Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2006-5243 EXPLOITDB
OpenDock Easy Doc < 1.4 - Remote File Inclusion via doc_directory Parameter
Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Doc 1.4 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) down_stat.php, (2) file.php, (3) find_file.php, (4) lib_file.php, and (5) lib_form_file.php in sw/lib_up_file/; (6) find_comment.php, (7) comment.php, and (8) lib_comment.php in sw/lib_comment/; (9) sw/lib_find/find.php; and other unspecified PHP scripts.
CVE-2002-0330 EXPLOITDB
OpenBB 1.0.0 - Cross-Site Scripting via IMG Tag
Cross-site scripting vulnerability in codeparse.php of Open Bulletin Board (OpenBB) 1.0.0 allows remote attackers to execute arbitrary script and steal cookies via Javascript in the IMG tag.
CVE-2007-2816 EXPLOITDB
ol_bookmarks 0.7.4 - Remote Code Execution via Root Parameter in Theme Files
Multiple PHP remote file inclusion vulnerabilities in ol'bookmarks 0.7.4 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) test1.php, (2) blackorange.php, (3) default.php, (4) frames1.php, (5) frames1_top.php, (7) test2.php, (8) test3.php, (9) test4.php, (10) test5.php, (11) test6.php, (12) frames1_left.php, and (13) frames1_center.php in themes/.
CVE-2007-2817 EXPLOITDB
ol_bookmarks 0.7.4 - SQL Injection via id Parameter
SQL injection vulnerability in read/index.php in ol'bookmarks 0.7.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-6518 EXPLOITDB
WoltLab Burning Board (wBB) Lite 1.0.2 pl3e - SQL Injection
Multiple SQL injection vulnerabilities in search.php in WoltLab Burning Board (wBB) Lite 1.0.2 pl3e allow remote attackers to execute arbitrary SQL commands via the (1) showposts, (2) sortby, and (3) sortorder parameters.
CVE-2009-4907 EXPLOITDB
oBlog - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in oBlog allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) force an admin logout, (3) change the visibility of posts, (4) remove links, and (5) change the name fields of a blog.
CVE-2005-0613 EXPLOITDB php
FCKeditor 2.0 RC2 - Unauthenticated Arbitrary File Upload
Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files.
CVE-2006-1162 EXPLOITDB php
Nodez 4.6.1.1 - Directory Traversal via op Parameter
Directory traversal vulnerability in Nodez 4.6.1.1 and earlier allows remote attackers to read or include arbitrary PHP files via a .. (dot dot) in the op parameter, as demonstrated by inserting malicious Email parameters into list.gtdat, then accessing list.gtdat using the op parameter.
CVE-2006-2636 EXPLOITDB
Katy Whitton NewsCMSLite - Unauthenticated Authentication Bypass via loggedIn Cookie
newsadmin.asp in Katy Whitton NewsCMSLite allows remote attackers to bypass authentication and gain administrative access by setting the loggedIn cookie to "xY1zZoPQ".
CVE-2007-1634 EXPLOITDB php
Net Portal Dynamic System < 5.10 - SQL Injection via _FILES[DB][tmp_name] Parameter
Variable extraction vulnerability in grab_globals.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to conduct SQL injection attacks via the _FILES[DB][tmp_name] parameter to print.php, which overwrites the $DB variable with dynamic variable evaluation.
CVE-2008-4454 EXPLOITDB
MySQL Quick Admin 1.5.5 - Path Traversal via Lang Parameter
Directory traversal vulnerability in EKINdesigns MySQL Quick Admin 1.5.5 allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the lang parameter to actions.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0491 EXPLOITDB
Sky GUNNING MySpeach <= 3.0.6 - Remote File Inclusion via my_ms[root] Parameter
PHP remote file inclusion vulnerability in up.php in Sky GUNNING MySpeach 3.0.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the my_ms[root] parameter, a different vector than CVE-2006-4630. NOTE: Some of these details are obtained from third party information.
CVE-2011-3393 EXPLOITDB
MYRE Real Estate Software - Cross-Site Scripting via findagent.php Parameters
Multiple cross-site scripting (XSS) vulnerabilities in findagent.php in MYRE Real Estate Software allow remote attackers to inject arbitrary web script or HTML via the (1) country1, (2) state1, or (3) city1 parameter.
CVE-2012-4261 EXPLOITDB
myCare2x - SQL Injection via lang Parameter
SQL injection vulnerability in modules/patient/mycare2x_pat_info.php in myCare2x allows remote attackers to execute arbitrary SQL commands via the lang parameter.
CVE-2006-3775 EXPLOITDB php
Mybulletinboard - SQL Injection
SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER['HTTP_CLIENT_IP'] variable), as utilized by index.php.
CVE-2011-4858 EXPLOITDB php
Apache Tomcat < 5.5.35, 6.x < 6.0.35, 7.x < 7.0.23 - Denial of Service via Hash Collision in Form Parameters
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
CVE-2011-4885 EXPLOITDB php
PHP < 5.3.9 - Denial of Service via Hash Collision in Form Parameter Handling
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
CVE-2011-5034 EXPLOITDB php
Apache Geronimo < 2.2.1 - Denial of Service via Predictable Hash Collisions
Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
CVE-2014-9240 EXPLOITDB
MyBB 1.8.x < 1.8.2 - SQL Injection via member.php question_id Parameter
SQL injection vulnerability in member.php in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the question_id parameter in a do_register action.
CVE-2021-27889 EXPLOITDB MEDIUM javascript
MyBB < 1.8.26 - Cross-Site Scripting via Nested Auto URL Message Parsing
Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages.
CVSS 6.1
CVE-2010-1269 EXPLOITDB
phpscripte24 Niedrig Gebote Pro Auktions System II - SQL Injection via auktion.php id_auk Parameter
SQL injection vulnerability in auktion.php in phpscripte24 Niedrig Gebote Pro Auktions System II allows remote attackers to execute arbitrary SQL commands via the id_auk parameter.
CVE-2008-6126 EXPLOITDB
moziloCMS <= 1.10.2 - Path Traversal via Download and Index Page Parameters
Multiple directory traversal vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter to download.php and the (2) page parameter to index.php, a different vector than CVE-2008-3589.
CVE-2023-3843 EXPLOITDB LOW
mooSocial mooDating 1.2 - Cross-Site Scripting in URL Handler
A vulnerability was found in mooSocial mooDating 1.2. It has been classified as problematic. Affected is an unknown function of the file /matchmakings/question of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-235194 is the identifier assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.
CVSS 3.5
CVE-2023-3844 EXPLOITDB LOW
mooSocial mooDating 1.2 - Cross-Site Scripting in URL Handler
A vulnerability was found in mooSocial mooDating 1.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /friends of the component URL Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-235195. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.
CVSS 3.5
CVE-2023-3845 EXPLOITDB LOW
mooSocial mooDating 1.2 - Cross-Site Scripting in URL Handler
A vulnerability was found in mooSocial mooDating 1.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /friends/ajax_invite of the component URL Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235196. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.
CVSS 3.5
By Source
All 50,076 Writeup 62,302 Exploitdb 50,076 Nomisec 22,417 Github 3,632 Metasploit 3,314 Vulncheck_xdb 929 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,573 ruby 6,005 c 3,628 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 229 shell 131 go 73 postscript 25 typescript 25