Exploitdb Exploits

31,369 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-118447 EXPLOITDB text VERIFIED
DWebPro 6.8.26 - Directory Traversal / Arbitrary File Disclosure
by Alfons Luja
CVE-2009-1625 EXPLOITDB text VERIFIED
Thickbox Gallery 2 - Path Traversal via ln Parameter
Directory traversal vulnerability in index.php in Thickbox Gallery 2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ln parameter.
by SirGod
CVE-2009-1618 EXPLOITDB text VERIFIED
Teraway LiveHelp 2.0 - Unauthenticated Authentication Bypass via TWLHadmin Cookie
Teraway LiveHelp 2.0 allows remote attackers to bypass authentication and gain administrative access via a pwd=&lvl=1&usr=&alias=admin&userid=1 value for the TWLHadmin cookie.
by ThE g0bL!N
CVE-2009-1617 EXPLOITDB text VERIFIED
Teraway LinkTracker 1.0 - Unauthenticated Authentication Bypass via Cookie Manipulation
Teraway LinkTracker 1.0 allows remote attackers to bypass authentication and gain administrative access via a userid=1&lvl=1 value for the twLTadmin cookie.
by ThE g0bL!N
CVE-2009-1619 EXPLOITDB text VERIFIED
Teraway FileStream 1.0 - Unauthenticated Authentication Bypass via twFSadmin Cookie
Teraway FileStream 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the twFSadmin cookie to 1.
by ThE g0bL!N
CVE-2009-1621 EXPLOITDB text VERIFIED
OpenCart 1.1.8 - Path Traversal via Route Parameter
Directory traversal vulnerability in index.php in OpenCart 1.1.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the route parameter.
by OoN_Boy
CVE-2009-1620 EXPLOITDB text VERIFIED
MataChat - Stored Cross-Site Scripting via Nickname and Color Parameters
Multiple cross-site scripting (XSS) vulnerabilities in input.php in MataChat allow remote attackers to inject arbitrary web script or HTML via the (1) nickname and (2) color parameters.
by Am!r
EIP-2026-107916 EXPLOITDB text VERIFIED
Invision Power Board (IP.Board) 3.0.0b5 - Active Cross-Site Scripting / Full Path Disclosure
by brain[pillow]
EIP-2026-107915 EXPLOITDB text VERIFIED
Invision Power Board (IP.Board) 3.0 - Multiple HTML Injection / Information Disclosure Vulnerabilities
by brain[pillow]
CVE-2009-1486 EXPLOITDB text VERIFIED
Flatchat 3.0 - Path Traversal via pmscript.php with Parameter
Directory traversal vulnerability in pmscript.php in Flatchat 3.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the with parameter.
by SirGod
CVE-2009-1626 EXPLOITDB text VERIFIED
EZ-Blog - SQL Injection via Category Parameter
SQL injection vulnerability in public/specific.php in EZ-Blog before Beta 2 20090427, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the category parameter.
by YEnH4ckEr
CVE-2009-1622 EXPLOITDB text VERIFIED
EcShop 2.5.0 - SQL Injection via order_sn Parameter
SQL injection vulnerability in user.php in EcShop 2.5.0 allows remote attackers to execute arbitrary SQL commands via the order_sn parameter in an order_query action.
by Securitylab.ir
CVE-2009-1624 EXPLOITDB text VERIFIED
Dew-NewPHPLinks 2.0 - Path Traversal via Show Parameter
Directory traversal vulnerability in index.php in Dew-NewPHPLinks 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the show parameter.
by d3v1l
CVE-2009-1550 EXPLOITDB text VERIFIED
Zakkis Technology ABC Advertise 1.0 - Unauthenticated Information Disclosure via admin.inc.php
Zakkis Technology ABC Advertise 1.0 does not properly restrict access to admin.inc.php, which allows remote attackers to obtain the administrator login name and password via a direct request.
by SirGod
CVE-2009-1480 EXPLOITDB text VERIFIED
Pragyan CMS 2.6.4 - SQL Injection via Fileget Parameter
SQL injection vulnerability in index.php Pragyan CMS 2.6.4 allows remote attackers to execute arbitrary SQL commands via the fileget parameter in a view action and other unspecified vectors.
by Salvatore Fresta
EIP-2026-110612 EXPLOITDB text VERIFIED
photo-rigma.biz 30 - SQL Injection / Cross-Site Scripting
by YEnH4ckEr
CVE-2009-1504 EXPLOITDB text VERIFIED
Absolute Form Processor XE 1.5 - Unauthenticated Authentication Bypass via xlaAFPadmin Cookie
Absolute Form Processor XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the xlaAFPadmin cookie to "lvl=1&userid=1."
by ZoRLu
CVE-2009-1517 EXPLOITDB text VERIFIED
Symantec Norton Ghost 14.0 - Remote Code Execution via EasySetup ActiveX Control Methods
Multiple insecure method vulnerabilities in the Symantec.EasySetup.1 ActiveX control in EasySetupInt.dll 14.0.4.30167 in the EasySetup wizard in Symantec Norton Ghost 14.0 allow remote attackers to cause a denial of service (browser crash) and possibly execute arbitrary code via unspecified input to the (1) GetBackupLocationPath, (2) CallUninstall, (3) SetupDeleteVolume, (4) CanUseEasySetup, (5) CallAddInitialProtection, and (6) CallTour methods.
by shinnai
EIP-2026-115392 EXPLOITDB text VERIFIED
Home Web Server r1.7.1 (build 147) - GUI Thread-Memory Corruption
by Aodrulez
EIP-2026-107202 EXPLOITDB text VERIFIED
fowlcms 1.1 - Authentication Bypass / Local File Inclusion / Arbitrary File Upload
by YEnH4ckEr
EIP-2026-106247 EXPLOITDB text VERIFIED
CS Whois Lookup - 'ip' Remote Command Execution
by SirGod
CVE-2009-1558 EXPLOITDB text VERIFIED
Cisco WVC54GCA - Path Traversal via next_file Parameter
Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter.
by pagvac
CVE-2009-1444 EXPLOITDB text VERIFIED
WebPortal CMS 0.8-beta - Remote Code Execution via lib_path Parameter
PHP remote file inclusion vulnerability in indexk.php in WebPortal CMS 0.8-beta allows remote attackers to execute arbitrary PHP code via a URL in the lib_path parameter.
by ahmadbady
EIP-2026-115102 EXPLOITDB text VERIFIED
Counter Strike Source ManiAdminPlugin 2.0 - Remote Crash
by M4rt1n
CVE-2009-1445 EXPLOITDB text VERIFIED
WebPortal CMS 0.8-beta - Path Traversal and Arbitrary File Read via lang Parameter
Multiple directory traversal vulnerabilities in WebPortal CMS 0.8-beta allow remote attackers to (1) read arbitrary files via directory traversal sequences in the lang parameter to libraries/helpdocs/help.php and (2) include and execute arbitrary local files via directory traversal sequences in the error parameter to index.php.
by ahmadbady
By Source
All 31,369 Writeup 60,635 Exploitdb 50,056 Nomisec 21,997 Metasploit 3,232 Github 3,019 Vulncheck_xdb 909 Inthewild 514 Gitlab 461 Gitee 415 Patchapalooza 312
By Language
text 31,369 python 6,255 ruby 5,922 c 3,600 perl 2,850 html 2,059 php 1,327 bash 460 java 364 c++ 253 javascript 221 shell 105 go 65 postscript 25 xml 24