Exploitdb Exploits

31,329 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-15981 EXPLOITDB CRITICAL text
Geniusocean Newspaper - SQL Injection
Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15982 EXPLOITDB CRITICAL text
Geniusocean News - SQL Injection
Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15983 EXPLOITDB CRITICAL text
Geniusocean Mymagazine Magazine & Blog Cms - SQL Injection
MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15968 EXPLOITDB CRITICAL text
Contractorscripts Mybuildersite - SQL Injection
MyBuilder Clone 1.0 allows SQL Injection via the phpsqlsearch_genxml.php subcategory parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15967 EXPLOITDB CRITICAL text
Mailing-manager Mailing List Manager Pro - SQL Injection
Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15966 EXPLOITDB CRITICAL text
ZH Yandexmap - SQL Injection
The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla! allows SQL Injection via the placemarklistid parameter to index.php.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15965 EXPLOITDB CRITICAL text
Nswd NS Download Shop - SQL Injection
The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15964 EXPLOITDB CRITICAL text
Nicephpscripts Job Board Script - SQL Injection
Job Board Script Software allows SQL Injection via the PATH_INFO to a /job-details URI.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15963 EXPLOITDB CRITICAL text
Itechscripts Gigs Script - SQL Injection
iTech Gigs Script 1.21 allows SQL Injection via the browse-scategory.php sc parameter or the service-provider.php ser parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15962 EXPLOITDB CRITICAL text
Istock Management System - Unrestricted File Upload
iStock Management System 1.0 allows Arbitrary File Upload via user/profile.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15961 EXPLOITDB CRITICAL text
Iproject Management System - SQL Injection
iProject Management System 1.0 allows SQL Injection via the ID parameter to index.php.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15957 EXPLOITDB HIGH text
Ingenious School Management System - Unrestricted File Upload
my_profile.php in Ingenious School Management System 2.3.0 allows a student or teacher to upload an arbitrary file.
by Ihsan Sencan
CVSS 8.8
CVE-2017-15987 EXPLOITDB CRITICAL text
Fake Magazine Cover Script - SQL Injection
Fake Magazine Cover Script allows SQL Injection via the rate.php value parameter or the content.php id parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15958 EXPLOITDB CRITICAL text
Domainzaar D-park Pro - SQL Injection
D-Park Pro Domain Parking Script 1.0 allows SQL Injection via the username to admin/loginform.php.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15986 EXPLOITDB CRITICAL text
Cpa Lead Reward Script - SQL Injection
CPA Lead Reward Script allows SQL Injection via the username parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15984 EXPLOITDB CRITICAL text
Bekirk Creative Management System Lite - SQL Injection
Creative Management System (CMS) Lite 1.4 allows SQL Injection via the S parameter to index.php.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15985 EXPLOITDB CRITICAL text
Readymadeb2bscript Basic B2b Script - SQL Injection
Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15960 EXPLOITDB CRITICAL text
Yourarticlesdirectory Article Directory Script - SQL Injection
Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15978 EXPLOITDB CRITICAL text
Arox School Erp Php Script - SQL Injection
AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15959 EXPLOITDB CRITICAL text
Adultscriptpro - SQL Injection
Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a /download URI, a different vulnerability than CVE-2007-6576.
by Ihsan Sencan
CVSS 9.8
CVE-2017-16523 EXPLOITDB CRITICAL text
MitraStar GPT-2541GNAC and DSL-100HN-T1 - Hardcoded Password
MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices have a zyad1234 password for the zyad1234 account, which is equivalent to root and undocumented.
by j0lama
CVSS 9.8
CVE-2017-16522 EXPLOITDB HIGH text
Mitrastar Gpt-2541gnac Firmware - Incorrect Default Permissions
MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices allow remote authenticated users to obtain root access by specifying /bin/sh as the command to execute.
by j0lama
CVSS 8.8
CVE-2017-15727 EXPLOITDB MEDIUM text
Phpmyfaq < 2.9.8 - XSS
In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment.
by Nikhil Mittal
CVSS 5.4
CVE-2017-15081 EXPLOITDB CRITICAL text
Phpsugar Php Melody - SQL Injection
In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php.
by Venkat Rajgor
CVSS 9.8
EIP-2026-104112 EXPLOITDB text
Uniview - Remote Command Execution / Export Config (PoC)
by bashis
By Source
All 31,329 Writeup 57,446 Exploitdb 49,983 Nomisec 21,423 Metasploit 3,217 Github 2,519 Vulncheck_xdb 901 Inthewild 514 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,329 python 5,908 ruby 5,906 c 3,561 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 88 go 53 postscript 25 xml 24