Exploitdb Exploits

31,357 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-3425 EXPLOITDB text VERIFIED
MaxCMS 3.11.20b - Path Traversal via thCMS_root Parameter
Directory traversal vulnerability in includes/inc.thcms_admin_dirtree.php in MaxCMS 3.11.20b allows remote attackers to read arbitrary files via directory traversal sequences in the thCMS_root parameter.
by GoLd_M
CVE-2009-3419 EXPLOITDB text VERIFIED
Miniweb Publisher Module 2.0 - SQL Injection via Historymonth Parameter
SQL injection vulnerability in index.php in the Publisher module 2.0 for Miniweb allows remote attackers to execute arbitrary SQL commands via the historymonth parameter.
by Moudi
CVE-2009-2123 EXPLOITDB text VERIFIED
elvinbts 1.2.0 - SQL Injection via Username or Password Parameter
Multiple SQL injection vulnerabilities in Elvin 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) inUser (aka Username) and (2) inPass (aka Password) parameters to (a) inc/login.ei, reachable through login.php; and the (3) id parameter to (b) show_bug.php and (c) show_activity.php. NOTE: it was later reported that vector 3c also affects 1.2.2.
by 599eme Man
CVE-2009-4729 EXPLOITDB text VERIFIED
x10media adult_script 1.7 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in x10 Adult Media Script 1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, (3) id parameter to templates/header1.php, and (4) key parameter to video_listing.php.
by Moudi
CVE-2009-4730 EXPLOITDB text VERIFIED
x10 Adult Media Script 1.7 - SQL Injection
SQL injection vulnerability in report.php in x10 Adult Media Script 1.7 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Moudi
CVE-2009-4732 EXPLOITDB text VERIFIED
TT Web Site Manager 0.5 - SQL Injection
SQL injection vulnerability in tt/index.php in TT Web Site Manager 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the tt_name parameter. NOTE: some of these details are obtained from third party information.
by SirGod
CVE-2009-3158 EXPLOITDB text VERIFIED
simplePHPWeb 0.2 - Unauthenticated Administrative Access via admin/files.php
admin/files.php in simplePHPWeb 0.2 does not require authentication, which allows remote attackers to perform unspecified administrative actions via unknown vectors. NOTE: some of these details are obtained from third party information.
by SirGod
CVE-2009-4733 EXPLOITDB text VERIFIED
SimpleLoginSys 0.5 - SQL Injection via Username Parameter
SQL injection vulnerability in checkuser.php in SimpleLoginSys 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
by SirGod
CVE-2009-4726 EXPLOITDB text VERIFIED
Quickdev 4 PHP - Path Traversal via Download File Parameter
Directory traversal vulnerability in download.php in Quickdev 4 PHP allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
by SirGod
CVE-2009-4728 EXPLOITDB text VERIFIED
Questions Answered <1.3 - SQL Injection
SQL injection vulnerability in the administrative interface in Questions Answered 1.3 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
by snakespc
CVE-2009-2791 EXPLOITDB text VERIFIED
WebDynamite ProjectButler 1.5.0 - Code Injection
PHP remote file inclusion vulnerability in pda_projects.php in WebDynamite ProjectButler 1.5.0 allows remote attackers to execute arbitrary PHP code via a URL in the offset parameter.
by cr4wl3r
CVE-2009-4724 EXPLOITDB text VERIFIED
PaymentProcessorScript.net - SQL Injection
SQL injection vulnerability in shop.htm in PaymentProcessorScript.net PPScript allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by MizoZ
CVE-2009-4724 EXPLOITDB text VERIFIED
PaymentProcessorScript.net - SQL Injection
SQL injection vulnerability in shop.htm in PaymentProcessorScript.net PPScript allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by ZoRLu
CVE-2009-4723 EXPLOITDB text VERIFIED
Netpet CMS 1.9 - Path Traversal via Language Parameter
Directory traversal vulnerability in confirm.php in Netpet CMS 1.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
by SirGod
CVE-2009-3150 EXPLOITDB text VERIFIED
Multi Website 1.5 - SQL Injection via Browse Parameter
SQL injection vulnerability in index.php in Multi Website 1.5 allows remote attackers to execute arbitrary SQL commands via the Browse parameter in a vote action.
by SarBoT511
CVE-2009-4552 EXPLOITDB text VERIFIED
Miniweb 2.0 - Cross-Site Scripting via PATH_INFO to index.php
Cross-site scripting (XSS) vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
by Moudi
CVE-2009-3420 EXPLOITDB text VERIFIED
Miniweb Publisher 2.0 - Cross-Site Scripting via Begin Parameter or PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in index.php in the Publisher module 2.0 for Miniweb allow remote attackers to inject arbitrary web script or HTML via the (1) begin parameter and the (2) PATH_INFO.
by Moudi
CVE-2009-3426 EXPLOITDB text VERIFIED
MaxCMS 3.11.20b - Remote Code Execution via File Manager Special Parameter
PHP remote file inclusion vulnerability in includes/file_manager/special.php in MaxCMS 3.11.20b allows remote attackers to execute arbitrary PHP code via a URL in the fm_includes_special parameter.
by GoLd_M
CVE-2009-2920 EXPLOITDB text VERIFIED
elvinbts 1.2.2 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Elvin 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) component and (2) priority parameters to buglist.php; and the (3) Username (4) E-mail, (5) Pass, and (6) Confirm pass fields to createaccount.php.
by 599eme Man
CVE-2009-4719 EXPLOITDB text VERIFIED
Discloser 0.0.4 rc2 - SQL Injection
SQL injection vulnerability in index.php in Discloser 0.0.4 rc2 allows remote attackers to execute arbitrary SQL commands via the more parameter.
by Salvatore Fresta
EIP-2026-105516 EXPLOITDB text VERIFIED
Blog Ink (Blink) - Multiple SQL Injections
by Drosophila
EIP-2026-105515 EXPLOITDB text VERIFIED
Blink Blog System - Authentication Bypass
by Salvatore Fresta
CVE-2009-4725 EXPLOITDB text VERIFIED
Arab Portal < 2.2 - Remote File Inclusion via Module Parameter Path Traversal
Directory traversal vulnerability in modules/aljazeera/admin/setup.php in Arab Portal 2.2 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter.
by Qabandi
CVE-2009-4727 EXPLOITDB text VERIFIED
JungleScripts Ajax Short Url Script - SQL Injection
SQL injection vulnerability in x/login in JungleScripts Ajax Short Url Script allows remote attackers to execute arbitrary SQL commands via the username parameter.
by Cicklow
CVE-2009-4721 EXPLOITDB text VERIFIED
Andrews-Web BannerAd 1.0 - SQL Injection
Multiple SQL injection vulnerabilities in Admin/index.asp in Andrews-Web (A-W) BannerAd 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) User and (2) Password parameters. NOTE: some of these details are obtained from third party information.
by Ro0T-MaFia
By Source
All 31,357 Writeup 60,534 Exploitdb 50,033 Nomisec 21,981 Metasploit 3,232 Github 2,997 Vulncheck_xdb 909 Inthewild 514 Gitlab 451 Gitee 415 Patchapalooza 312
By Language
text 31,357 python 6,238 ruby 5,922 c 3,594 perl 2,850 html 2,059 php 1,327 bash 460 java 364 c++ 253 javascript 220 shell 101 go 65 postscript 25 xml 24