Exploitdb Exploits

31,348 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-0340 EXPLOITDB text VERIFIED
Simple PHP Newsletter <1.5 - Path Traversal
Multiple directory traversal vulnerabilities in Simple PHP Newsletter 1.5 allow remote attackers to read arbitrary files via a .. (dot dot) in the olang parameter to (1) mail.php and (2) mailbar.php.
by ahmadbady
CVE-2009-0249 EXPLOITDB text VERIFIED
Katy Whitton RankEm - Info Disclosure
Katy Whitton RankEm stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for database/topsites.mdb.
by Pouya_Server
CVE-2009-0337 EXPLOITDB text VERIFIED
Katy Whitton BlogIt! - SQL Injection
SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Pouya_Server
CVE-2009-0324 EXPLOITDB text VERIFIED
BibCiter 1.4 - SQL Injection via idp, idc, or idu Parameter
Multiple SQL injection vulnerabilities in BibCiter 1.4 allow remote attackers to execute arbitrary SQL commands via the (1) idp parameter to reports/projects.php, the (2) idc parameter to reports/contacts.php, and the (3) idu parameter to reports/users.php.
by nuclear
EIP-2026-105048 EXPLOITDB text VERIFIED
Aj Classifieds Real Estate 3.0 - Arbitrary File Upload
by ZoRLu
EIP-2026-105047 EXPLOITDB text VERIFIED
Aj Classifieds Personals 3.0 - Arbitrary File Upload
by ZoRLu
EIP-2026-105046 EXPLOITDB text VERIFIED
Aj Classifieds For Sale 3.0 - Arbitrary File Upload
by ZoRLu
EIP-2026-100842 EXPLOITDB text VERIFIED
LemonLDAP:NG 0.9.3.1 - User Enumeration / Cross-Site Scripting
by clément Oudot
CVE-2009-0281 EXPLOITDB text VERIFIED
WarHound Walking Club - SQL Injection
SQL injection vulnerability in login.aspx in WarHound Walking Club allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
by ByALBAYX
EIP-2026-100486 EXPLOITDB text VERIFIED
Ping IP - Authentication Bypass
by ByALBAYX
CVE-2009-0252 EXPLOITDB text VERIFIED
Enthrallweb eReservations - SQL Injection
Multiple SQL injection vulnerabilities in default.asp in Enthrallweb eReservations allow remote attackers to execute arbitrary SQL commands via the (1) Login parameter (aka username field) or the (2) Password parameter (aka password field). NOTE: some of these details are obtained from third party information.
by ByALBAYX
EIP-2026-100301 EXPLOITDB text VERIFIED
eFAQ - Authentication Bypass
by ByALBAYX
CVE-2009-0339 EXPLOITDB text VERIFIED
DMXReady Blog Manager - SQL Injection
SQL injection vulnerability in inc_webblogmanager.asp in DMXReady Blog Manager allows remote attackers to execute arbitrary SQL commands via the itemID parameter in a view action.
by Pouya_Server
CVE-2009-0338 EXPLOITDB text VERIFIED
DMXReady Blog Manager - Cross-Site Scripting via CategoryID Parameter
Cross-site scripting (XSS) vulnerability in inc_webblogmanager.asp in DMXReady Blog Manager allows remote attackers to inject arbitrary web script or HTML via the CategoryID parameter in a refer action.
by Pouya_Server
EIP-2026-100114 EXPLOITDB text VERIFIED
ASP ActionCalendar 1.3 - Authentication Bypass
by SuB-ZeRo
EIP-2026-113171 EXPLOITDB text VERIFIED
w3bcms - '/admin/index.php' SQL Injection
by Pouya_Server
EIP-2026-109505 EXPLOITDB text VERIFIED
MKPortal 1.2.1 - Multiple Vulnerabilities
by waraxe
EIP-2026-109504 EXPLOITDB text VERIFIED
MKPortal 1.2.1 - '/modules/rss/handler_image.php?i' Cross-Site Scripting
by waraxe
EIP-2026-109503 EXPLOITDB text VERIFIED
MKPortal 1.2.1 - '/modules/blog/index.php' Home Template Textarea SQL Injection
by waraxe
EIP-2026-109333 EXPLOITDB text VERIFIED
Masir Camp 3.0 - 'SearchKeywords' SQL Injection
by Pouya_Server
CVE-2009-0420 EXPLOITDB text VERIFIED
RD-Autos 1.5.5 Stable - SQL Injection via id Parameter
SQL injection vulnerability in the RD-Autos (com_rdautos) 1.5.5 Stable component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by H!tm@N
CVE-2009-0290 EXPLOITDB text VERIFIED
SIR GNUBoard 4.31.03 - Path Traversal
Directory traversal vulnerability in common.php in SIR GNUBoard 4.31.03 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the g4_path parameter. NOTE: in some environments, this can be leveraged for remote code execution via a data: URI or a UNC share pathname.
by flyh4t
CVE-2009-0327 EXPLOITDB text VERIFIED
Free Bible Search PHP Script 1.0 - SQL Injection
SQL injection vulnerability in readbible.php in Free Bible Search PHP Script 1.0 allows remote attackers to execute arbitrary SQL commands via the version parameter.
by nuclear
CVE-2009-0241 EXPLOITDB text VERIFIED
Ganglia 3.1.1 - Stack-based Buffer Overflow via Long Pathname in process_path
Stack-based buffer overflow in the process_path function in gmetad/server.c in Ganglia 3.1.1 allows remote attackers to cause a denial of service (crash) via a request to the gmetad service with a long pathname.
by Spike Spiegel
CVE-2009-0431 EXPLOITDB text VERIFIED
LinksPro Standard Edition - SQL Injection
SQL injection vulnerability in Default.asp in LinksPro Standard Edition allows remote attackers to execute arbitrary SQL commands via the OrderDirection parameter.
by Pouya_Server
By Source
All 31,348 Writeup 60,737 Exploitdb 50,017 Nomisec 22,011 Metasploit 3,235 Github 3,037 Vulncheck_xdb 909 Inthewild 514 Gitlab 461 Gitee 415 Patchapalooza 312
By Language
text 31,348 python 6,253 ruby 5,925 c 3,601 perl 2,849 html 2,057 php 1,327 bash 460 java 364 c++ 253 javascript 221 shell 106 go 65 postscript 25 xml 24