Exploitdb Exploits

31,351 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-5955 EXPLOITDB text VERIFIED
PHPSTREET Webboard 1.0 - SQL Injection via show.php id Parameter
SQL injection vulnerability in show.php in Wbstreet (aka PHPSTREET Webboard) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by CWH Underground
CVE-2008-5950 EXPLOITDB text VERIFIED
ASP Template Creature - Media Level < SQL Injection
SQL injection vulnerability in media/media_level.asp in ASP Template Creature allows remote attackers to execute arbitrary SQL commands via the mcatid parameter.
by ZoRLu
CVE-2008-5962 EXPLOITDB text VERIFIED
Gravity GTD <0.4.5 - Path Traversal
Directory traversal vulnerability in library/setup/rpc.php in Gravity Getting Things Done (GTD) 0.4.5 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the objectname parameter.
by dun
CVE-2008-5956 EXPLOITDB text VERIFIED
PHPSTREET Webboard 1.0 - Unauthenticated Sensitive Information Exposure via Direct Request
Wbstreet (aka PHPSTREET Webboard) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request to connect.inc.
by CWH Underground
CVE-2008-5601 EXPLOITDB text VERIFIED
User Engine Lite ASP - Info Disclosure
User Engine Lite ASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for users.mdb.
by AlpHaNiX
CVE-2008-5951 EXPLOITDB text VERIFIED
ASP Template Creature - Info Disclosure
ASP Template Creature stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for workDB/templatemonster.mdb.
by ZoRLu
CVE-2008-6385 EXPLOITDB text VERIFIED
W3matter RevSense 1.0 - Cross-Site Scripting via Section Parameter
Cross-site scripting (XSS) vulnerability in index.php in W3matter RevSense 1.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter.
by Pouya_Server
CVE-2008-5955 EXPLOITDB text VERIFIED
PHPSTREET Webboard 1.0 - SQL Injection via show.php id Parameter
SQL injection vulnerability in show.php in Wbstreet (aka PHPSTREET Webboard) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by CWH Underground
EIP-2026-109969 EXPLOITDB text VERIFIED
NPDS < 08.06 - Multiple Input Validation Vulnerabilities
by Jean-François Leclerc
CVE-2008-5604 EXPLOITDB text VERIFIED
My Simple Forum <4.1 - Path Traversal
Directory traversal vulnerability in index.php in My Simple Forum 3.0 and 4.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter.
by cOndemned
CVE-2008-5585 EXPLOITDB text VERIFIED
lcxBBportal 0.1 Alpha 2 - Remote Code Execution via phpbb_root_path Parameter
Multiple PHP remote file inclusion vulnerabilities in lcxBBportal 0.1 Alpha 2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) portal/includes/portal_block.php and (2) includes/acp/acp_lcxbbportal.php.
by NoGe
CVE-2008-5957 EXPLOITDB text VERIFIED
Joomla! com_mydyngallery 1.4.2 - SQL Injection
SQL injection vulnerability in the Mydyngallery (com_mydyngallery) component 1.4.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the directory parameter to index.php.
by Khashayar Fereidani
CVE-2008-5963 EXPLOITDB text VERIFIED
Gravity GTD <0.4.5 - Code Injection
Eval injection vulnerability in library/setup/rpc.php in Gravity Getting Things Done (GTD) 0.4.5 and earlier allows remote attackers to execute arbitrary PHP code via the objectname parameter.
by dun
CVE-2008-5949 EXPLOITDB text VERIFIED
cctiddly 1.7.4 and 1.7.6 - Remote Code Execution via cct_base Parameter
Multiple PHP remote file inclusion vulnerabilities in ccTiddly 1.7.4 and 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the cct_base parameter to (1) index.php; (2) handle/proxy.php; (3) header.php, (4) include.php, and (5) workspace.php in includes/; and (6) plugins/RSS/files/rss.php.
by cOndemned
CVE-2008-5948 EXPLOITDB text VERIFIED
BNCwi < 1.04 - Remote File Inclusion via Newlanguage Parameter
Directory traversal vulnerability in index.php in BNCwi 1.04 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newlanguage parameter.
by dun
CVE-2008-6493 EXPLOITDB text VERIFIED
Easy Content Management Publishing - Unauthenticated Database Download via Direct Request
Easy Content Management Publishing stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Database/News.mdb.
by BeyazKurt
CVE-2008-6515 EXPLOITDB text VERIFIED
yappa-ng - Cross-Site Scripting via Query String
Cross-site scripting (XSS) vulnerability in Fritz Berger yet another php photo album - next generation (yappa-ng) allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI.
by Pouya_Server
CVE-2008-6495 EXPLOITDB text VERIFIED
yappa-ng 2.3.2 - Cross-Site Scripting via Album Parameter
Cross-site scripting (XSS) vulnerability in index.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 allows remote attackers to inject arbitrary web script or HTML via the album parameter.
by Pouya_Server
CVE-2008-6389 EXPLOITDB text VERIFIED
Rae Media Contact Management Software - SQL Injection via Password Parameter
SQL injection vulnerability in asadmin/default.asp in Rae Media Contact Management Software SOHO, Standard, and Enterprise allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: some of these details are obtained from third party information.
by b3hz4d
CVE-2008-6377 EXPLOITDB text VERIFIED
Multi SEO phpBB 1.1.0 - Remote Code Execution via pfad Parameter
PHP remote file inclusion vulnerability in include/global.php in Multi SEO phpBB 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the pfad parameter.
by NoGe
CVE-2008-6494 EXPLOITDB text VERIFIED
ASP User Engine.NET - Unauthenticated Sensitive Information Exposure via Direct Database Download
ASP User Engine.NET stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for users.mdb.
by AlpHaNiX
CVE-2008-6379 EXPLOITDB text VERIFIED
Gallery MX 2.0.0 - SQL Injection via ID Parameter
SQL injection vulnerability in pics_pre.asp in Gallery MX 2.0.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by R3d-D3V!L
CVE-2008-6378 EXPLOITDB text VERIFIED
Calendar Mx Professional 2.0.0 - SQL Injection via ID Parameter
SQL injection vulnerability in calendar_Eventupdate.asp in Calendar Mx Professional 2.0.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by R3d-D3V!L
CVE-2008-5979 EXPLOITDB text VERIFIED
Ocean12 Mailing List Manager Gold - XSS
Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Mailing List Manager Gold allows remote attackers to inject arbitrary web script or HTML via the Email parameter.
by Pouya_Server
CVE-2008-5978 EXPLOITDB text VERIFIED
Ocean12 Mailing List Manager Gold - SQL Injection
Multiple SQL injection vulnerabilities in Ocean12 Mailing List Manager Gold allow remote attackers to execute arbitrary SQL commands via the Email parameter to (1) default.asp and (2) s_edit.asp.
by Pouya_Server
By Source
All 31,351 Writeup 60,918 Exploitdb 50,023 Nomisec 22,028 Metasploit 3,243 Github 3,049 Vulncheck_xdb 909 Inthewild 514 Gitlab 461 Gitee 415 Patchapalooza 312
By Language
text 31,351 python 6,261 ruby 5,933 c 3,602 perl 2,849 html 2,057 php 1,327 bash 460 java 364 c++ 253 javascript 221 shell 108 go 65 postscript 25 xml 24