Exploitdb Exploits

31,351 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-5602 EXPLOITDB text VERIFIED
natterchat 1.12 - Unauthenticated Sensitive Information Exposure via Direct Database File Request
Natterchat 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for natterchat112.mdb.
by AlpHaNiX
CVE-2008-5596 EXPLOITDB text VERIFIED
Ikon AdManager <2.1 - Info Disclosure
Ikon AdManager 2.1 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for ikonBAnner_AdManager.mdb.
by Ghost Hacker
EIP-2026-100134 EXPLOITDB text VERIFIED
aspmanage banners - Arbitrary File Upload / File Disclosure
by ZoRLu
EIP-2026-100122 EXPLOITDB text VERIFIED
asp talk - SQL Injection / Cross-Site Scripting
by Bl@ckbe@rD
CVE-2008-5304 EXPLOITDB text VERIFIED
TWiki < 4.2.4 - Cross-Site Scripting via %URLPARAM{}% Variable
Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via the %URLPARAM{}% variable.
by Marc Schoenefeld
CVE-2008-5305 EXPLOITDB text VERIFIED
TWiki < 4.2.4 - Remote Code Execution via SEARCH Variable
Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable.
by Troy Bollinge
CVE-2008-5587 EXPLOITDB text VERIFIED
phppgadmin <= 4.2.1 - Path Traversal via _language Parameter
Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php.
by dun
CVE-2008-5562 EXPLOITDB text VERIFIED
ASPPortal - Unauthenticated Sensitive Information Exposure via Direct Database File Access
ASPPortal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for xportal.mdb.
by ZoRLu
CVE-2008-5608 EXPLOITDB text VERIFIED
ASP AutoDealer - Unauthenticated Sensitive Information Exposure via Direct Database File Access
ASP AutoDealer stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for auto.mdb.
by ZoRLu
CVE-2008-6870 EXPLOITDB text VERIFIED
Merlix Educate Server - Information Disclosure via Direct Request to config.asp and users.asp
Merlix Educate Server allows remote attackers to bypass intended security restrictions and obtain sensitive information via a direct request to (1) config.asp and (2) users.asp.
by ZoRLu
CVE-2008-5599 EXPLOITDB text VERIFIED
Merlix Teamworx Server - SQL Injection
SQL injection vulnerability in default.asp in Merlix Teamworx Server allows remote attackers to execute arbitrary SQL commands via the password parameter (aka passwd field) in a login action. NOTE: some of these details are obtained from third party information.
by ZoRLu
CVE-2008-5595 EXPLOITDB text VERIFIED
ASP AutoDealer - SQL Injection via ID Parameter
SQL injection vulnerability in detail.asp in ASP AutoDealer allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by AlpHaNiX
CVE-2008-5591 EXPLOITDB text VERIFIED
Nightfall Personal Diary 1.0 - Cross-Site Scripting via login.asp Username Parameter
Cross-site scripting (XSS) vulnerability in login.asp in Nightfall Personal Diary 1.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter and possibly other "login fields." NOTE: some of these details are obtained from third party information.
by AlpHaNiX
CVE-2008-6534 EXPLOITDB text VERIFIED
NULL FTP Server Free and Pro 1.1.0.7 - Authenticated Command Injection via SITE Command
Incomplete blacklist vulnerability in NULL FTP Server Free and Pro 1.1.0.7 allows remote authenticated users to execute arbitrary commands via a custom SITE command containing shell metacharacters such as "&" (ampersand) in the middle of an argument.
by Tan Chew Keong
CVE-2008-6492 EXPLOITDB text VERIFIED
Tizag Countdown Creator 3 - Unauthenticated Arbitrary File Upload via index.php
Unrestricted file upload vulnerability in process.php in Tizag Countdown Creator 3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via index.php, then accessing the uploaded file via a direct request to the file in pics/. NOTE: some of these details are obtained from third party information.
by ahmadbady
CVE-2008-5592 EXPLOITDB text VERIFIED
Nightfall Personal Diary 1.0 - Info Disclosure
Nightfall Personal Diary 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for users-zza21.mdb.
by AlpHaNiX
CVE-2008-6362 EXPLOITDB text VERIFIED
Multiple Membership Script 2.5 - SQL Injection via id Parameter
SQL injection vulnerability in sitepage.php in Multiple Membership Script 2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by ViRuS_HaCkErS
CVE-2008-5600 EXPLOITDB text VERIFIED
Merlix Teamworx Server - Info Disclosure
Merlix Teamworx Server stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for teamworx.mdb.
by ZoRLu
CVE-2008-5589 EXPLOITDB text VERIFIED
Katy Whitton RankEm - SQL Injection
SQL injection vulnerability in processlogin.asp in Katy Whitton RankEm allows remote attackers to execute arbitrary SQL commands via the (1) txtusername parameter (aka username field) or the (2) txtpassword parameter (aka password field). NOTE: some of these details are obtained from third party information.
by AlpHaNiX
CVE-2008-5588 EXPLOITDB text VERIFIED
Katy Whitton RankEm - SQL Injection
SQL injection vulnerability in rankup.asp in Katy Whitton RankEm allows remote attackers to execute arbitrary SQL commands via the siteID parameter.
by AlpHaNiX
CVE-2008-6871 EXPLOITDB text VERIFIED
Merlix Educate Server - Unauthenticated Sensitive Information Exposure via Direct Request to db.mdb
Merlix Educate Server stores db.mdb under the web root with insufficient access control, which allows remote attackers to obtain unspecified sensitive information via a direct request.
by ZoRLu
CVE-2008-5597 EXPLOITDB text VERIFIED
Cold BBS - Unauthenticated Sensitive Information Exposure via Direct Database File Access
Cold BBS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for db/cforum.mdb.
by ahmadbady
CVE-2008-5603 EXPLOITDB text VERIFIED
ASPTicker 1.0 - Unauthenticated Sensitive Information Exposure via Direct Database File Access
ASPTicker 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for news.mdb.
by ZoRLu
CVE-2008-5605 EXPLOITDB text VERIFIED
ASP Portal - SQL Injection
Multiple SQL injection vulnerabilities in ASP Portal allow remote attackers to execute arbitrary SQL commands via the (1) ItemID parameter to classifieds.asp and the (2) ID parameter to Events.asp.
by AlpHaNiX
CVE-2008-5608 EXPLOITDB text VERIFIED
ASP AutoDealer - Unauthenticated Sensitive Information Exposure via Direct Database File Access
ASP AutoDealer stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for auto.mdb.
by AlpHaNiX
By Source
All 31,351 Writeup 60,754 Exploitdb 50,023 Nomisec 22,028 Metasploit 3,243 Github 3,048 Vulncheck_xdb 909 Inthewild 514 Gitlab 461 Gitee 415 Patchapalooza 312
By Language
text 31,351 python 6,261 ruby 5,933 c 3,601 perl 2,849 html 2,057 php 1,327 bash 460 java 364 c++ 253 javascript 221 shell 108 go 65 postscript 25 xml 24