Exploitdb Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-106544 EXPLOITDB text VERIFIED
doorGets CMS - Cross-Site Request Forgery
by n0pe
CVE-2013-2289 EXPLOITDB text VERIFIED
Batavi 1.2.2 - Cross-Site Scripting via QUERY_STRING to admin/index.php
Cross-site scripting (XSS) vulnerability in admin/templates/default.php in Batavi 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to admin/index.php.
by Dognaedis
CVE-2013-2560 EXPLOITDB text VERIFIED
Foscam <11.37.2.49 - Path Traversal
Directory traversal vulnerability in the web interface on Foscam devices with firmware before 11.37.2.49 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI, as demonstrated by discovering (1) web credentials or (2) Wi-Fi credentials.
by Frederic Basse
EIP-2026-113639 EXPLOITDB text VERIFIED
WordPress Plugin Comment Rating 2.9.32 - Multiple Vulnerabilities
by ebanyu
CVE-2013-1453 EXPLOITDB text VERIFIED
Joomla! 2.5.x-3.0.2 - PHP Object Injection via Highlight Parameter
plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight parameter. Note: it was originally reported that this issue only allowed attackers to obtain sensitive information, but later analysis demonstrated that other attacks exist.
by EgiX
EIP-2026-107359 EXPLOITDB text VERIFIED
Geeklog - Cross-Site Scripting
by High-Tech Bridge
EIP-2026-111783 EXPLOITDB text
Rix4Web Portal - Blind SQL Injection
by L0n3ly-H34rT
EIP-2026-109621 EXPLOITDB text VERIFIED
MTP Poll 1.0 - Multiple Cross-Site Scripting Vulnerabilities
by LiquidWorm
EIP-2026-109620 EXPLOITDB text VERIFIED
MTP Image Gallery 1.0 - 'edit_photos.php?title' Cross-Site Scripting
by LiquidWorm
EIP-2026-109619 EXPLOITDB text VERIFIED
MTP Guestbook 1.0 - Multiple Cross-Site Scripting Vulnerabilities
by LiquidWorm
CVE-2012-5337 EXPLOITDB text VERIFIED
JForum 2.1.9 - Cross-Site Scripting via Action, Match Type, Sort By, or Start Parameters
Multiple cross-site scripting (XSS) vulnerabilities in jforum.page in JForum 2.1.9 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) match_type, (3) sort_by, or (4) start parameters.
by ZeroDayLab
EIP-2026-102250 EXPLOITDB text
iOS IPMap 2.5 - Arbitrary File Upload
by Vulnerability-Lab
EIP-2026-102118 EXPLOITDB text
WiFilet 1.2 iPad iPhone - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2013-1765 EXPLOITDB text VERIFIED
smart-flv - Cross-Site Scripting via link or playerready Parameter
Multiple cross-site scripting (XSS) vulnerabilities in jwplayer.swf in the smart-flv plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) link or (2) playerready parameter.
by Henri Salo
EIP-2026-111168 EXPLOITDB text VERIFIED
phpMyRecipes - Multiple HTML Injection Vulnerabilities
by PDS
EIP-2026-101517 EXPLOITDB text
AirDrive HD 1.6 iPad iPhone - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-119035 EXPLOITDB text VERIFIED
Photodex ProShow Producer - Multiple DLL Loading Arbitrary Code Execution Vulnerabilities
by Julien Ahrens
EIP-2026-107084 EXPLOITDB text VERIFIED
File Manager - HTML Injection / Local File Inclusion
by Benjamin Kunz Mejri
EIP-2026-119349 EXPLOITDB text
Alt-N MDaemon WorldClient 13.0.3 - Multiple Vulnerabilities
by QSecure & Demetris Papapetrou
EIP-2026-119348 EXPLOITDB text
Alt-N MDaemon 12.5.6/13.0.3 - Email Body HTML/JS Injection
by QSecure & Demetris Papapetrou
EIP-2026-113215 EXPLOITDB text VERIFIED
Web Cookbook - Multiple Vulnerabilities
by cr4wl3r
EIP-2026-111814 EXPLOITDB text VERIFIED
RTTucson Quotations Database Script - Authentication Bypass
by cr4wl3r
EIP-2026-111169 EXPLOITDB text VERIFIED
PHPMyRecipes 1.2.2 - 'viewrecipe.php?r_id' SQL Injection
by cr4wl3r
EIP-2026-111165 EXPLOITDB text VERIFIED
PHPmyGallery 1.5 - Local File Disclosure / Cross-Site Scripting
by TheMirkin
EIP-2026-110286 EXPLOITDB text VERIFIED
OpenEMR - 'site' Cross-Site Scripting
by Gjoko Krstic