Exploitdb Exploits

31,351 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-5571 EXPLOITDB text VERIFIED
Professional Download Assistant 0.1 - SQL Injection
SQL injection vulnerability in admin/login.asp in Professional Download Assistant 0.1 allows remote attackers to execute arbitrary SQL commands via the (1) uname parameter (aka user field) or the (2) psw parameter (aka passwd field). NOTE: some of these details are obtained from third party information.
by ZoRLu
CVE-2008-5571 EXPLOITDB text VERIFIED
Professional Download Assistant 0.1 - SQL Injection
SQL injection vulnerability in admin/login.asp in Professional Download Assistant 0.1 allows remote attackers to execute arbitrary SQL commands via the (1) uname parameter (aka user field) or the (2) psw parameter (aka passwd field). NOTE: some of these details are obtained from third party information.
by ZoRLu
CVE-2008-5560 EXPLOITDB text VERIFIED
PostEcards - Unauthenticated Sensitive Information Exposure via Direct Database File Access
PostEcards stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for postcards.mdb.
by AlpHaNiX
CVE-2008-5573 EXPLOITDB text VERIFIED
Poll Pro 2.0 - SQL Injection via Login Username or Password Parameter
SQL injection vulnerability in the login feature in Poll Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) Password and (2) username parameters.
by AlpHaNiX
CVE-2008-6498 EXPLOITDB text VERIFIED
XAMPP 1.6.8 - Cross-Site Request Forgery via xampppasswd Parameter
Cross-site request forgery (CSRF) vulnerability in security/xamppsecurity.php in XAMPP 1.6.8 allows remote attackers to hijack the authentication of users for requests that change a certain .htaccess password via the xampppasswd parameter.
by Michael Brooks
CVE-2008-6499 EXPLOITDB text VERIFIED
XAMPP 1.6.8 - Remote Code Execution via SERVER Superglobal Variable Spoofing
security/xamppsecurity.php in XAMPP 1.6.8 performs an extract operation on the SERVER superglobal array, which allows remote attackers to spoof critical variables, as demonstrated by setting the REMOTE_ADDR variable to 127.0.0.1.
by Michael Brooks
CVE-2008-6884 EXPLOITDB text VERIFIED
XOOPS 2.3.1 - Path Traversal via xoopsConfig[language] Parameter
Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter to (1) blocks.php and (2) main.php in xoops_lib/modules/protector/.
by DSecRG
EIP-2026-113249 EXPLOITDB text VERIFIED
webcaf 1.4 - Local File Inclusion / Remote Code Execution
by dun
EIP-2026-113022 EXPLOITDB text VERIFIED
vBulletin Secure Downloads 2.0.0r - SQL Injection
by Cnaph
EIP-2026-112196 EXPLOITDB text VERIFIED
siu guarani - Multiple Vulnerabilities
by Ubik & proudhon
EIP-2026-112085 EXPLOITDB text VERIFIED
Simple Directory Listing 2 - Cross-Site Arbitrary File Upload
by Michael Brooks
CVE-2008-6503 EXPLOITDB text VERIFIED
PrestaShop 1.1.0.3 - Cross-Site Scripting via PATH_INFO to admin/login.php and order.php
Multiple cross-site scripting (XSS) vulnerabilities in PrestaShop 1.1.0.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/login.php and (2) order.php.
by th3.r00k.ieatpork
CVE-2008-6503 EXPLOITDB text VERIFIED
PrestaShop 1.1.0.3 - Cross-Site Scripting via PATH_INFO to admin/login.php and order.php
Multiple cross-site scripting (XSS) vulnerabilities in PrestaShop 1.1.0.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/login.php and (2) order.php.
by th3.r00k.ieatpork
CVE-2008-5621 EXPLOITDB text VERIFIED
phpMyAdmin 2.11.x-2.11.9.3 and 3.x-3.1.0.9 - Cross-Site Request Forgery via tbl_structure.php
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: other unspecified pages are also reachable, but they have the same root cause. NOTE: this can be leveraged to conduct SQL injection attacks and execute arbitrary code.
by Michael Brooks
CVE-2008-5569 EXPLOITDB text VERIFIED
PHPepperShop 1.4 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in PHPepperShop 1.4 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php or (2) shop/kontakt.php, or (3) shop_kunden_mgmt.php or (4) SHOP_KONFIGURATION.php in shop/Admin/.
by th3.r00k.ieatpork
CVE-2008-5569 EXPLOITDB text VERIFIED
PHPepperShop 1.4 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in PHPepperShop 1.4 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php or (2) shop/kontakt.php, or (3) shop_kunden_mgmt.php or (4) SHOP_KONFIGURATION.php in shop/Admin/.
by th3.r00k.ieatpork
CVE-2008-5569 EXPLOITDB text VERIFIED
PHPepperShop 1.4 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in PHPepperShop 1.4 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php or (2) shop/kontakt.php, or (3) shop_kunden_mgmt.php or (4) SHOP_KONFIGURATION.php in shop/Admin/.
by th3.r00k.ieatpork
CVE-2008-5569 EXPLOITDB text VERIFIED
PHPepperShop 1.4 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in PHPepperShop 1.4 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php or (2) shop/kontakt.php, or (3) shop_kunden_mgmt.php or (4) SHOP_KONFIGURATION.php in shop/Admin/.
by th3.r00k.ieatpork
EIP-2026-109437 EXPLOITDB text VERIFIED
MG2 0.5.1 - 'filename' Remote Code Execution
by Alfons Luja
CVE-2008-5590 EXPLOITDB text VERIFIED
Kalptaru Infotech Product Sale Framework 0.1 - SQL Injection
SQL injection vulnerability in customer.forumtopic.php in Kalptaru Infotech Product Sale Framework 0.1 beta allows remote attackers to execute arbitrary SQL commands via the forum_topic_id parameter.
by b3hz4d
CVE-2008-5598 EXPLOITDB text VERIFIED
PHPmyGallery 1.51 gold - Path Traversal
Directory traversal vulnerability in index.php in PHPmyGallery 1.51 gold allows remote attackers to list arbitrary directories via a .. (dot dot) in the group parameter.
by zAx
CVE-2008-5593 EXPLOITDB text VERIFIED
Mini CMS 1.0.1 - Remote File Inclusion via Page and Admin Parameters
Multiple directory traversal vulnerabilities in index.php in Mini CMS 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page and (2) admin parameters.
by cOndemned
CVE-2008-5594 EXPLOITDB text VERIFIED
Mini Blog 1.0.1 - Path Traversal via Page and Admin Parameters
Multiple directory traversal vulnerabilities in index.php in Mini Blog 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page and (2) admin parameters.
by cOndemned
CVE-2008-5606 EXPLOITDB text VERIFIED
Gazatem QMail Mailing List Manager 1.2 - Info Disclosure
Gazatem QMail Mailing List Manager 1.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for qmail.mdb.
by Ghost Hacker
CVE-2008-5572 EXPLOITDB text VERIFIED
Professional Download Assistant 0.1 - Info Disclosure
Professional Download Assistant 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for database/downloads.mdb.
by Ghost Hacker
By Source
All 31,351 Writeup 60,754 Exploitdb 50,023 Nomisec 22,022 Metasploit 3,243 Github 3,046 Vulncheck_xdb 909 Inthewild 514 Gitlab 461 Gitee 415 Patchapalooza 312
By Language
text 31,351 python 6,261 ruby 5,933 c 3,601 perl 2,849 html 2,057 php 1,327 bash 460 java 364 c++ 253 javascript 221 shell 107 go 65 postscript 25 xml 24