Exploitdb Exploits

1,269 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-110919 EXPLOITDB php VERIFIED
PHPads 213607 - Authentication Bypass / Password Change
by Shaker msallm
CVE-2014-9034 EXPLOITDB php
WordPress Long Password DoS
wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long password that is improperly handled during hashing, a similar issue to CVE-2014-9016.
by SECURELI.com
CVE-2014-3704 EXPLOITDB php VERIFIED
Drupal < 7.32 - SQL Injection
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.
by Stefan Horst
CVE-2014-3704 EXPLOITDB php
Drupal < 7.32 - SQL Injection
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.
by Stefan Horst
CVE-2015-1587 EXPLOITDB php VERIFIED
Maarch LetterBox <2.8 - RCE
Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a request to a predictable filename in tmp/.
by Adrien Thierry
CVE-2014-3704 EXPLOITDB php VERIFIED
Drupal < 7.32 - SQL Injection
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.
by Dustin Dörr
CVE-2014-7910 EXPLOITDB php VERIFIED
Google Chrome < 39.0.2171.45 - Denial of Service
Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
by Prakhar Prasad & Subho Halder
EIP-2026-100018 EXPLOITDB php
Plesk 10.4.4/11.0.9 - SSO XML External Entity / Cross-Site Scripting Injection
by BLacK ZeRo
EIP-2026-113633 EXPLOITDB php VERIFIED
WordPress Plugin cnhk-Slideshow - Arbitrary File Upload
by Ashiyane Digital Security Team
EIP-2026-109943 EXPLOITDB php VERIFIED
No-CMS 0.6.6 rev 1 - Admin Account Hijacking / Remote Code Execution via Static Encryption Key
by Mehmet Ince
EIP-2026-114327 EXPLOITDB php VERIFIED
WordPress Theme Felici - 'Uploadify.php' Arbitrary File Upload
by CaFc Versace
EIP-2026-113980 EXPLOITDB php VERIFIED
WordPress Plugin Premium Gallery Manager - Arbitrary File Upload
by eX-Sh1Ne
EIP-2026-109546 EXPLOITDB php VERIFIED
MODx Evogallery Module - 'Uploadify.php' Arbitrary File Upload
by TUNISIAN CYBER
CVE-2025-34037 EXPLOITDB CRITICAL php VERIFIED
Linksys E-Series - Command Injection
An OS command injection vulnerability exists in various models of E-Series Linksys routers via the /tmUnblock.cgi and /hndUnblock.cgi endpoints over HTTP on port 8080. The CGI scripts improperly process user-supplied input passed to the ttcp_ip parameter without sanitization, allowing unauthenticated attackers to inject shell commands. This vulnerability was reported to be exploited in the wild by the "TheMoon" worm  in 2014 to deploy a MIPS ELF payload, enabling arbitrary code execution on the router. Additionally, this vulnerability may affect other Linksys products to include, but not limited to, WAG/WAP/WES/WET/WRT-series router models and Wireless-N access points and routers. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-06 UTC.
by Rew
EIP-2026-114336 EXPLOITDB php VERIFIED
WordPress Theme Kiddo - Arbitrary File Upload
by TUNISIAN CYBER
EIP-2026-105019 EXPLOITDB php
AfterLogic Pro and Lite 7.1.1.1 - Persistent Cross-Site Scripting
by Saeed reza Zamanian
EIP-2026-100560 EXPLOITDB php
SmarterMail Enterprise and Standard 11.x - Persistent Cross-Site Scripting
by Saeed reza Zamanian
CVE-2013-6924 EXPLOITDB CRITICAL php
Seagate Blackarmor Nas 220 Firmware - Command Injection
Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow remote attackers to execute arbitrary commands via shell metacharacters in the ip parameter to backupmgt/getAlias.php.
by Jeroen - IT Nerdbox
CVSS 9.8
CVE-2014-10032 EXPLOITDB php
Scriptbrasil Taboada Macronews - SQL Injection
SQL injection vulnerability in news_popup.php in Taboada MacroNews 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
by Jefrey
EIP-2026-115988 EXPLOITDB php
Ofilter Player 1.1 - '.wav' Integer Division by Zero
by Osanda Malith Jayathissa
EIP-2026-110350 EXPLOITDB php VERIFIED
osCMax - Arbitrary File Upload / Full Path Information Disclosure
by KedAns-Dz
EIP-2026-113955 EXPLOITDB php VERIFIED
WordPress Plugin PhotoSmash Galleries - 'bwbps-uploader.php' Arbitrary File Upload
by Ashiyane Digital Security Team
EIP-2026-113945 EXPLOITDB php
WordPress Plugin page-flip-image-gallery - Arbitrary File Upload
by Ashiyane Digital Security Team
EIP-2026-109855 EXPLOITDB php VERIFIED
NeoBill - '/modules/nullregistrar/PHPwhois/example.php?query' Remote Code Execution
by KedAns-Dz
EIP-2026-109854 EXPLOITDB php VERIFIED
NeoBill - '/install/include/solidstate.php' Multiple SQL Injections
by KedAns-Dz
By Source
All 1,269 Exploitdb 50,123 Writeup 46,586 Nomisec 21,108 Metasploit 3,189 Github 2,216 Vulncheck_xdb 900 Inthewild 518 Gitlab 438 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,725 c 3,550 perl 2,854 html 2,053 php 1,334 bash 459 java 359 javascript 256 c++ 245 shell 67 go 41 postscript 25 xml 24