Exploitdb Exploits

31,369 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-1548 EXPLOITDB text VERIFIED
Blusky CMS - SQL Injection via News ID Parameter
SQL injection vulnerability in index.php in BluSky CMS allows remote attackers to execute arbitrary SQL commands via the news_id parameter in a read action.
by snakespc
CVE-2009-1549 EXPLOITDB text VERIFIED
AGTC MyShop 3.2b - Unauthenticated Authentication Bypass via log_accept Cookie
AGTC MyShop 3.2b allows remote attackers to bypass authentication and obtain administrative access setting the log_accept cookie to "correcto."
by Mr.tro0oqy
CVE-2009-1595 EXPLOITDB text VERIFIED
Openfire < 3.6.4 - Authenticated Password Change via Modified Username Element
The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwd_change action.
by Daryl Herzmann
EIP-2026-109689 EXPLOITDB text VERIFIED
MyBB 1.4.5 - Multiple Vulnerabilities
by Jacques Copeau
CVE-2009-1914 EXPLOITDB text VERIFIED
Linux Kernel < 2.6.29 - Denial of Service via Uninitialized Pointer in pci_register_iommu_region
The pci_register_iommu_region function in arch/sparc/kernel/pci_common.c in the Linux kernel before 2.6.29 on the sparc64 platform allows local users to cause a denial of service (system crash) by reading the /proc/iomem file, related to uninitialized pointers and the request_resource function.
by Mikulas Patocka
CVE-2009-2174 EXPLOITDB text VERIFIED
GUPnP 0.12.7 - Denial of Service via Empty Subscription or Control Message
GUPnP 0.12.7 allows remote attackers to cause a denial of service (crash) via an empty (1) subscription or (2) control message.
by Zeeshan Ali
CVE-2009-1519 EXPLOITDB text VERIFIED
Pecio CMS 1.1.5 - Path Traversal via Language Parameter
Directory traversal vulnerability in index.php in Pecio CMS 1.1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the language parameter.
by SirGod
CVE-2009-2573 EXPLOITDB text VERIFIED
MiniTwitter 0.2 beta - Authenticated SQL Injection via User Parameter
Multiple SQL injection vulnerabilities in MiniTwitter 0.2 beta, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via the (1) user parameter to (a) index.php and (b) rss.php.
by YEnH4ckEr
EIP-2026-107454 EXPLOITDB text VERIFIED
Golabi CMS 1.0.1 - Session Poisoning
by CrazyAngel
CVE-2009-1614 EXPLOITDB text VERIFIED
Leap CMS 0.1.4 - Cross-Site Scripting via Message or Search Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Leap CMS 0.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the msg parameter (aka the message in an article comment) or (2) the searchterm parameter (aka the search post form). NOTE: some of these details are obtained from third party information.
by YEnH4ckEr
CVE-2009-1613 EXPLOITDB text VERIFIED
Leap CMS 0.1.4 - SQL Injection via Searchterm or Email Parameter
Multiple SQL injection vulnerabilities in leap.php in Leap CMS 0.1.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchterm or (2) email parameter.
by YEnH4ckEr
CVE-2009-1615 EXPLOITDB text VERIFIED
Leap CMS 0.1.4 - Unauthenticated Arbitrary File Upload and Remote Code Execution via Manage Files
Unrestricted file upload vulnerability in Leap CMS 0.1.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via an admin.system.files (aka Manage Files) request to the default URI, then accessing the file via a direct request.
by YEnH4ckEr
CVE-2009-0687 EXPLOITDB text VERIFIED
MidnightBSD - Denial of Service via Crafted IP Packets in PF Packet Filter
The pf_test_rule function in OpenBSD Packet Filter (PF), as used in OpenBSD 4.2 through 4.5, NetBSD 5.0 before RC3, MirOS 10 and earlier, and MidnightBSD 0.3-current allows remote attackers to cause a denial of service (panic) via crafted IP packets that trigger a NULL pointer dereference during translation, related to an IPv4 packet with an ICMPv6 payload.
by Rembrandt
EIP-2026-114651 EXPLOITDB text VERIFIED
Zubrag Smart File Download 1.3 - Arbitrary File Download
by Aodrulez
CVE-2009-1503 EXPLOITDB text VERIFIED
TigerDMS - SQL Injection via Login Username and Password Parameters
Multiple SQL injection vulnerabilities in login.php in Tiger Document Management System (DMS) allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
by ThE g0bL!N
CVE-2009-1502 EXPLOITDB text VERIFIED
S-Cms 1.1 Stable and 1.5.2 - Path Traversal via Page Parameter
Directory traversal vulnerability in plugin.php in S-Cms 1.1 Stable and 1.5.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter.
by ZoRLu
CVE-2009-1500 EXPLOITDB text VERIFIED
ProjectCMS 1.0 Beta - SQL Injection via sn Parameter
SQL injection vulnerability in index.php in ProjectCMS 1.0 Beta allows remote attackers to execute arbitrary SQL commands via the sn parameter.
by YEnH4ckEr
CVE-2009-1506 EXPLOITDB text VERIFIED
eLitius 1.0 - SQL Injection via id Parameter
SQL injection vulnerability in classes/Xp.php in eLitius 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to banner-details.php.
by snakespc
CVE-2009-1616 EXPLOITDB text VERIFIED
Coppermine Photo Gallery < 1.4.22 - Cross-Site Scripting via CSS Parameter
Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505.
by Gerendi Sandor Attila
CVE-2009-1492 EXPLOITDB text VERIFIED
Adobe Acrobat and Reader 7.0-7.1.1 - Remote Code Execution via getAnnots Doc Method
The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code that calls this method with crafted integer arguments.
by Arr1val
CVE-2009-1493 EXPLOITDB text VERIFIED
Adobe Reader 9.1, 8.1.4, 7.1.1 and earlier - Remote Code Execution via customDictionaryOpen JavaScript Method
The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with a long string in the second argument.
by Arr1val
EIP-2026-100721 EXPLOITDB text VERIFIED
LevelOne AMG-2000 2.00.00 - Security Bypass
by J.Greil
CVE-2009-2451 EXPLOITDB text VERIFIED
MIM:InfiniX <1.2.003 - SQL Injection
Multiple SQL injection vulnerabilities in index.php in MIM:InfiniX 1.2.003 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters in a calendar action, or (3) a search term in the search form.
by YEnH4ckEr
CVE-2009-1623 EXPLOITDB text VERIFIED
Dew-NewPHPLinks 2.0 - Cross-Site Scripting via PID Parameter
Cross-site scripting (XSS) vulnerability in index.php in Dew-NewPHPLinks 2.0 allows remote attackers to inject arbitrary web script or HTML via the PID parameter.
by d3v1l
EIP-2026-118448 EXPLOITDB text VERIFIED
dwebpro 6.8.26 - Directory Traversal / File Disclosure
by Alfons Luja
By Source
All 31,369 Writeup 60,635 Exploitdb 50,056 Nomisec 21,997 Metasploit 3,232 Github 3,019 Vulncheck_xdb 909 Inthewild 514 Gitlab 461 Gitee 415 Patchapalooza 312
By Language
text 31,369 python 6,255 ruby 5,922 c 3,600 perl 2,850 html 2,059 php 1,327 bash 460 java 364 c++ 253 javascript 221 shell 105 go 65 postscript 25 xml 24