service in TLS Dissector
Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and 1.2.1, when running on Windows, allows remote attackers to cause a denial of service (application crash) via unknown vectors related to TLS 1.2 conversations.
by Buildbot Builder
CVE-2009-3241 EXPLOITDB text VERIFIED
Wireshark 0.99.6-1.0.8 and 1.2.0-1.2.1 - Denial of Service via OPCUA Service CallRequest Packets
Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets.
by Buildbot Builder
CVE-2009-3242 EXPLOITDB text VERIFIED
Wireshark 1.2.0 and 1.2.1 - Denial of Service in GSM A RR Dissector
Unspecified vulnerability in packet.c in the GSM A RR dissector in Wireshark 1.2.0 and 1.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors related to "an uninitialized dissector handle," which triggers an assertion failure.
by Buildbot Builder
CVE-2006-2043 EXPLOITDB text VERIFIED
IP3 Networks NetAccess NA75 - Local Command Injection via Backtick Characters in CLI
na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 allows local users to gain Unix shell access via "`" (backtick) characters in the appliance's command line interface (CLI).
by r00t
By Source
All 31,357 Writeup 60,521 Exploitdb 50,033 Nomisec 21,976 Metasploit 3,232 Github 2,991 Vulncheck_xdb 909 Inthewild 514 Gitlab 451 Gitee 415 Patchapalooza 312
By Language
text 31,357 python 6,235 ruby 5,922 c 3,593 perl 2,850 html 2,059 php 1,327 bash 460 java 364 c++ 253 javascript 220 shell 101 go 65 postscript 25 xml 24