Exploitdb Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-114532 EXPLOITDB text
Yii Framework 1.1.8 - Search SQL Injection
by Juno_okyo
EIP-2026-110758 EXPLOITDB text VERIFIED
PHP Server Monitor - Persistent Cross-Site Scripting
by loneferret
EIP-2026-107071 EXPLOITDB text VERIFIED
Feng Office - Security Bypass / HTML Injection
by Ur0b0r0x
CVE-2012-5701 EXPLOITDB text VERIFIED
dotproject < 2.1.7 - Authenticated SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a contacts action, (3) dept_id parameter in a departments action, (4) project_id[] parameter in a project action, or (5) company_id parameter in a system action to index.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
by High-Tech Bridge
CVE-2012-5702 EXPLOITDB text VERIFIED
dotproject < 2.1.7 - Cross-Site Scripting via Callback, Field, or Company Name Parameters
Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3) company_name parameter in an addedit action to index.php. NOTE: the date parameter vector is already covered by CVE-2008-3886.
by High-Tech Bridge
EIP-2026-118721 EXPLOITDB text
LAN.FS Messenger 2.4 - Command Execution
by Vulnerability-Lab
EIP-2026-115746 EXPLOITDB text VERIFIED
Microsoft Office OneNote 2010 - Crash (PoC)
by coolkaveh
CVE-2012-3755 EXPLOITDB text
Apple QuickTime < 7.7.3 - Remote Code Execution via Crafted Targa Image
Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Targa image.
by Senator of Pirates
EIP-2026-114339 EXPLOITDB text VERIFIED
WordPress Theme Madebymilk - 'id' SQL Injection
by Ashiyane Digital Security Team
EIP-2026-113736 EXPLOITDB text
WordPress Plugin Facebook Survey 1.0 - SQL Injection
by Vulnerability Research Laboratory
EIP-2026-110318 EXPLOITDB text VERIFIED
openSIS 5.1 - 'ajax.php' Local File Inclusion
by Julian Horoszkiewicz
EIP-2026-104445 EXPLOITDB text
SonicWALL CDP 5040 6.x - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-113299 EXPLOITDB text VERIFIED
weBid 1.0.5 - Directory Traversal
by loneferret
EIP-2026-113298 EXPLOITDB text VERIFIED
WeBid 1.0.5 - Cross-Site Scripting
by Woody Hughes
EIP-2026-110028 EXPLOITDB text VERIFIED
Omni-Secure - 'dir' Multiple File Disclosure Vulnerabilities
by HaCkeR_EgY
EIP-2026-103659 EXPLOITDB text VERIFIED
Splunk 4.3.1 - Denial of Service
by Alexander Klink
EIP-2026-114319 EXPLOITDB text VERIFIED
WordPress Theme Dailyedition-mouss - 'id' SQL Injection
by Ashiyane Digital Security Team
EIP-2026-114108 EXPLOITDB text VERIFIED
WordPress Plugin Tagged Albums - 'id' SQL Injection
by Ashiyane Digital Security Team
EIP-2026-107256 EXPLOITDB text VERIFIED
friendsinwar FAQ Manager - 'view_faq.php?question' SQL Injection
by unsuprise
EIP-2026-107255 EXPLOITDB text VERIFIED
Friends in War The FAQ Manager - 'question' SQL Injection
by unsuprise
EIP-2026-105291 EXPLOITDB text VERIFIED
ATutor 2.1 - 'tool_file' Local File Inclusion
by Julian Horoszkiewicz
EIP-2026-118972 EXPLOITDB text VERIFIED
Novell NetIQ Privileged User Manager 2.3.1 - 'ldapagnt.dll' ldapagnt_eval() Perl Code Evaluation Remote Code Execution
by rgod
CVE-2012-5931 EXPLOITDB text VERIFIED
NetIQ Privileged User Manager 2.3.x - Authenticated Path Traversal and Arbitrary File Write via Log Pathname
Directory traversal vulnerability in the set_log_config function in regclnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote authenticated users to create or overwrite arbitrary files via directory traversal sequences in a log pathname.
by rgod
EIP-2026-111721 EXPLOITDB text VERIFIED
ReciPHP 1.1 - SQL Injection
by cr4wl3r
EIP-2026-107753 EXPLOITDB text VERIFIED
iDev Rentals 1.0 - Multiple Vulnerabilities
by Vulnerability-Lab