Exploitdb Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2014-2069 EXPLOITDB HIGH text VERIFIED
Eshtery CMS - Path Traversal via File Parameter in FileManager.aspx
Absolute path traversal vulnerability in Eshtery CMS allows remote attackers to read arbitrary files via a full pathname in the file parameter to FileManager.aspx.
by peng.deng
CVSS 7.5
EIP-2026-108923 EXPLOITDB text VERIFIED
Jorjweb - 'id' SQL Injection
by Vulnerability Laboratory
CVE-2014-10009 EXPLOITDB text
Stark CRM 1.0 - Stored Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Stark CRM 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, or (3) notes parameter to the client page; (4) insu_name or (5) price parameter to the add_insurance_cat page; or (6) status[] parameter to the add_status page.
by LiquidWorm
EIP-2026-101548 EXPLOITDB text
Barracuda Firewall 6.1.0.016 - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-119390 EXPLOITDB text
Lotus Sametime 8.5.1 - Password Disclosure
by Adriano Marcio Monteiro
EIP-2026-113925 EXPLOITDB text VERIFIED
WordPress Plugin NextGEN Gallery - 'jqueryFileTree.php' Directory Traversal
by Tom Adams
EIP-2026-113605 EXPLOITDB text
WordPress Plugin BP Group Documents 1.2.1 - Multiple Vulnerabilities
by Tom Adams
EIP-2026-102577 EXPLOITDB text
Embedthis Goahead WebServer 3.1.3-0 - Multiple Vulnerabilities
by Maksymilian Motyl
EIP-2026-101632 EXPLOITDB text
D-Link DIR-615 vE4 Firmware 5.10 - Cross-Site Request Forgery
by Dhruv Shah
EIP-2026-101551 EXPLOITDB text
Barracuda Message Archiver 650 - Persistent Cross-Site Scripting
by Vulnerability-Lab
EIP-2026-111277 EXPLOITDB text
Pina CMS - Multiple Vulnerabilities
by Shadman Tanjim
EIP-2026-106126 EXPLOITDB text
Concrete5 CMS 5.6.2.1 - 'index.php?cID' SQL Injection
by killall-9
EIP-2026-102260 EXPLOITDB text
My PDF Creator & DE DM 1.4 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2018-25269 EXPLOITDB MEDIUM text
ICEWARP 11.0.0.0 Cross-Site Scripting via Email HTML Injection
ICEWARP 10.3.4 and 11.0.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML elements into emails by embedding base64-encoded payloads in object and embed tags. Attackers can craft emails containing data URIs with embedded scripts that execute in the client when the email is viewed, compromising user sessions and stealing sensitive information.
by Usman Saeed
CVSS 6.1
EIP-2026-108593 EXPLOITDB text VERIFIED
Joomla! Component com_wire_immogest - 'index.php' SQL Injection
by MR.XpR
CVE-2014-1597 EXPLOITDB text VERIFIED
synetics i-doit pro <1.2.5 - SQL Injection
SQL injection vulnerability in the CMDB web application in synetics i-doit pro before 1.2.5 and i-doit open allows remote attackers to execute arbitrary SQL commands via the objID parameter to the default URI.
by Stephan Rickauer
EIP-2026-102263 EXPLOITDB text
Office Assistant Pro 2.2.2 iOS - Local File Inclusion
by Vulnerability-Lab
EIP-2026-102256 EXPLOITDB text
mbDriveHD 1.0.7 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-102230 EXPLOITDB text
File Hub 1.9.1 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-102081 EXPLOITDB text
Trendchip HG520 ADSL2+ Wireless Modem - Cross-Site Request Forgery
by Dhruv Shah
CVE-2014-1219 EXPLOITDB text
CA 2E Web Option r8.1.2 - Session Hijacking via Predictable Session Token Substring
CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a session via a modified SSNID parameter to web2edoc/close.htm.
by Mike Emery
EIP-2026-111771 EXPLOITDB text VERIFIED
Rhino - Cross-Site Scripting / Password Reset
by Slotleet
EIP-2026-102253 EXPLOITDB text
jDisk (stickto) 2.0.3 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-101863 EXPLOITDB text
Netgear DGN2200 N300 Wireless Router - Multiple Vulnerabilities
by Andrew Horton
CVE-2014-1842 EXPLOITDB text
Titan FTP Server <10.40.1829 - Path Traversal
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar value.
by Fara Rustein