Exploitdb Exploits

31,353 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-6824 EXPLOITDB text VERIFIED
A-LINK WL54AP2 and WL54AP3 - Unauthenticated Admin Access via Blank Default Password
The management interface on the A-LINK WL54AP3 and WL54AP2 access points has a blank default password for the admin account, which makes it easier for remote attackers to obtain access.
by Henri Lindberg
CVE-2008-6777 EXPLOITDB text VERIFIED
MyPHP Forum < 3.0 - SQL Injection via Member and Post Parameters
Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a confirm action, the (2) user parameter in a newconfirm action, and (3) reqpwd action to member.php; and the (4) quote parameter in a post action and (5) pid parameter in an edit action to post.php, different vectors than CVE-2005-0413.2 and CVE-2007-6667.
by StAkeR
CVE-2008-6860 EXPLOITDB text VERIFIED
Absolute Poll Manager XE 4.1 - Unauthenticated Authentication Bypass via Cookie Manipulation
Xigla Software Absolute Poll Manager XE 4.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
by Hakxer
CVE-2008-6857 EXPLOITDB text VERIFIED
Absolute Podcast .NET 1.0 - Unauthenticated Authentication Bypass via Cookie Manipulation
Absolute Podcast .NET 1.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value.
by Hakxer
EIP-2026-104891 EXPLOITDB text VERIFIED
Absolute File Send 1.0 - Remote Insecure Cookie Handling
by Hakxer
CVE-2008-4907 EXPLOITDB text VERIFIED
Dovecot 1.1.4 and 1.1.5 - Denial of Service via Malformed From Address in IMAP FETCH ENVELOPE
The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
by anonymous
CVE-2008-4918 EXPLOITDB text VERIFIED
SonicOS Enhanced < 4.0.1.1 - Cross-Site Scripting via CFS Block Page
Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering, which is not properly handled in the CFS block page, aka "universal website hijacking."
by pagvac
CVE-2008-6215 EXPLOITDB text VERIFIED
Venalsur Booking Centre Booking System for Hotels Group - Stored Cross-Site Scripting via OfertaID Parameter
Cross-site scripting (XSS) vulnerability in cadena_ofertas_ext.php in Venalsur Booking Centre Booking System for Hotels Group allows remote attackers to inject arbitrary web script or HTML via the OfertaID parameter.
by d3b4g
CVE-2008-4877 EXPLOITDB text VERIFIED
WebCards < 1.3 - SQL Injection via User Parameter
SQL injection vulnerability in admin.php in WebCards 1.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: some of these details are obtained from third party information.
by t0pP8uZz
CVE-2008-4878 EXPLOITDB text VERIFIED
WebCards < 1.3 - Authenticated Arbitrary File Upload via Add Image Macro
Unrestricted file upload vulnerability in the "Add Image Macro" feature in WebCards 1.3 allows remote authenticated administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the uploaded file.
by t0pP8uZz
CVE-2008-6216 EXPLOITDB text VERIFIED
Venalsur Booking Centre Booking System for Hotels Group - SQL Injection via OfertaID Parameter
SQL injection vulnerability in cadena_ofertas_ext.php in Venalsur Booking Centre Booking System for Hotels Group allows remote attackers to execute arbitrary SQL commands via the OfertaID parameter.
by d3b4g
CVE-2008-6214 EXPLOITDB text VERIFIED
Harlandscripts Pro Traffic One - SQL Injection via poll_results.php id Parameter
SQL injection vulnerability in poll_results.php in Harlandscripts Pro Traffic One allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Hussin X
CVE-2008-5068 EXPLOITDB text VERIFIED
Kmita Gallery - Cross-Site Scripting via Begin and Searchtext Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Kmita Gallery allow remote attackers to inject arbitrary web script or HTML via the (1) begin parameter to index.php and the (2) searchtext parameter to search.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by cize0f
CVE-2008-6213 EXPLOITDB text VERIFIED
Harlandscripts Pro Traffic One - SQL Injection via trg Parameter in mypage.php
SQL injection vulnerability in mypage.php in Harlandscripts Pro Traffic One allows remote attackers to execute arbitrary SQL commands via the trg parameter.
by Beenu Arora
EIP-2026-107546 EXPLOITDB text VERIFIED
H2O-CMS 3.4 - Insecure Cookie Handling
by Stack
CVE-2008-6217 EXPLOITDB text VERIFIED
Extrakt Framework 0.7 - Cross-Site Scripting via plugins[file][id] Parameter
Cross-site scripting (XSS) vulnerability in index.php in Extrakt Framework 0.7 allows remote attackers to inject arbitrary web script or HTML via the plugins[file][id] parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ShockShadow
EIP-2026-106674 EXPLOITDB text VERIFIED
e107 plugin fm pro 1 - File Disclosure / Arbitrary File Upload / Directory Traversal
by GoLd_M
CVE-2008-4873 EXPLOITDB text VERIFIED
Sepal SPBOARD 4.5 - Remote Command Execution via board.cgi file Parameter
board.cgi in Sepal SPBOARD 4.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter during a down_file action.
by GoLd_M
EIP-2026-100275 EXPLOITDB text VERIFIED
Dorsa CMS - 'Default_.aspx' Cross-Site Scripting
by Pouya_Server
CVE-2008-5065 EXPLOITDB text VERIFIED
Easy-script Tlguesbook - Authentication Bypass
TlGuestBook 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlGuestBook_login cookie to admin.
by x0r
CVE-2008-5039 EXPLOITDB text VERIFIED
PHP-Nuke League module - Cross-Site Scripting via tid Parameter
Cross-site scripting (XSS) vulnerability in the League module for PHP-Nuke, possibly 2.4, allows remote attackers to inject arbitrary web script or HTML via the tid parameter in a team action to modules.php.
by Ehsan_Hp200
EIP-2026-110552 EXPLOITDB text VERIFIED
PersianBB - 'id' SQL Injection
by Hussin X
CVE-2008-5040 EXPLOITDB text VERIFIED
Graphiks MyForum 1.3 - Unauthenticated Authentication Bypass via Cookie Manipulation
Graphiks MyForum 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the (1) myforum_login and (2) myforum_pass cookies to 1.
by Stack
CVE-2008-5067 EXPLOITDB text VERIFIED
Kmita Catalogue 2.x - Cross-Site Scripting via Search Parameter
Cross-site scripting (XSS) vulnerability in search.php in Kmita Catalogue 2.x allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by cize0f
CVE-2008-5064 EXPLOITDB text VERIFIED
H&H WebSoccer 2.80 - SQL Injection via liga.php id Parameter
SQL injection vulnerability in liga.php in H&H WebSoccer 2.80 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by d3v1l
By Source
All 31,353 Writeup 60,946 Exploitdb 50,031 Nomisec 22,035 Metasploit 3,243 Github 3,059 Vulncheck_xdb 909 Inthewild 514 Gitlab 462 Gitee 415 Patchapalooza 312
By Language
text 31,353 python 6,273 ruby 5,933 c 3,604 perl 2,849 html 2,058 php 1,327 bash 460 java 364 c++ 253 javascript 221 shell 108 go 65 postscript 25 xml 24