Exploitdb Exploits

31,339 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-5388 EXPLOITDB text VERIFIED
White Label CMS <1.5 - XSS
Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, a related issue to CVE-2012-5387.
by pcsjj
EIP-2026-114070 EXPLOITDB text
WordPress Plugin social discussions 6.1.1 - Multiple Vulnerabilities
by waraxe
CVE-2012-5452 EXPLOITDB text VERIFIED
Subrion CMS 2.2.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) multi_title parameter to blocks/add/; (2) cost, (3) days, or (4) title[en] parameter to plans/add/; (5) name or (6) title[en] parameter to fields/group/add/ in admin/manage/; or (7) f[accounts][fullname] or (8) f[accounts][username] parameter to advsearch/. NOTE: This might overlap CVE-2011-5211. NOTE: it was later reported that the f[accounts][fullname] and f[accounts][username] vectors might also affect 2.2.2.
by High-Tech Bridge SA
EIP-2026-111940 EXPLOITDB text VERIFIED
Schoolhos CMS Beta 2.29 - 'id' SQL Injection
by Cumi
CVE-2012-1503 EXPLOITDB text
Sixapart Movable Type - XSS
Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section.
by sqlhacker
EIP-2026-108311 EXPLOITDB text VERIFIED
Joomla! Component com_commedia - 'task' SQL Injection
by D4NB4R
CVE-2012-5453 EXPLOITDB text
ATutor AContent <1.2 - SQL Injection
SQL injection vulnerability in user/index_inline_editor_submit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-5167.
by High-Tech Bridge SA
EIP-2026-101275 EXPLOITDB text VERIFIED
FirePass 7.0 SSL VPN - 'refreshURL' Open Redirection
by Aung Khant
CVE-2011-4640 EXPLOITDB text VERIFIED
Spamtitan Webtitan < 3.50 - Path Traversal
Directory traversal vulnerability in logs-x.php in SpamTitan WebTitan before 3.60 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the fname parameter in a view action.
by Richard Conner
EIP-2026-115730 EXPLOITDB text
Microsoft Internet Explorer 9 - Cross-Site Scripting Filter Bypass
by Jean Pascal Pereira
EIP-2026-108558 EXPLOITDB text VERIFIED
Joomla! Component com_tag - 'tag' SQL Injection
by D4NB4R
EIP-2026-108354 EXPLOITDB text VERIFIED
Joomla! Component com_fss 1.9.1.1447 - SQL Injection
by D4NB4R
EIP-2026-106032 EXPLOITDB text
CMSQLite 1.3.2 - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-105992 EXPLOITDB text VERIFIED
CMS Mini 0.2.2 - 'index.php' Script Cross-Site Scripting
by Netsparker
EIP-2026-103033 EXPLOITDB text
Vm86 - Syscall Task Switch Kernel Panic Denial of Service / Privilege Escalation
by halfdog
EIP-2026-113753 EXPLOITDB text VERIFIED
WordPress Plugin FireStorm Professional Real Estate 2.06.01 - SQL Injection
by Ashiyane Digital Security Team
EIP-2026-105634 EXPLOITDB text VERIFIED
BSW Gallery - 'uploadpic.php' Arbitrary File Upload
by cr4wl3r
EIP-2026-105155 EXPLOITDB text VERIFIED
Amateur Photographer's Image Gallery - 'plist.php?albumid' SQL Injection
by cr4wl3r
EIP-2026-105154 EXPLOITDB text VERIFIED
Amateur Photographer's Image Gallery - 'plist.php?albumid' Cross-Site Scripting
by cr4wl3r
EIP-2026-105153 EXPLOITDB text VERIFIED
Amateur Photographer's Image Gallery - 'fullscreen.php?albumid' SQL Injection
by cr4wl3r
EIP-2026-105152 EXPLOITDB text VERIFIED
Amateur Photographer's Image Gallery - 'force-download.php?File' Information Disclosure
by cr4wl3r
EIP-2026-114067 EXPLOITDB text VERIFIED
WordPress Plugin Slideshow - Multiple Cross-Site Scripting Vulnerabilities
by waraxe
EIP-2026-112523 EXPLOITDB text
Symphony CMS 2.3 - Multiple Vulnerabilities
by Wireghoul
EIP-2026-112176 EXPLOITDB text
Sisfokol 4.0 - Arbitrary File Upload
by cr4wl3r
CVE-2012-4231 EXPLOITDB text VERIFIED
Jcore < 1.0 - XSS
Cross-site scripting (XSS) vulnerability in admin/index.php in jCore before 1.0pre2 allows remote attackers to inject arbitrary web script or HTML via the path parameter.
by High-Tech Bridge
By Source
All 31,339 Writeup 60,239 Exploitdb 50,004 Nomisec 21,786 Metasploit 3,223 Github 2,597 Vulncheck_xdb 906 Inthewild 514 Gitlab 442 Gitee 415 Patchapalooza 312
By Language
text 31,339 python 5,976 ruby 5,912 c 3,567 perl 2,849 html 2,053 php 1,326 bash 460 java 362 c++ 250 javascript 215 shell 91 go 55 postscript 25 xml 24