Exploitdb Exploits

31,357 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-3366 EXPLOITDB text VERIFIED
An image gallery 1.0 - Path Traversal via Path Parameter
Directory traversal vulnerability in navigation.php in An image gallery 1.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the path parameter.
by ThE g0bL!N
CVE-2009-4615 EXPLOITDB text VERIFIED
MYRE Holiday Rental Manager - SQL Injection
SQL injection vulnerability in review.php in MYRE Holiday Rental Manager allows remote attackers to execute arbitrary SQL commands via the link_id parameter in a show_review action.
by Mr.SQL
CVE-2009-3665 EXPLOITDB text VERIFIED
Nullam Blog 0.1.2 - SQL Injection via i or v Parameter
Multiple SQL injection vulnerabilities in index.php in Nullam Blog 0.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) i parameter or (2) v parameters in a register action.
by Salvatore Fresta
CVE-2009-3664 EXPLOITDB text VERIFIED
Nullam Blog 0.1.2 - Path Traversal via p or s Parameter
Multiple directory traversal vulnerabilities in index.php in Nullam Blog 0.1.2 allow remote attackers to include or execute arbitrary files via a .. (dot dot) in the (1) p and (2) s parameters.
by Salvatore Fresta
EIP-2026-115526 EXPLOITDB text VERIFIED
Kolibri+ Web Server 2 - GET Denial of Service
by Usman Saeed
EIP-2026-112761 EXPLOITDB text VERIFIED
tourismscripts HotelBook - 'hotel_id' Multiple SQL Injections
by Mr.SQL
CVE-2009-3494 EXPLOITDB text VERIFIED
T-HTB Manager 0.5 - SQL Injection via id or name Parameter
Multiple SQL injection vulnerabilities in index.php in T-HTB Manager 0.5, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in a delete_category action, (2) the name parameter in an update_category action, and other vectors.
by Salvatore Fresta
CVE-2009-3666 EXPLOITDB text VERIFIED
Nullam Blog 0.1.2 - Cross-Site Scripting via Error Parameter
Cross-site scripting (XSS) vulnerability in index.php in Nullam Blog 0.1.2 allows remote attackers to inject arbitrary web script or HTML via the e parameter in an error action.
by Salvatore Fresta
CVE-2009-4616 EXPLOITDB text VERIFIED
MYRE Holiday Rental Manager - Cross-Site Scripting via search.php cat_id1 Parameter
Cross-site scripting (XSS) vulnerability in search.php in MYRE Holiday Rental Manager allows remote attackers to inject arbitrary web script or HTML via the cat_id1 parameter.
by Mr.SQL
EIP-2026-108493 EXPLOITDB text VERIFIED
Joomla! Component com_pressrelease - 'id' SQL Injection
by Moudi
CVE-2009-4624 EXPLOITDB text VERIFIED
Nicecoder iDesk - SQL Injection via download.php cat_id Parameter
SQL injection vulnerability in download.php in Nicecoder iDesk allows remote attackers to execute arbitrary SQL commands via the cat_id parameter, a different vector than CVE-2005-3843.
by Mr.SQL
EIP-2026-107473 EXPLOITDB text VERIFIED
Graffiti CMS 1.x - Arbitrary File Upload
by Alexander Concha
CVE-2009-4622 EXPLOITDB text VERIFIED
Drunken:Golem Gaming Portal 0.5.1 - RCE
PHP remote file inclusion vulnerability in admin/admin_news_bot.php in Drunken:Golem Gaming Portal 0.5.1 alpha 2 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, a different vector than CVE-2007-0572.
by EA Ngel
CVE-2009-3360 EXPLOITDB text VERIFIED
datemill 1.0 - Cross-Site Scripting via return and st Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Datemill 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) return parameter to photo_view.php, and st parameter to (2) photo_search.php and (3) search.php.
by Moudi
CVE-2009-3360 EXPLOITDB text VERIFIED
datemill 1.0 - Cross-Site Scripting via return and st Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Datemill 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) return parameter to photo_view.php, and st parameter to (2) photo_search.php and (3) search.php.
by Moudi
CVE-2009-3360 EXPLOITDB text VERIFIED
datemill 1.0 - Cross-Site Scripting via return and st Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Datemill 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) return parameter to photo_view.php, and st parameter to (2) photo_search.php and (3) search.php.
by Moudi
CVE-2009-4618 EXPLOITDB text VERIFIED
Tourism Script Bus Script - SQL Injection
Multiple SQL injection vulnerabilities in Tourism Script Bus Script allow remote attackers to execute arbitrary SQL commands via the sitetext_id parameter to (1) aboutus.php and (2) faq.php.
by Mr.SQL
CVE-2009-3367 EXPLOITDB text VERIFIED
An image gallery 1.0 - Cross-Site Scripting via Path and Show Parameters
Multiple cross-site scripting (XSS) vulnerabilities in An image gallery 1.0 allow remote attackers to inject arbitrary web script or HTML via the path parameter to (1) index.php and (2) main.php, and the (3) show parameter to main.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ThE g0bL!N
CVE-2009-4623 EXPLOITDB text VERIFIED
Advanced Comment System 1.0 - Remote Code Execution via ACS_path Parameter
Multiple PHP remote file inclusion vulnerabilities in Advanced Comment System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the ACS_path parameter to (1) index.php and (2) admin.php in advanced_comment_system/. NOTE: this might only be a vulnerability when the administrator has not followed installation instructions in install.php. NOTE: this might be the same as CVE-2020-35598.
by Kurd-Team
CVE-2009-3358 EXPLOITDB text VERIFIED
Tourism Scripts Adult Portal Escort Listing - SQL Injection via profile.php user_id Parameter
SQL injection vulnerability in profile.php in Tourism Scripts Adult Portal escort listing allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
by Mr.SQL
CVE-2009-4617 EXPLOITDB text VERIFIED
Tourismscripts Tourism Script Accomodation Hotel Booking Portal Script - SQL Injection
Multiple SQL injection vulnerabilities in Tourism Script Accommodation Hotel Booking Portal Script allow remote attackers to execute arbitrary SQL commands via the hotel_id parameter to (1) hotel.php, (2) details.php, (3) roomtypes.php, (4) photos.php, (5) map.php, (6) weather.php, (7) reviews.php, and (8) book.php.
by Mr.SQL
EIP-2026-102828 EXPLOITDB text VERIFIED
Enlightenment - Linux Null PTR Dereference Framework
by spender
EIP-2026-115960 EXPLOITDB text VERIFIED
Novell eDirectory 8.8 SP5 - Remote Denial of Service
by karak0rsan
CVE-2009-3103 EXPLOITDB text VERIFIED
Windows Vista and Server 2008 - Remote Code Execution via SMBv2 Negotiate Protocol Request
Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
by laurent gaffie
CVE-2009-2958 EXPLOITDB text VERIFIED
dnsmasq < 2.50 - Denial of Service via Malformed TFTP Blksize Option
The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option.
by Core Security
By Source
All 31,357 Writeup 60,521 Exploitdb 50,033 Nomisec 21,980 Metasploit 3,232 Github 2,994 Vulncheck_xdb 909 Inthewild 514 Gitlab 451 Gitee 415 Patchapalooza 312
By Language
text 31,357 python 6,238 ruby 5,922 c 3,593 perl 2,850 html 2,059 php 1,327 bash 460 java 364 c++ 253 javascript 220 shell 101 go 65 postscript 25 xml 24