Exploitdb Exploits

31,364 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-100977 EXPLOITDB text
Aastra 6755i SIP SP4 - Denial of Service
by Wadeek
CVE-2018-13818 EXPLOITDB CRITICAL text
Symfony Twig < 2.4.4 - Code Injection
Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it
by JameelNabbo
CVSS 9.8
EIP-2026-115642 EXPLOITDB text VERIFIED
Microsoft Edge - 'UnmapViewOfFile' ACG Bypass
by Google Security Research
EIP-2026-112817 EXPLOITDB text VERIFIED
TV - Video Subscription - Authentication Bypass SQL Injection
by L0RD
EIP-2026-111564 EXPLOITDB text VERIFIED
PSNews Website 1.0.0 - 'Keywords' SQL Injection
by L0RD
EIP-2026-110585 EXPLOITDB text VERIFIED
PHIMS - Hospital Management Information System - 'Password' SQL Injection
by L0RD
CVE-2018-5987 EXPLOITDB CRITICAL text VERIFIED
Pinterest Clone Social Pinboard 2.0 - SQL Injection
SQL Injection exists in the Pinterest Clone Social Pinboard 2.0 component for Joomla! via the pin_id or user_id parameter in a task=getlikeinfo action, the ends parameter in a view=gift action, the category parameter in a view=home action, the uid parameter in a view=pindisplay action, the searchVal parameter in a view=search action, or the uid parameter in a view=likes action.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6583 EXPLOITDB CRITICAL text VERIFIED
Quanticalabs Timetable Responsive Schedule - SQL Injection
SQL Injection exists in the Timetable Responsive Schedule 1.5 component for Joomla! via a view=event&alias= request.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5992 EXPLOITDB CRITICAL text VERIFIED
Joomla! <1.0 RC 1 - SQL Injection
SQL Injection exists in the Staff Master through 1.0 RC 1 component for Joomla! via the name parameter in a view=staff request.
by Ihsan Sencan
CVSS 9.8
CVE-2018-7179 EXPLOITDB CRITICAL text
Squadmanagement - SQL Injection
SQL Injection exists in the SquadManagement 1.0.3 component for Joomla! via the id parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5980 EXPLOITDB CRITICAL text
Solidres 2.5.1 - SQL Injection
SQL Injection exists in the Solidres 2.5.1 component for Joomla! via the direction parameter in a hub.search action.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5975 EXPLOITDB CRITICAL text VERIFIED
Joomla! Smart Shoutbox 3.0.0 - SQL Injection
SQL Injection exists in the Smart Shoutbox 3.0.0 component for Joomla! via the shoutauthor parameter to the archive URI.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5974 EXPLOITDB CRITICAL text
SimpleCalendar 3.1.9 - SQL Injection
SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! via the catid array parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-7178 EXPLOITDB CRITICAL text
Saxum2003 Saxum Picker - SQL Injection
SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla! via the publicid parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-7177 EXPLOITDB CRITICAL text
Saxum2003 Numerology - SQL Injection
SQL Injection exists in the Saxum Numerology 3.0.4 component for Joomla! via the publicid parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-7180 EXPLOITDB CRITICAL text
Saxum2003 Astro - SQL Injection
SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla! via the publicid parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6005 EXPLOITDB CRITICAL text
Realpin <1.5.04 - SQL Injection
SQL Injection exists in the Realpin through 1.5.04 component for Joomla! via the pinboard parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6024 EXPLOITDB CRITICAL text VERIFIED
Joomla! Project Log 1.5.3 - SQL Injection
SQL Injection exists in the Project Log 1.5.3 component for Joomla! via the search parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6370 EXPLOITDB CRITICAL text VERIFIED
Neojoomla Neorecruit - SQL Injection
SQL Injection exists in the NeoRecruit 4.1 component for Joomla! via the (1) PATH_INFO or (2) name of a .html file under the all-offers/ URI.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5971 EXPLOITDB CRITICAL text
MediaLibrary Free 4.0.12 - SQL Injection
SQL Injection exists in the MediaLibrary Free 4.0.12 component for Joomla! via the id parameter or the mid array parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-16356 EXPLOITDB MEDIUM text
Kubik-Rubik SIGE <3.3.0 - XSS
Reflected XSS in Kubik-Rubik SIGE (aka Simple Image Gallery Extended) before 3.3.0 allows attackers to execute JavaScript in a victim's browser by having them visit a plugins/content/sige/plugin_sige/print.php link with a crafted img, name, or caption parameter.
by Alwin Peppels
CVSS 6.1
CVE-2018-6585 EXPLOITDB CRITICAL text VERIFIED
Techjoomla Jticketing - SQL Injection
SQL Injection exists in the JTicketing 2.0.16 component for Joomla! via a view=events action with a filter_creator or filter_events_cat parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5994 EXPLOITDB CRITICAL text
JS Jobs 1.1.9 - SQL Injection
SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a view_resume request.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6006 EXPLOITDB CRITICAL text
JS Autoz 1.0.9 - SQL Injection
SQL Injection exists in the JS Autoz 1.0.9 component for Joomla! via the vtype, pre, or prs parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5983 EXPLOITDB CRITICAL text VERIFIED
Joomla! - SQL Injection
SQL Injection exists in the JquickContact 1.3.2.2.1 component for Joomla! via a task=refresh&sid= request.
by Ihsan Sencan
CVSS 9.8
By Source
All 31,364 Writeup 56,303 Exploitdb 50,186 Nomisec 21,473 Metasploit 3,228 Github 2,598 Vulncheck_xdb 904 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,364 python 5,960 ruby 5,960 c 3,580 perl 2,854 html 2,056 php 1,334 bash 459 java 362 javascript 260 c++ 250 shell 95 go 55 postscript 25 xml 24