Exploitdb Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-107783 EXPLOITDB text
ILIAS eLearning CMS 4.3.4 < 4.4 - Persistent Cross-Site Scripting
by Vulnerability-Lab
EIP-2026-107517 EXPLOITDB text
GTX CMS 2013 Optima - SQL Injection
by Vulnerability-Lab
CVE-2013-6236 EXPLOITDB CRITICAL text
IZON IP 2.0.2 - Use of Hard-coded Credentials
IZON IP 2.0.2: hard-coded password vulnerability
by Mark Stanislav
CVSS 9.8
EIP-2026-110753 EXPLOITDB text VERIFIED
PHP RSS Reader 2010 - SQL Injection
by mishal abdullah
EIP-2026-110208 EXPLOITDB text
Onpub CMS 1.4/1.5 - Multiple SQL Injections
by Vulnerability-Lab
EIP-2026-114317 EXPLOITDB text
WordPress Theme Curvo - Cross-Site Request Forgery / Arbitrary File Upload
by Byakuya Kouta
CVE-2013-4474 EXPLOITDB text VERIFIED
Canonical Ubuntu Linux < 0.24.1 - Improper Input Validation
Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename.
by Daniel Kahn Gillmor
EIP-2026-114348 EXPLOITDB text
WordPress Theme SAICO 1.0 < 1.0.2 - Arbitrary File Upload
by Byakuya Kouta
EIP-2026-114934 EXPLOITDB text VERIFIED
ASF Demux for VideoLAN VLC Media Player 2.0.x - Denial of Service (PoC)
by Pedro Ribeiro
EIP-2026-114318 EXPLOITDB text VERIFIED
WordPress Theme Daily Deal - Arbitrary File Upload
by DevilScreaM
EIP-2026-116863 EXPLOITDB text VERIFIED
Avira Internet Security - 'avipbb.sys' Filter Bypass / Privilege Escalation
by Ahmad Moghimi
EIP-2026-106192 EXPLOITDB text VERIFIED
Course Registration Management System - Cross-Site Scripting / SQL Injection
by Omar Kurt
CVE-2013-4295 EXPLOITDB text VERIFIED
Apache Shindig 2.5.0-beta1-2.5.0 - XML External Entity Injection in Gadget Renderer
The gadget renderer in Apache Shindig 2.5.0 for PHP allows remote attackers to obtain sensitive information via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
by Kousuke Ebihara
CVE-2011-4275 EXPLOITDB text VERIFIED
iTop 1.1.181 and 1.2.0-RC-282 - Cross-Site Scripting via Multiple Input Vectors
Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted company name, (2) a crafted database server name, (3) a crafted CSV file, (4) a crafted copy-and-paste action, (5) the auth_user parameter in a suggest_pwd action to UI.php, (6) the c[menu] parameter to UniversalSearch.php, (7) the description parameter in a SearchFormToAdd_document_list action to UI.php, (8) the category parameter in an errors action to audit.php, or (9) the suggest_pwd parameter to UI.php.
by Halim Cruzito
EIP-2026-114307 EXPLOITDB text VERIFIED
WordPress Theme Area53 - Arbitrary File Upload
by Byakuya Kouta
EIP-2026-113414 EXPLOITDB text
WHMCompleteSolution (WHMCS) 5.2.8 - SQL Injection
by g00n
EIP-2026-104234 EXPLOITDB text
Elite Graphix ElitCMS 1.01 / PRO - Multiple Web Vulnerabilities
by Vulnerability-Lab
EIP-2026-114627 EXPLOITDB text
Zikula CMS 1.3.5 - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-114000 EXPLOITDB text VERIFIED
WordPress Plugin Realty - Blind SQL Injection
by Napsterakos
EIP-2026-113993 EXPLOITDB text VERIFIED
WordPress Plugin Quick Paypal Payments 3.0 - Presistant Cross-Site Scripting
by Zy0d0x
EIP-2026-113466 EXPLOITDB text
Woltlab Burning Board Regenbogenwiese 2007 Addon - SQL Injection
by Easy Laster
EIP-2026-113379 EXPLOITDB text VERIFIED
WebTester 5.x - Multiple Vulnerabilities
by X-Cisadane
EIP-2026-113681 EXPLOITDB text
WordPress Plugin Dexs PM System - (Authenticated) Persistent Cross-Site Scripting
by TheXero
CVE-2013-3827 EXPLOITDB text VERIFIED
Oracle GlassFish Server <12.1.2 - Info Disclosure
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container.
by Alex Kouzemtchenko
EIP-2026-103272 EXPLOITDB text
DornCMS Application 1.4 - Multiple Web Vulnerabilities
by Vulnerability-Lab