Exploitdb Exploits

31,351 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-7072 EXPLOITDB text VERIFIED
Chipmunk Topsites - Cross-Site Scripting via Start Parameter
Cross-site scripting (XSS) vulnerability in index.php in Chipmunk Topsites allows remote attackers to inject arbitrary web script or HTML via the start parameter.
by ZoRLu
CVE-2008-5337 EXPLOITDB text VERIFIED
Bandwebsite 1.5 - SQL Injection
SQL injection vulnerability in lyrics.php in Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by ZoRLu
CVE-2008-5333 EXPLOITDB text VERIFIED
NitroTech 0.0.3a - SQL Injection via members.php id Parameter
SQL injection vulnerability in members.php in NitroTech 0.0.3a allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Osirys
CVE-2008-5336 EXPLOITDB text VERIFIED
WebStudio CMS - SQL Injection via pageid Parameter
SQL injection vulnerability in index.php in WebStudio CMS allows remote attackers to execute arbitrary SQL commands via the pageid parameter.
by Glafkos Charalambous
CVE-2008-5332 EXPLOITDB text VERIFIED
Pie 0.5.3 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in Pie 0.5.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lib parameter to files in lib/action/ including (a) alias.php, (b) cancel.php, (c) context.php, (d) deadlinks.php, (e) delete.php, and others; and the (2) GLOBALS[pie][library_path] parameter to files in lib/share/ including (f) diff.php, (g) file.php, (h) locale.php, (i) mapfile.php, (j) page.php, and others.
by NoGe
CVE-2008-5334 EXPLOITDB text VERIFIED
NitroTech 0.0.3a - Remote Code Execution via Root Parameter
PHP remote file inclusion vulnerability in includes/common.php in NitroTech 0.0.3a allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
by Osirys
CVE-2008-5309 EXPLOITDB text VERIFIED
NetArt Media Real Estate Portal 1.2 - SQL Injection
SQL injection vulnerability in NetArt Media Real Estate Portal 1.2 allows remote attackers to execute arbitrary SQL commands via the ad_id parameter in the re_send_email module to index.php.
by Hussin X
CVE-2008-6118 EXPLOITDB text VERIFIED
Goople CMS 1.7 - Unauthenticated Authentication Bypass via Loggedin Cookie
win/content/upload.php in Goople CMS 1.7 allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1.
by x0r
EIP-2026-107296 EXPLOITDB text VERIFIED
ftpzik - Cross-Site Scripting / Local File Inclusion
by JIKO
EIP-2026-106116 EXPLOITDB text VERIFIED
COms - 'dynamic.php' Cross-Site Scripting
by Pouya_Server
CVE-2008-5338 EXPLOITDB text VERIFIED
Bandwebsite 1.5 - XSS
Cross-site scripting (XSS) vulnerability in info.php in Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to inject arbitrary web script or HTML via the section parameter.
by ZoRLu
CVE-2008-7065 EXPLOITDB text VERIFIED
Siemens Gigaset C450 IP and C475 IP - Denial of Service via Crafted SIP Packet
Siemens C450 IP and C475 IP VoIP devices allow remote attackers to cause a denial of service (disconnected calls and device reboot) via a crafted SIP packet to UDP port 5060.
by sky & Any
CVE-2008-6118 EXPLOITDB text VERIFIED
Goople CMS 1.7 - Unauthenticated Authentication Bypass via Loggedin Cookie
win/content/upload.php in Goople CMS 1.7 allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1.
by BeyazKurt
CVE-2008-5938 EXPLOITDB text VERIFIED
MODx CMS <0.9.6.2 - Remote Code Execution
PHP remote file inclusion vulnerability in assets/snippets/reflect/snippet.reflect.php in MODx CMS 0.9.6.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the reflect_base parameter.
by RoMaNcYxHaCkEr
CVE-2008-6115 EXPLOITDB text VERIFIED
Prozilla Hosting Index - SQL Injection
SQL injection vulnerability in directory.php in Prozilla Hosting Index allows remote attackers to execute arbitrary SQL commands via the id parameter in a deadlink action, a different vector than CVE-2008-2083.
by snakespc
CVE-2008-5307 EXPLOITDB text VERIFIED
PG Roommate Finder Solution - SQL Injection
SQL injection vulnerability in admin/index.php in PG Roommate Finder Solution allows remote attackers to execute arbitrary SQL commands via the login_lg parameter. NOTE: some of these details are obtained from third party information.
by ZoRLu
CVE-2008-5307 EXPLOITDB text VERIFIED
PG Roommate Finder Solution - SQL Injection
SQL injection vulnerability in admin/index.php in PG Roommate Finder Solution allows remote attackers to execute arbitrary SQL commands via the login_lg parameter. NOTE: some of these details are obtained from third party information.
by ZoRLu
CVE-2008-7080 EXPLOITDB text VERIFIED
PHP Classifieds Script - Unauthenticated Sensitive Information Exposure via Direct Request
Team PHP PHP Classifieds Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for admin/backup/datadump.sql.
by InjEctOr5
CVE-2008-5306 EXPLOITDB text VERIFIED
PG Real Estate Solution - SQL Injection
SQL injection vulnerability in admin/index.php in PG Real Estate Solution allows remote attackers to execute arbitrary SQL commands via the login_lg parameter (username). NOTE: some of these details are obtained from third party information.
by ZoRLu
CVE-2008-6117 EXPLOITDB text VERIFIED
PG Job Site Pro - SQL Injection via poll_view_id Parameter
SQL injection vulnerability in homepage.php in PG Job Site Pro allows remote attackers to execute arbitrary SQL commands via the poll_view_id parameter in a results action.
by ZoRLu
CVE-2008-5310 EXPLOITDB text VERIFIED
NetArt Media Car Portal 2.0 - SQL Injection
SQL injection vulnerability in image.php in NetArt Media Car Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by snakespc
CVE-2008-5311 EXPLOITDB text VERIFIED
NetArt Media Blog System 1.5 - SQL Injection
SQL injection vulnerability in image.php in NetArt Media Blog System 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by snakespc
CVE-2008-5939 EXPLOITDB text VERIFIED
MODx CMS <0.9.6.2 - XSS
Cross-site scripting (XSS) vulnerability in index.php in MODx CMS 0.9.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in the username field, possibly related to snippet.ditto.php. NOTE: some sources list the id parameter as being affected, but this is probably incorrect based on the original disclosure.
by RoMaNcYxHaCkEr
CVE-2008-6119 EXPLOITDB text VERIFIED
Goople CMS 1.7 - Static Code Injection via Username and Password Parameters
Static code injection vulnerability in gooplecms/admin/account/action/editpass.php in Goople CMS 1.7 allows remote attackers to inject arbitrary PHP code into admin/userandpass.php via the (1) username and (2) password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by BeyazKurt
EIP-2026-107461 EXPLOITDB text VERIFIED
Goople CMS 1.7 - Arbitrary File Upload
by x0r
By Source
All 31,351 Writeup 60,933 Exploitdb 50,023 Nomisec 22,029 Metasploit 3,243 Github 3,050 Vulncheck_xdb 909 Inthewild 514 Gitlab 461 Gitee 415 Patchapalooza 312
By Language
text 31,351 python 6,262 ruby 5,933 c 3,602 perl 2,849 html 2,057 php 1,327 bash 460 java 364 c++ 253 javascript 221 shell 108 go 65 postscript 25 xml 24