Exploitdb Exploits

31,351 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-100413 EXPLOITDB text VERIFIED
Mavi Emlak - 'newDetail.asp' SQL Injection
by Sina Yazdanmehr
EIP-2026-100401 EXPLOITDB text VERIFIED
Madrese-Portal - 'haber.asp' SQL Injection
by Sina Yazdanmehr
CVE-2008-5745 EXPLOITDB text VERIFIED
Microsoft Windows Media Player <11.0.5721.5260 - DoS
Integer overflow in quartz.dll in the DirectShow framework in Microsoft Windows Media Player (WMP) 9, 10, and 11, including 11.0.5721.5260, allows remote attackers to cause a denial of service (application crash) via a crafted (1) WAV, (2) SND, or (3) MID file. NOTE: this has been incorrectly reported as a code-execution vulnerability. NOTE: it is not clear whether this issue is related to CVE-2008-4927.
by laurent gaffié
CVE-2008-6763 EXPLOITDB text VERIFIED
Silentum LoginSys 1.0.0 - Unauthenticated Authentication Bypass via logged_in Cookie
login2.php in Silentum LoginSys 1.0.0 allows remote attackers to bypass authentication and obtain access to an arbitrary account by setting the logged_in cookie to that account's username.
by Osirys
CVE-2008-5733 EXPLOITDB text VERIFIED
Team Impact TI Blog System - SQL Injection
SQL injection vulnerability in blog.php in the Team Impact TI Blog System mod for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Khashayar Fereidani
CVE-2008-6143 EXPLOITDB text VERIFIED
OwenPoll 1.0 - Unauthenticated Authentication Bypass via Username Cookie
OwenPoll 1.0 allows remote attackers to bypass authentication and obtain administrative access via a modified account name in the username cookie.
by Osirys
CVE-2008-6582 EXPLOITDB text VERIFIED
Miniweb 2.0 - SQL Injection via Username Parameter
SQL injection vulnerability in index.php in Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.
by bizzit
CVE-2008-5811 EXPLOITDB text VERIFIED
Joomla com_paxgallery 0.1 - SQL Injection via gid Parameter
SQL injection vulnerability in the PaxGallery (com_paxgallery) component 0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter in a table action to index.php.
by XaDoS
EIP-2026-107298 EXPLOITDB text VERIFIED
FubarForum 1.6 - Arbitrary Authentication Bypass
by k3yv4n
CVE-2008-5751 EXPLOITDB text VERIFIED
AlstraSoft Web Email Script Enterprise - SQL Injection
SQL injection vulnerability in index.php in AlstraSoft Web Email Script Enterprise (ESE) allows remote attackers to execute arbitrary SQL commands via the id parameter in a directory action.
by Bgh7
CVE-2008-6147 EXPLOITDB text VERIFIED
ForumApp 3.3 - Unauthenticated Sensitive Information Exposure via Direct Database Request
ForumApp 3.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) data/8690.mdb or (2) data/8690BAK.mdb.
by Cyber.Zer0
CVE-2008-6149 EXPLOITDB text VERIFIED
com_mdigg 2.2.8 - SQL Injection via cagtegory Parameter
SQL injection vulnerability in the mDigg (com_mdigg) component 2.2.8 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cagtegory parameter in a story_lists action to index.php.
by boom3rang
CVE-2008-6148 EXPLOITDB text VERIFIED
Live Ticker (com_liveticker) 1.0 for Joomla! - SQL Injection via tid Parameter
SQL injection vulnerability in the Live Ticker (com_liveticker) module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a viewticker action to index.php.
by boom3rang
CVE-2008-6852 EXPLOITDB text VERIFIED
Ice Gallery Component for Joomla! 0.5 beta 2 - SQL Injection via catid Parameter
SQL injection vulnerability in the Ice Gallery (com_ice) component 0.5 beta 2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
by boom3rang
CVE-2008-5816 EXPLOITDB text VERIFIED
ILIAS < 3.7.4 - SQL Injection via ref_id Parameter
SQL injection vulnerability in repository.php in ILIAS 3.7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ref_id parameter.
by Lidloses_Auge
EIP-2026-106542 EXPLOITDB text VERIFIED
doop CMS 1.4.0b - Cross-Site Request Forgery / Arbitrary File Upload
by x0r
CVE-2008-5856 EXPLOITDB text VERIFIED
ClaSS < 0.8.60 - Path Traversal via ftype Parameter
Directory traversal vulnerability in scripts/export.php in ClaSS before 0.8.61 allows remote attackers to read arbitrary files via directory traversal sequences in the ftype parameter.
by fuzion
CVE-2008-5748 EXPLOITDB HIGH text VERIFIED
BloofoxCMS 0.3.4 - Path Traversal via Lang Theme or Module Parameter
Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php in BloofoxCMS 0.3.4 allows remote attackers to read arbitrary files via the (1) lang, (2) theme, and (3) module parameters.
by fuzion
CVSS 8.1
CVE-2008-6848 EXPLOITDB text VERIFIED
phpGreetCards 3.7 - Cross-Site Scripting via Category Parameter
Cross-site scripting (XSS) vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to inject arbitrary web script or HTML via the category parameter in a select action.
by ahmadbady
CVE-2008-5730 EXPLOITDB text VERIFIED
AIST NetCat <= 3.12 - CRLF Injection via Cookie and add.php
Multiple CRLF injection vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to have an unknown impact via unspecified vectors involving (1) a %0a sequence in a cookie and (2) the add.php file.
by s4avrd0w
CVE-2008-5729 EXPLOITDB text VERIFIED
AIST NetCat <= 3.12 - Cross-Site Scripting via FCKeditor Parameters
Multiple cross-site scripting (XSS) vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) form and (2) control parameters to FCKeditor/neditor.php, and the (3) path parameter to admin/siteinfo/iframe.inc.php.
by s4avrd0w
CVE-2008-5728 EXPLOITDB text VERIFIED
AIST NetCat <= 3.12 - Remote File Inclusion via Path Traversal
Multiple directory traversal vulnerabilities in AIST NetCat 3.12 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the system parameter in modules/netshop/post.php; and the INCLUDE_FOLDER parameter in (2) auth.inc.php, (3) banner.inc.php, (4) blog.inc.php, and (5) forum.inc.php in modules/.
by s4avrd0w
CVE-2008-5874 EXPLOITDB text VERIFIED
Hotel Booking Reservation System - Joomla! SQL Injection
Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS) for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php in the (1) com_allhotels or (2) com_5starhotels module. NOTE: some of these details are obtained from third party information.
by Hussin X
CVE-2008-5726 EXPLOITDB text VERIFIED
stormBoards 1.0.1 - SQL Injection via Thread ID Parameter
SQL injection vulnerability in thread.php in stormBoards 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Samir-M
CVE-2008-6729 EXPLOITDB text VERIFIED
phpmotion < 2.1 - Cross-Site Request Forgery via Password or Email Parameter
Multiple cross-site request forgery (CSRF) vulnerabilities in password.php in PHPmotion 2.1 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that modify an account via the (1) password or (2) email_address parameter.
by Ausome1
By Source
All 31,351 Writeup 60,754 Exploitdb 50,023 Nomisec 22,019 Metasploit 3,235 Github 3,041 Vulncheck_xdb 909 Inthewild 514 Gitlab 461 Gitee 415 Patchapalooza 312
By Language
text 31,351 python 6,258 ruby 5,925 c 3,601 perl 2,849 html 2,057 php 1,327 bash 460 java 364 c++ 253 javascript 221 shell 106 go 65 postscript 25 xml 24