Exploitdb Exploits

31,369 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-109845 EXPLOITDB text VERIFIED
NC GBook 1.0 - Remote Command Injection
by ThE g0bL!N
CVE-2009-1786 EXPLOITDB text VERIFIED
IBM AIX 5.3 and 6.1 - Arbitrary File Creation or Overwrite via MALLOCDEBUG Log File Symlink
The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users to create or overwrite arbitrary files via a symlink attack on the log file associated with the MALLOCDEBUG environment variable.
by inking
EIP-2026-108924 EXPLOITDB text VERIFIED
Jorp 1.3.05.09 - Arbitrary Remove Projects/Tasks
by YEnH4ckEr
CVE-2009-1752 EXPLOITDB text VERIFIED
exJune Office Message System 1 - Unauthenticated Privilege Escalation via Direct Request
exJune Office Message System 1 does not properly restrict access to (1) configure.asp and (2) addmessage2.asp, which allows remote attackers to gain privileges a direct request. NOTE: some of these details are obtained from third party information.
by ByALBAYX
CVE-2009-1749 EXPLOITDB text VERIFIED
Catviz 0.4.0 beta 1 - Cross-Site Scripting via userman_form and webpages_form Parameters
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Catviz 0.4.0 beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) userman_form and (2) webpages_form parameters.
by ByALBAYX
CVE-2009-1747 EXPLOITDB text VERIFIED
26thavenue bSpeak 1.10 - SQL Injection via ForumID Parameter
SQL injection vulnerability in index.php in 26th Avenue bSpeak 1.10 allows remote attackers to execute arbitrary SQL commands via the forumid parameter in a post action.
by snakespc
CVE-2008-5353 EXPLOITDB text VERIFIED
Sun Java Calendar Deserialization Privilege Escalation
The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by "deserializing Calendar objects".
by Landon Fuller
CVE-2009-1729 EXPLOITDB text VERIFIED
Sun Java System Communications Express 6.2-6.3 XSS via abperson_displayName or temporaryCalendars
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the abperson_displayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Address Book component or (2) the temporaryCalendars parameter to uwc/base/UWCMain.
by SCS team
CVE-2009-1729 EXPLOITDB text VERIFIED
Sun Java System Communications Express 6.2-6.3 XSS via abperson_displayName or temporaryCalendars
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the abperson_displayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Address Book component or (2) the temporaryCalendars parameter to uwc/base/UWCMain.
by SCS team
CVE-2009-2238 EXPLOITDB text VERIFIED
DMXReady Registration Manager 1.1 - RCE
Unrestricted file upload vulnerability in includes/shared_scripts/wysiwyg_editor/assetmanager/assetmanager.asp in DMXReady Registration Manager 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in assets/webblogmanager.
by Securitylab.ir
CVE-2009-1734 EXPLOITDB text VERIFIED
VidSharePro - SQL Injection via catid Parameter
SQL injection vulnerability in listing_video.php in VidSharePro allows remote attackers to execute arbitrary SQL commands via the catid parameter.
by snakespc
EIP-2026-118712 EXPLOITDB text VERIFIED
KingSoft Web Shield 1.1.0.62 - Cross-Site Scripting / Code Execution
by inking
CVE-2009-1735 EXPLOITDB text VERIFIED
VidSharePro - Cross-Site Scripting via searchtxt Parameter
Cross-site scripting (XSS) vulnerability in search.php in VidSharePro allows remote attackers to inject arbitrary web script or HTML via the searchtxt parameter. NOTE: some of these details are obtained from third party information.
by snakespc
CVE-2009-1750 EXPLOITDB text VERIFIED
VidSharePro - Authenticated Arbitrary File Upload and Remote Code Execution
Unrestricted file upload vulnerability in VidSharePro allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.
by InjEctOr5
CVE-2009-1739 EXPLOITDB text VERIFIED
PAD Site Scripts 3.6 - Unauthenticated Privilege Escalation via Authuser Cookie
PAD Site Scripts 3.6 allows remote attackers to bypass authentication and gain privileges as other users, including administrative privileges, by setting the authuser cookie parameter to a valid username.
by Mr.tro0oqy
EIP-2026-106501 EXPLOITDB text VERIFIED
Dog Pedigree Online Database 1.0.1b - Multiple SQL Injections
by YEnH4ckEr
EIP-2026-106500 EXPLOITDB text VERIFIED
Dog Pedigree Online Database 1.0.1b - Insecure Cookie Handling
by YEnH4ckEr
CVE-2009-1741 EXPLOITDB text VERIFIED
DM FileManager 3.9.2 - SQL Injection via Username or Password Field
Multiple SQL injection vulnerabilities in login.php in DM FileManager 3.9.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields.
by snakespc
CVE-2009-1886 EXPLOITDB text VERIFIED
Samba 3.2.0-3.2.12 - Remote Code Execution via Format String in Filename
Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename.
by Jeremy Allison
CVE-2009-2216 EXPLOITDB MEDIUM text VERIFIED
DirectAdmin < 1.33.6 - Cross-Site Scripting via CMD_REDIRECT URI Parameter
Cross-site scripting (XSS) vulnerability in CMD_REDIRECT in DirectAdmin 1.33.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the URI in a view=advanced request.
by r0t
CVSS 6.1
EIP-2026-100450 EXPLOITDB text VERIFIED
Namad (IMenAfzar) 2.0.0.0 - Remote File Disclosure
by Securitylab.ir
CVE-2009-1770 EXPLOITDB text VERIFIED
Flyspeck CMS 6.8 - Path Traversal via Lang Parameter
Directory traversal vulnerability in includes/database/examples/addressbook.php in Flyspeck CMS 6.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
by ahmadbady
CVE-2008-2190 EXPLOITDB text VERIFIED
Online Rent Property Script <= 5.0 - SQL Injection via pid Parameter
SQL injection vulnerability in index.php in Online Rent (aka Online Rental Property Script) 4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter. NOTE: it was later reported that 5.0 and earlier are also affected.
by UnderTaker HaCkEr
EIP-2026-115401 EXPLOITDB text VERIFIED
httpdx 0.5b - Multiple Remote Denial of Service Vulnerabilities
by sico2819
CVE-2009-1765 EXPLOITDB text VERIFIED
pluck 4.6.2 - Path Traversal via langpref Parameter
Multiple directory traversal vulnerabilities in pluck 4.6.2, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langpref parameter to (1) data/modules/contactform/module_info.php, (2) data/modules/blog/module_info.php, and (3) data/modules/albums/module_info.php, different vectors than CVE-2008-3194.
by ahmadbady
By Source
All 31,369 Writeup 60,604 Exploitdb 50,056 Nomisec 21,994 Metasploit 3,232 Github 3,016 Vulncheck_xdb 909 Inthewild 514 Gitlab 461 Gitee 415 Patchapalooza 312
By Language
text 31,369 python 6,253 ruby 5,922 c 3,599 perl 2,850 html 2,059 php 1,327 bash 460 java 364 c++ 253 javascript 221 shell 105 go 65 postscript 25 xml 24