Exploitdb Exploits

31,351 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-6370 EXPLOITDB text VERIFIED
Ocean12 Contact Manager Pro 1.02 - Cross-Site Scripting via DisplayFormat Parameter
Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Contact Manager Pro 1.02 allows remote attackers to inject arbitrary web script or HTML via the DisplayFormat parameter.
by Pouya_Server
EIP-2026-110009 EXPLOITDB text VERIFIED
Ocean12 Calendar Manager Gold - Database Disclosure
by Pouya_Server
CVE-2008-6274 EXPLOITDB text VERIFIED
FamilyProject 2.0 - SQL Injection via Login or Password Parameter
Multiple SQL injection vulnerabilities in index.php in FamilyProject 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the logmbr parameter (aka login field) or (2) the mdpmbr parameter (aka pass or "Mot de passe" field). NOTE: some of these details are obtained from third party information.
by The_5p3ctrum
CVE-2008-6809 EXPLOITDB text VERIFIED
Venalsur Booking Centre Booking System for Hotels Group 2.01 - SQL Injection via HotelID Parameter
SQL injection vulnerability in hotel_habitaciones.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allows remote attackers to execute arbitrary SQL commands via the HotelID parameter.
by R3d-D3V!L
CVE-2006-3151 EXPLOITDB text VERIFIED
AssoCIateD <= 1.2.0 - Cross-Site Scripting via Menu Parameter
Cross-site scripting (XSS) vulnerability in index.php in AssoCIateD (aka ACID) 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the menu parameter.
by CWH Underground
CVE-2008-6280 EXPLOITDB text VERIFIED
Cisco WRT160N - Cross-Site Scripting via DHCP_Static Action Parameter
Cross-site scripting (XSS) vulnerability in apply.cgi on the Linksys WRT160N allows remote attackers to inject arbitrary web script or HTML via the action parameter in a DHCP_Static operation.
by David Gil
EIP-2026-100218 EXPLOITDB text VERIFIED
Comersus ASP Shopping Cart - File Disclosure / Cross-Site Scripting
by Bl@ckbe@rD
EIP-2026-119110 EXPLOITDB text VERIFIED
SAP GUI VSFlexGrid.VSFlexGridL sp 14 - Remote Buffer Overflow
by Elazar Broad
CVE-2008-7075 EXPLOITDB text VERIFIED
Kalptaru Infotech Stararticles - SQL Injection
Multiple SQL injection vulnerabilities in Kalptaru Infotech Ltd. Star Articles 6.0 allow remote attackers to inject arbitrary SQL commands via (1) the subcatid parameter to article.list.php; or the artid parameter to (2) article.print.php, (3) article.comments.php, (4) article.publisher.php, or (5) article.download.php; and (6) the PATH_INFO to article.download.php. NOTE: some of these details are obtained from third party information.
by b3hz4d
CVE-2008-5630 EXPLOITDB text VERIFIED
Post Affiliate Pro <3,3.1.4 - SQL Injection
SQL injection vulnerability in merchants/index.php in Post Affiliate Pro 3 and 3.1.4 allows remote attackers to execute arbitrary SQL commands via the umprof_status parameter.
by XaDoS
CVE-2008-5637 EXPLOITDB text VERIFIED
ParsBlogger - SQL Injection via blog.asp wr Parameter
SQL injection vulnerability in blog.asp in ParsBlogger (Pb) allows remote attackers to execute arbitrary SQL commands via the wr parameter.
by h4ck3r
CVE-2008-6282 EXPLOITDB text VERIFIED
CMS Ortus < 1.13 - Authenticated SQL Injection via City Parameter
SQL injection vulnerability in engine/users/users_edit_pub.inc in CMS Ortus 1.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the city parameter in a users_edit_pub action to index.php.
by otmorozok428
CVE-2008-7071 EXPLOITDB text VERIFIED
Chipmunk Topsites - SQL Injection via Username Parameter
SQL injection vulnerability in authenticate.php in Chipmunk Topsites allows remote attackers to execute arbitrary SQL commands via the username parameter, related to login.php. NOTE: some of these details are obtained from third party information.
by ZoRLu
CVE-2008-5289 EXPLOITDB text VERIFIED
Clean CMS 1.5 - SQL Injection via full_txt.php id Parameter
SQL injection vulnerability in full_txt.php in Werner Hilversum Clean CMS 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by ZoRLu
CVE-2008-5293 EXPLOITDB text VERIFIED
WebStudio eHotel - SQL Injection via PageID Parameter
SQL injection vulnerability in index.php in WebStudio eHotel allows remote attackers to execute arbitrary SQL commands via the pageid parameter.
by Hussin X
CVE-2008-5294 EXPLOITDB text VERIFIED
WebStudio eCatalogue - SQL Injection
SQL injection vulnerability in index.php in WebStudio eCatalogue allows remote attackers to execute arbitrary SQL commands via the pageid parameter.
by Hussin X
CVE-2008-5292 EXPLOITDB text VERIFIED
VideoGirls BiZ - SQL Injection via view_snaps.php type Parameter
SQL injection vulnerability in view_snaps.php in VideoGirls BiZ allows remote attackers to execute arbitrary SQL commands via the type parameter.
by Cyber-Zone
EIP-2026-112149 EXPLOITDB text VERIFIED
SimpleBlog 3.0 - Database Disclosure
by EL_MuHaMMeD
CVE-2008-7073 EXPLOITDB text VERIFIED
RSS module 0.1 - Remote Code Execution via lib Parameter
PHP remote file inclusion vulnerability in lib/action/rss.php in RSS module 0.1 for Pie Web M{a,e}sher, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lib parameter.
by ZoRLu
CVE-2008-7062 EXPLOITDB text VERIFIED
LoveCMS 1.6.2 Final - Unauthenticated Arbitrary File Upload via Download Manager
Unrestricted file upload vulnerability in admin/index.php in Download Manager module 1.0 for LoveCMS 1.6.2 Final allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/.
by cOndemned
CVE-2008-5295 EXPLOITDB text VERIFIED
Jamit Job Board 3.4.10 - SQL Injection
SQL injection vulnerability in index.php in Jamit Job Board 3.4.10 allows remote attackers to execute arbitrary SQL commands via the show_emp parameter.
by XaDoS
CVE-2008-5291 EXPLOITDB text VERIFIED
fuzzylime_cms 3.03 - Remote File Inclusion via Track.php p Parameter
Directory traversal vulnerability in code/track.php in FuzzyLime 3.03 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter, a different vector than CVE-2007-4805 and CVE-2008-3165.
by Alfons Luja
CVE-2008-5288 EXPLOITDB text VERIFIED
Werner Hilversum FAQ Manager 1.2 - RCE
PHP remote file inclusion vulnerability in include/header.php in Werner Hilversum FAQ Manager 1.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the config_path parameter.
by ZoRLu
CVE-2008-5287 EXPLOITDB text VERIFIED
Werner Hilversum FAQ Manager 1.2 - SQL Injection
SQL injection vulnerability in catagorie.php in Werner Hilversum FAQ Manager 1.2 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
by cOndemned
CVE-2008-5290 EXPLOITDB text VERIFIED
Clean CMS 1.5 - Cross-Site Scripting via full_txt.php id Parameter
Cross-site scripting (XSS) vulnerability in full_txt.php in Werner Hilversum Clean CMS 1.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
by ZoRLu
By Source
All 31,351 Writeup 60,918 Exploitdb 50,023 Nomisec 22,028 Metasploit 3,243 Github 3,049 Vulncheck_xdb 909 Inthewild 514 Gitlab 461 Gitee 415 Patchapalooza 312
By Language
text 31,351 python 6,261 ruby 5,933 c 3,602 perl 2,849 html 2,057 php 1,327 bash 460 java 364 c++ 253 javascript 221 shell 108 go 65 postscript 25 xml 24