Exploitdb Exploits

31,353 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-6154 EXPLOITDB text VERIFIED
Hispah Text Links Ads 1.1 - SQL Injection via idcat Parameter
SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1 allows remote attackers to execute arbitrary SQL commands via the idcat parameter.
by InjEctOr5
CVE-2008-1436 EXPLOITDB text VERIFIED
Microsoft Windows XP-Vista-2003-2008 - Privilege Escalation
Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.
by Cesar Cerrudo
CVE-2008-6139 EXPLOITDB text VERIFIED
WebBiscuits Modules Controller 1.1 - Path Traversal
Directory traversal vulnerability in faqsupport/wce.download.php in WebBiscuits Modules Controller 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the download parameter.
by GoLd_M
CVE-2008-4694 EXPLOITDB text VERIFIED
Opera < 9.60 - Remote Code Execution via Crafted Redirect URL
Unspecified vulnerability in Opera before 9.60 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a redirect that specifies a crafted URL.
by MATASANOS
CVE-2008-6155 EXPLOITDB text VERIFIED
Hispah Text Links Ads 1.1 - SQL Injection via idtl Parameter
SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1 allows remote attackers to execute arbitrary SQL commands via the idtl parameter in a buy action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by InjEctOr5
EIP-2026-106434 EXPLOITDB text VERIFIED
DFFFrameworkAPI - 'DFF_config[dir_include]' Multiple Remote File Inclusions
by GoLd_M
CVE-2008-4502 EXPLOITDB text VERIFIED
DataFeedFile PHP Framework API - Remote Code Execution via DFF_config[dir_include] Parameter
Multiple PHP remote file inclusion vulnerabilities in DataFeedFile (DFF) PHP Framework API allow remote attackers to execute arbitrary PHP code via a URL in the DFF_config[dir_include] parameter to (1) DFF_affiliate_client_API.php, (2) DFF_featured_prdt.func.php, (3) DFF_mer.func.php, (4) DFF_mer_prdt.func.php, (5) DFF_paging.func.php, (6) DFF_rss.func.php, and (7) DFF_sku.func.php in include/.
by GoLd_M
CVE-2008-6156 EXPLOITDB text VERIFIED
AdMan 1.1.20070907 - Authenticated SQL Injection via editCampaign.php campaignId Parameter
SQL injection vulnerability in editCampaign.php in AdMan 1.1.20070907 allows remote authenticated users to execute arbitrary SQL commands via the campaignId parameter.
by SuB-ZeRo
CVE-2008-5712 EXPLOITDB text VERIFIED
KDE Konqueror 3.5.9 - Denial of Service via Long HTML Color Attribute
The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via (1) a long COLOR attribute in an HR element; or a long (a) BGCOLOR or (b) BORDERCOLOR attribute in a (2) TABLE, (3) TD, or (4) TR element. NOTE: the FONT vector is already covered by CVE-2008-4514.
by Jeremy Brown
CVE-2008-4492 EXPLOITDB text VERIFIED
YourOwnBux 4.0 - SQL Injection via usNick Cookie
SQL injection vulnerability in referrals.php in YourOwnBux 4.0 allows remote attackers to execute arbitrary SQL commands via the usNick cookie.
by Tec-n0x
CVE-2008-5873 EXPLOITDB text VERIFIED
Yerba SACphp < 6.3 - Unauthenticated Authentication Bypass via galleta[sesion] Cookie
Yerba SACphp 6.3 and earlier allows remote attackers to bypass authentication and gain administrative access via a galleta[sesion] cookie that has a value beginning with 1:1: followed by a username.
by StAkeR
CVE-2008-4494 EXPLOITDB text VERIFIED
TorrentTrader Classic <= 1.08 - SQL Injection via id Parameter
SQL injection vulnerability in completed-advance.php in TorrentTrader Classic 1.08 and 1.04 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by BazOka-HaCkEr
CVE-2008-4496 EXPLOITDB text VERIFIED
PHP Realtor 1.5 - SQL Injection via view_cat.php v_cat Parameter
SQL injection vulnerability in view_cat.php in PHP Realtor 1.5 allows remote attackers to execute arbitrary SQL commands via the v_cat parameter.
by Mr.SQL
CVE-2008-4498 EXPLOITDB text VERIFIED
Phpautos - SQL Injection
SQL injection vulnerability in searchresults.php in PHP Autos 2.9.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
by Mr.SQL
CVE-2008-4495 EXPLOITDB text VERIFIED
PHP Auto Dealer 2.7 - SQL Injection via view_cat.php v_cat Parameter
SQL injection vulnerability in view_cat.php in PHP Auto Dealer 2.7 allows remote attackers to execute arbitrary SQL commands via the v_cat parameter.
by Mr.SQL
EIP-2026-108370 EXPLOITDB text VERIFIED
Joomla! Component com_hotspots - SQL Injection
by cOndemned
CVE-2008-4497 EXPLOITDB text VERIFIED
Built2Go Real Estate Listings 1.5 - SQL Injection via event_id Parameter
SQL injection vulnerability in event_detail.php in Built2Go Real Estate Listings 1.5 allows remote attackers to execute arbitrary SQL commands via the event_id parameter.
by d3v1l
CVE-2008-4610 EXPLOITDB text VERIFIED
MPlayer - Denial of Service via Malformed AAC or OGM File
MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718.
by Hanno Bock
CVE-2008-4610 EXPLOITDB text VERIFIED
MPlayer - Denial of Service via Malformed AAC or OGM File
MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718.
by Hanno Bock
CVE-2008-4514 EXPLOITDB text VERIFIED
KDE Konqueror 3.5.9 - Denial of Service via Long Font Color Value
The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via a font tag with a long color value, which triggers an assertion error.
by Jeremy Brown
EIP-2026-119306 EXPLOITDB text VERIFIED
XAMPP for Windows 1.6.8 - 'Phonebook.php' SQL Injection
by Jaykishan Nirmal
CVE-2008-4421 EXPLOITDB text VERIFIED
MetaGauge < 1.0.3.38 - Path Traversal via Dot Dot Backslash in URL
Directory traversal vulnerability in MetaGauge 1.0.0.17, and probably other versions before 1.0.3.38, allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) in the URL.
by Brad Antoniewicz
EIP-2026-112112 EXPLOITDB text VERIFIED
Simple Machines Forum (SMF) 1.1.6 - 'POST' Filter Security Bypass
by WHK
CVE-2008-4499 EXPLOITDB text VERIFIED
PHP Web Explorer Lite < 0.99b - Path Traversal via Refer or File Parameter
Multiple directory traversal vulnerabilities in PHP Web Explorer 0.99b and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) refer parameter to main.php and the (2) file parameter to edit.php.
by Pepelux
CVE-2008-4499 EXPLOITDB text VERIFIED
PHP Web Explorer Lite < 0.99b - Path Traversal via Refer or File Parameter
Multiple directory traversal vulnerabilities in PHP Web Explorer 0.99b and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) refer parameter to main.php and the (2) file parameter to edit.php.
by Pepelux
By Source
All 31,353 Writeup 60,959 Exploitdb 50,031 Nomisec 22,040 Metasploit 3,243 Github 3,066 Vulncheck_xdb 909 Inthewild 514 Gitlab 463 Gitee 415 Patchapalooza 312
By Language
text 31,353 python 6,278 ruby 5,933 c 3,604 perl 2,849 html 2,058 php 1,327 bash 460 java 364 c++ 253 javascript 222 shell 108 go 65 postscript 25 xml 24