Exploitdb Exploits

31,357 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-2601 EXPLOITDB text VERIFIED
Joomlaequipment <2.0.4 - SQL Injection
SQL injection vulnerability in the Joomlaequipment (aka JUser or com_juser) component 2.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_profile action to index.php.
by Chip d3 bi0s
CVE-2009-2603 EXPLOITDB text VERIFIED
Escon SupportPortal Pro 3.0 - SQL Injection
Multiple SQL injection vulnerabilities in index.php in Escon SupportPortal Pro 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat and (2) tid parameters.
by OzX
EIP-2026-106837 EXPLOITDB text VERIFIED
elitecms 1.01 - SQL Injection / Cross-Site Scripting
by xeno_hive
EIP-2026-106767 EXPLOITDB text VERIFIED
ecsportal rel 6.5 - 'article_view_photo.php?id' SQL Injection
by taRentReXx
CVE-2009-1946 EXPLOITDB text VERIFIED
AdaptBB 1.0 - Remote Code Execution
PHP remote file inclusion vulnerability in latestposts.php in AdaptBB 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the forumspath parameter.
by Mehmet Ince
EIP-2026-101160 EXPLOITDB text VERIFIED
ASMAX AR 804 gu Web Management Console - Arbitrary Command Execution
by Securitum
EIP-2026-101125 EXPLOITDB text VERIFIED
Linksys WAG54G2 - Web Management Console Arbitrary Command Execution
by Securitum
CVE-2009-2602 EXPLOITDB text VERIFIED
R2 Newsletter Lite/Pro/Stats - Info Disclosure
R2 Newsletter Lite, Pro, and Stats stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for admin.mdb.
by TiGeR-Dz
EIP-2026-111139 EXPLOITDB text VERIFIED
phpMyAdmin 3.3.0 - 'db' Cross-Site Scripting
by r0t
CVE-2009-4938 EXPLOITDB text VERIFIED
com_jvideo 0.3.11c Beta and 0.3.x - SQL Injection via user_id Parameter
SQL injection vulnerability in the JVideo! (com_jvideo) component 0.3.11c Beta and 0.3.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a user action to index.php.
by Chip d3 bi0s
CVE-2009-4937 EXPLOITDB text VERIFIED
Small Pirate 2.1 - Stored Cross-Site Scripting via img BBCode Tag onmouseover Action
Cross-site scripting (XSS) vulnerability in Small Pirate (SPirate) 2.1 allows remote attackers to inject arbitrary web script or HTML via an onmouseover action in an img BBCode tag within a url BBCode tag.
by YEnH4ckEr
CVE-2009-2604 EXPLOITDB text VERIFIED
Zen Help Desk 2.1 - SQL Injection via Userid or Password Parameter
Multiple SQL injection vulnerabilities in adminlogin.asp in Zen Help Desk 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) userid (aka username) and (2) PassWord parameters to admin.asp.
by TiGeR-Dz
CVE-2009-2605 EXPLOITDB text VERIFIED
Traidnt Up 2.0 - SQL Injection via trupuser and truppassword Cookies
Multiple SQL injection vulnerabilities in adminquery.php in Traidnt Up 2.0 allow remote attackers to execute arbitrary SQL commands via (1) trupuser and (2) truppassword cookies to uploadcp/index.php.
by Qabandi
CVE-2009-4936 EXPLOITDB text VERIFIED
Small Pirate 2.1 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in Small Pirate (SPirate) 2.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to the default URI in an rss .xml action, or the id parameter to (2) pag1.php, (3) pag1-guest.php, (4) rss-comment_post.php (aka rss-coment_post.php), or (5) rss-pic-comment.php.
by YEnH4ckEr
CVE-2009-4206 EXPLOITDB text VERIFIED
Million Dollar Text Links <1.0 - SQL Injection
SQL injection vulnerability in admin.link.modify.php in Million Dollar Text Links 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Qabandi
EIP-2026-106763 EXPLOITDB text VERIFIED
ecshop 2.6.2 - Multiple Remote Command Execution Vulnerabilities
by Securitylab.ir
CVE-2009-4203 EXPLOITDB text VERIFIED
Arab Portal 2.2 - SQL Injection via X-Forwarded-For or Client-IP Header
Multiple SQL injection vulnerabilities in admin/aclass/admin_func.php in Arab Portal 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client-IP HTTP header in a request to the default URI under admin/.
by sniper code
EIP-2026-105159 EXPLOITDB text VERIFIED
amember 3.1.7 - Cross-Site Scripting / SQL Injection / HTML Injection
by intern0t
CVE-2009-2600 EXPLOITDB text VERIFIED
Webboard 2.90 beta - Path Traversal
Multiple directory traversal vulnerabilities in view.php in Webboard 2.90 beta and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the topic parameter.
by MrDoug
CVE-2009-2600 EXPLOITDB text VERIFIED
Webboard 2.90 beta - Path Traversal
Multiple directory traversal vulnerabilities in view.php in Webboard 2.90 beta and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the topic parameter.
by MrDoug
CVE-2009-1828 EXPLOITDB text VERIFIED
Firefox - Denial of Service via KEYGEN Element with Automatic Refresh
Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of service (infinite loop, application hang, and memory consumption) via a KEYGEN element in conjunction with (1) a META element specifying automatic page refresh or (2) a JavaScript onLoad event handler for a BODY element. NOTE: it was later reported that earlier versions are also affected.
by Thierry Zoller
EIP-2026-103387 EXPLOITDB text VERIFIED
Adobe Acrobat 9.1.1 (OSX/Windows) - Stack Overflow Crash (PoC)
by Saint Patrick
CVE-2009-3431 EXPLOITDB text VERIFIED
Adobe Acrobat 9.x < 9.1.3, 8.x < 8.1.6, 7.x < 7.1.4 - Denial of Service via PDF Alert Method
Stack consumption vulnerability in Adobe Reader and Acrobat 9.1.3, 9.1.2, 9.1.1, and earlier 9.x versions; 8.1.6 and earlier 8.x versions; and possibly 7.1.4 and earlier 7.x versions allows remote attackers to cause a denial of service (application crash) via a PDF file with a large number of [ (open square bracket) characters in the argument to the alert method. NOTE: some of these details are obtained from third party information.
by Saint Patrick
EIP-2026-101458 EXPLOITDB text VERIFIED
SonicWALL SSL-VPN - 'cgi-bin/welcome/VirtualOffice' Remote Format String
by Patrick Webster
EIP-2026-104908 EXPLOITDB text VERIFIED
Achievo 1.3.4 - Multiple Cross-Site Scripting Vulnerabilities
by MaXe
By Source
All 31,357 Writeup 60,578 Exploitdb 50,033 Nomisec 21,989 Metasploit 3,232 Github 3,009 Vulncheck_xdb 909 Inthewild 514 Gitlab 461 Gitee 415 Patchapalooza 312
By Language
text 31,357 python 6,241 ruby 5,922 c 3,596 perl 2,850 html 2,059 php 1,327 bash 460 java 364 c++ 253 javascript 220 shell 104 go 65 postscript 25 xml 24