Exploitdb Exploits

31,369 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-1638 EXPLOITDB text VERIFIED
Techno Dreams Job Career Package 3.0 - Unauthenticated Authentication Bypass via JobCareerAdmin Cookie
Techno Dreams Job Career Package 3.0 allows remote attackers to bypass authentication and obtain administrative access by setting the JobCareerAdmin cookie to Login.
by TiGeR-Dz
CVE-2009-2569 EXPLOITDB text VERIFIED
Verlihub Control Panel VHCP 1.7e - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Verlihub Control Panel (VHCP) 1.7e allow remote attackers to inject arbitrary web script or HTML via (1) the nick parameter in a login action to index.php or (2) the URI in a news request to index.html.
by TEAMELITE
CVE-2009-1584 EXPLOITDB text VERIFIED
TemaTres 1.0.3 and 1.031 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in TemaTres 1.0.3 and 1.031, when magic_quotes_gpc is disabled, allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) mail, (2) password, and (3) letra parameters to index.php; (4) y and (5) m parameters to sobre.php; and the (6) dcTema, (7) madsTema, (8) zthesTema, (9) skosTema, and (10) xtmTema parameters to xml.php.
by YEnH4ckEr
CVE-2009-1583 EXPLOITDB text VERIFIED
TemaTres 1.0.3 and 1.031 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in TemaTres 1.0.3 and 1.031 allow remote attackers to inject arbitrary web script or HTML via the (1) search form; (2) _expresion_de_busqueda, (3) letra, (4) estado_id, and (5) tema parameters to index.php; the (6) PATH_INFO to index.php; (7) unspecified parameters when editing a term as specified by the edit_id and tema parameters to index.php; and the (7) y, (8) ord, and (9) m parameters to sobre.php.
by YEnH4ckEr
CVE-2009-2571 EXPLOITDB text VERIFIED
VerliAdmin 0.3.7-0.3.8 - Cross-Site Scripting via URI or Query Parameters
Multiple cross-site scripting (XSS) vulnerabilities in index.php in VerliAdmin 0.3.7 and 0.3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the URI, (2) the q parameter, (3) the nick parameter, or (4) the nick parameter in a bantest action.
by TEAMELITE
CVE-2009-1585 EXPLOITDB text VERIFIED
TemaTres 1.031 - SQL Injection via id_correo_electronico or id_password Parameter
Multiple SQL injection vulnerabilities in TemaTres 1.031, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id_correo_electronico and (2) id_password parameters to login.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by YEnH4ckEr
CVE-2009-1607 EXPLOITDB text VERIFIED
LinkBase 2.0 - Stored Cross-Site Scripting via Username Registration
Cross-site scripting (XSS) vulnerability in the administrator panel in phpForm.net LinkBase 2.0 allows remote attackers to inject arbitrary web script or HTML via the username in a registration, which is not properly handled when the administrator accesses the Users menu.
by SirGod
CVE-2009-2567 EXPLOITDB text VERIFIED
Joomla! com_aclassf <5.6.2 - SQL Injection
SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 5.6.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by InjEctOr5
CVE-2009-1467 EXPLOITDB text VERIFIED
IceWarp eMail Server < 9.3.0 - Cross-Site Scripting via Email Body or RSS Feed Elements
Multiple cross-site scripting (XSS) vulnerabilities in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the body of a message, related to the email view and incorrect HTML filtering in the cleanHTML function in server/inc/tools.php; or the (2) title, (3) link, or (4) description element in an RSS feed, related to the getHTML function in server/inc/rss/item.php.
by RedTeam Pentesting GmbH
CVE-2009-1554 EXPLOITDB text VERIFIED
Sun Woodstock 4.2 - Cross-Site Scripting via UTF-7 PATH_INFO
Cross-site scripting (XSS) vulnerability in ThemeServlet.java in Sun Woodstock 4.2, as used in Sun GlassFish Enterprise Server and other products, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 string in the PATH_INFO, which is displayed on the 404 error page, as demonstrated by the PATH_INFO to theme/META-INF.
by DSecRG
CVE-2009-1553 EXPLOITDB text VERIFIED
GlassFish Enterprise Server 2.1 - Stored Cross-Site Scripting via Admin Console Query Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) customMBeans/customMBeans.jsf, (4) resourceNode/resources.jsf, (5) sysnet/registration.jsf, or (6) webService/webServicesGeneral.jsf; or the name parameter to (7) configuration/auditModuleEdit.jsf, (8) configuration/httpListenerEdit.jsf, or (9) resourceNode/jdbcResourceEdit.jsf.
by DSecRG
CVE-2009-1553 EXPLOITDB text VERIFIED
GlassFish Enterprise Server 2.1 - Stored Cross-Site Scripting via Admin Console Query Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) customMBeans/customMBeans.jsf, (4) resourceNode/resources.jsf, (5) sysnet/registration.jsf, or (6) webService/webServicesGeneral.jsf; or the name parameter to (7) configuration/auditModuleEdit.jsf, (8) configuration/httpListenerEdit.jsf, or (9) resourceNode/jdbcResourceEdit.jsf.
by DSecRG
CVE-2009-1553 EXPLOITDB text VERIFIED
GlassFish Enterprise Server 2.1 - Stored Cross-Site Scripting via Admin Console Query Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) customMBeans/customMBeans.jsf, (4) resourceNode/resources.jsf, (5) sysnet/registration.jsf, or (6) webService/webServicesGeneral.jsf; or the name parameter to (7) configuration/auditModuleEdit.jsf, (8) configuration/httpListenerEdit.jsf, or (9) resourceNode/jdbcResourceEdit.jsf.
by DSecRG
CVE-2009-1553 EXPLOITDB text VERIFIED
GlassFish Enterprise Server 2.1 - Stored Cross-Site Scripting via Admin Console Query Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) customMBeans/customMBeans.jsf, (4) resourceNode/resources.jsf, (5) sysnet/registration.jsf, or (6) webService/webServicesGeneral.jsf; or the name parameter to (7) configuration/auditModuleEdit.jsf, (8) configuration/httpListenerEdit.jsf, or (9) resourceNode/jdbcResourceEdit.jsf.
by DSecRG
CVE-2009-1553 EXPLOITDB text VERIFIED
GlassFish Enterprise Server 2.1 - Stored Cross-Site Scripting via Admin Console Query Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) customMBeans/customMBeans.jsf, (4) resourceNode/resources.jsf, (5) sysnet/registration.jsf, or (6) webService/webServicesGeneral.jsf; or the name parameter to (7) configuration/auditModuleEdit.jsf, (8) configuration/httpListenerEdit.jsf, or (9) resourceNode/jdbcResourceEdit.jsf.
by DSecRG
CVE-2009-1553 EXPLOITDB text VERIFIED
GlassFish Enterprise Server 2.1 - Stored Cross-Site Scripting via Admin Console Query Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) customMBeans/customMBeans.jsf, (4) resourceNode/resources.jsf, (5) sysnet/registration.jsf, or (6) webService/webServicesGeneral.jsf; or the name parameter to (7) configuration/auditModuleEdit.jsf, (8) configuration/httpListenerEdit.jsf, or (9) resourceNode/jdbcResourceEdit.jsf.
by DSecRG
CVE-2009-1553 EXPLOITDB text VERIFIED
GlassFish Enterprise Server 2.1 - Stored Cross-Site Scripting via Admin Console Query Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) customMBeans/customMBeans.jsf, (4) resourceNode/resources.jsf, (5) sysnet/registration.jsf, or (6) webService/webServicesGeneral.jsf; or the name parameter to (7) configuration/auditModuleEdit.jsf, (8) configuration/httpListenerEdit.jsf, or (9) resourceNode/jdbcResourceEdit.jsf.
by DSecRG
CVE-2009-1553 EXPLOITDB text VERIFIED
GlassFish Enterprise Server 2.1 - Stored Cross-Site Scripting via Admin Console Query Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) customMBeans/customMBeans.jsf, (4) resourceNode/resources.jsf, (5) sysnet/registration.jsf, or (6) webService/webServicesGeneral.jsf; or the name parameter to (7) configuration/auditModuleEdit.jsf, (8) configuration/httpListenerEdit.jsf, or (9) resourceNode/jdbcResourceEdit.jsf.
by DSecRG
CVE-2009-2108 EXPLOITDB text VERIFIED
git 1.4.4.5-1.6.3 - Denial of Service via Unrecognized Arguments
git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request containing extra unrecognized arguments.
by Shawn O. Pearce
CVE-2009-0927 EXPLOITDB HIGH text VERIFIED
Adobe Acrobat Reader 7.0-7.1.1 - Remote Code Execution via Collab.getIcon Method
Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.
by Abysssec
CVSS 8.8
CVE-2009-4757 EXPLOITDB text VERIFIED
BrotherSoft EW-MusicPlayer 0.8 - Buffer Overflow
Stack-based buffer overflow in BrotherSoft EW-MusicPlayer 0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a malformed playlist (.m3u) file. NOTE: some of these details are obtained from third party information.
by SirGod
CVE-2009-1551 EXPLOITDB text VERIFIED
Qt quickteam 2 - Remote File Inclusion via qte_web_path or qte_root Parameter
Multiple PHP remote file inclusion vulnerabilities in Qt quickteam 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) qte_web_path parameter to qte_web.php and the (2) qte_root parameter to bin/qte_init.php.
by ahmadbady
EIP-2026-111533 EXPLOITDB text VERIFIED
projectCMS 1.1b - Multiple Vulnerabilities
by YEnH4ckEr
CVE-2009-1587 EXPLOITDB text VERIFIED
PHP Site Lock 2.0 - Unauthenticated Authentication Bypass via Cookie Manipulation
index.php in PHP Site Lock 2.0 allows remote attackers to bypass authentication and obtain administrative access by setting the login_id, group_id, login_name, user_id, and user_type cookies to certain values.
by ThE g0bL!N
CVE-2009-1582 EXPLOITDB text VERIFIED
Million Dollar Text Links 1.0 - Unauthenticated Privilege Escalation via Direct Admin Access
Million Dollar Text Links 1.0 does not properly restrict administrator access to admin.home.php, which allows remote attackers to bypass intended restrictions and gain privileges via a direct request to admin.home.php after visiting admin.php.
by ThE g0bL!N
By Source
All 31,369 Writeup 60,635 Exploitdb 50,056 Nomisec 21,997 Metasploit 3,232 Github 3,019 Vulncheck_xdb 909 Inthewild 514 Gitlab 461 Gitee 415 Patchapalooza 312
By Language
text 31,369 python 6,255 ruby 5,922 c 3,600 perl 2,850 html 2,059 php 1,327 bash 460 java 364 c++ 253 javascript 221 shell 105 go 65 postscript 25 xml 24