Exploitdb Exploits

31,351 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-6888 EXPLOITDB text VERIFIED
Pre Classified Listings 1.0 - Cross-Site Scripting via Signup Address Parameter
Cross-site scripting (XSS) vulnerability in signup.asp in Pre Classified Listings 1.0 allows remote attackers to inject arbitrary web script or HTML via the address parameter.
by Pouya_Server
CVE-2008-6887 EXPLOITDB text VERIFIED
Pre Classified Listings 1.0 - SQL Injection via detailad.asp siteid Parameter
SQL injection vulnerability in detailad.asp in Pre Classified Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the siteid parameter.
by Pouya_Server
CVE-2008-6847 EXPLOITDB text VERIFIED
Pre ASP Job Board - Cross-Site Scripting via Employee Login msg Parameter
Cross-site scripting (XSS) vulnerability in Employee/emp_login.asp in Pre ASP Job Board allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
by Pouya_Server
CVE-2008-6500 EXPLOITDB text VERIFIED
CodeToad ASP Shopping Cart Script - Cross-Site Scripting via Query String
Cross-site scripting (XSS) vulnerability in CodeToad ASP Shopping Cart Script allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI.
by Pouya_Server
CVE-2008-6382 EXPLOITDB text VERIFIED
Aspportal - Access Control
ASP Portal 3.2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to ASPPortal.mdb.
by CWH Underground
CVE-2008-6890 EXPLOITDB text VERIFIED
ASP Forum Script - SQL Injection via messages.asp message_id Parameter
SQL injection vulnerability in messages.asp in ASP Forum Script allows remote attackers to execute arbitrary SQL commands via the message_id parameter.
by Pouya_Server
CVE-2008-6891 EXPLOITDB text VERIFIED
ASP Forum Script - Cross-Site Scripting via forum_id Parameter
Multiple cross-site scripting (XSS) vulnerabilities in ASP Forum Script allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter to (a) new_message.asp and (b) messages.asp, and the (2) query string to default.asp.
by Pouya_Server
CVE-2008-6891 EXPLOITDB text VERIFIED
ASP Forum Script - Cross-Site Scripting via forum_id Parameter
Multiple cross-site scripting (XSS) vulnerabilities in ASP Forum Script allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter to (a) new_message.asp and (b) messages.asp, and the (2) query string to default.asp.
by Pouya_Server
CVE-2008-6612 EXPLOITDB text VERIFIED
Minimal ABlog 0.4 - Unauthenticated Remote Code Execution via File Upload
Unrestricted file upload vulnerability in admin/uploader.php in Minimal ABlog 0.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in img/.
by NoGe
CVE-2008-6611 EXPLOITDB text VERIFIED
Minimal ABlog 0.4 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in Minimal ABlog 0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by NoGe
CVE-2008-5952 EXPLOITDB text VERIFIED
KTP Computer Customer Database - Authenticated SQL Injection via tid Parameter
SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the tid parameter in a vtech action to the default URI.
by CWH Underground
CVE-2008-5406 EXPLOITDB text VERIFIED
Apple QuickTime Player 7.5.5-8.0.2.20 - Buffer Overflow
Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a MOV file with "long arguments," related to an "off by one overflow."
by laurent gaffié
CVE-2008-6387 EXPLOITDB text VERIFIED
Quick Tree View .NET 3.1 - Unauthenticated Sensitive Information Exposure via Direct Database File Access
Quick Tree View .NET 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to qtv.mdb.
by Cyber-Zone
CVE-2008-6613 EXPLOITDB text VERIFIED
minimal-ablog 0.4 - Unauthenticated Privilege Escalation via uploader.php
uploader.php in minimal-ablog 0.4 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request.
by NoGe
CVE-2008-5954 EXPLOITDB text VERIFIED
KTP Computer Customer Database - SQL Injection via lname Parameter
SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the lname parameter in a login action to an unspecified component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by CWH Underground
EIP-2026-106225 EXPLOITDB text VERIFIED
CPCommerce 1.2.6 - URL Rewrite Input Variable Overwrite / Authentication Bypass
by girex
CVE-2008-6287 EXPLOITDB text VERIFIED
Broadcast Machine 0.1 - Remote Code Execution via baseDir Parameter
Multiple PHP remote file inclusion vulnerabilities in Broadcast Machine 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter to (1) MySQLController.php, (2) SQLController.php, (3) SetupController.php, (4) VideoController.php, and (5) ViewController.php in controllers/.
by NoGe
CVE-2008-6380 EXPLOITDB text VERIFIED
Active Web Helpdesk 2.0 - SQL Injection via CategoryID Parameter
SQL injection vulnerability in default.aspx in Active Web Helpdesk 2.0 allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter.
by Cyber-Zone
CVE-2008-5632 EXPLOITDB text VERIFIED
Active Time Billing 3.2 - SQL Injection
SQL injection vulnerability in Account.asp in Active Time Billing 3.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
by AlpHaNiX
CVE-2008-5975 EXPLOITDB text VERIFIED
Active Price Comparison 4.0 - SQL Injection
SQL injection vulnerability in links.asp in Active Price Comparison 4.0 allows remote attackers to execute arbitrary SQL commands via the linkid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by R3d-D3V!L
CVE-2008-5641 EXPLOITDB text VERIFIED
Active Photo Gallery 6.2 - SQL Injection
SQL injection vulnerability in account.asp in Active Photo Gallery 6.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
by R3d-D3V!L
CVE-2008-5972 EXPLOITDB text VERIFIED
Active Business Directory 2 - SQL Injection
SQL injection vulnerability in default.asp in Active Business Directory 2 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
by AlpHaNiX
CVE-2008-5973 EXPLOITDB text VERIFIED
Active Web Mail 4.0 - SQL Injection
SQL injection vulnerability in login.aspx in Active Web Mail 4.0 allows remote attackers to execute arbitrary SQL commands via the password parameter.
by R3d-D3V!L
EIP-2026-113053 EXPLOITDB text VERIFIED
Venalsur Booking Centre 2.01 - Multiple Cross-Site Scripting Vulnerabilities
by Pouya_Server
CVE-2008-6285 EXPLOITDB text VERIFIED
PHP TV Portal < 2.0 - SQL Injection via mid Parameter
SQL injection vulnerability in index.php in PHP TV Portal 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the mid parameter.
by Cyber-Zone
By Source
All 31,351 Writeup 60,918 Exploitdb 50,023 Nomisec 22,028 Metasploit 3,243 Github 3,049 Vulncheck_xdb 909 Inthewild 514 Gitlab 461 Gitee 415 Patchapalooza 312
By Language
text 31,351 python 6,261 ruby 5,933 c 3,602 perl 2,849 html 2,057 php 1,327 bash 460 java 364 c++ 253 javascript 221 shell 108 go 65 postscript 25 xml 24