Exploitdb Exploits

31,339 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-2237 EXPLOITDB MEDIUM text VERIFIED
Mahara < 1.4.3 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) resources URLs, and (4) the Display name in a user profile.
by anonymous
CVSS 6.1
EIP-2026-108409 EXPLOITDB text VERIFIED
Joomla! Component com_joomgalaxy 1.2.0.4 - Multiple Vulnerabilities
by D4NB4R
EIP-2026-105150 EXPLOITDB text VERIFIED
am4ss 1.2 - Multiple Vulnerabilities
by s3n4t00r
EIP-2026-101174 EXPLOITDB text VERIFIED
Barracuda Email Security Service - Multiple HTML Injection Vulnerabilities
by Benjamin Kunz Mejri
EIP-2026-112587 EXPLOITDB text VERIFIED
tekno.Portal 0.1b - 'link.php' SQL Injection
by Socket_0x03
EIP-2026-109311 EXPLOITDB text
ManageEngine Mobile Application Manager 10 - SQL Injection
by Vulnerability-Lab
CVE-2008-0474 EXPLOITDB text
Manageengine Applications Manager - XSS
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 8.1 build 8100 allow remote attackers to inject arbitrary web script or HTML via the (1) showlink parameter to jsp/DiscoveryProfiles.jsp; the (2) attributeIDs, (3) attributeToSelect, (4) redirectto, and (5) resourceid parameters to (a) jsp/ThresholdActionConfiguration.jsp; the (6) page and (7) redirect parameters to (b) jsp/UpdateGlobalSettings.jsp; and the (8) haid and (9) returnpath parameters to (c) showTile.do. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Vulnerability-Lab
EIP-2026-108459 EXPLOITDB text
Joomla! Component com_niceajaxpoll 1.3.0 - SQL Injection
by Patrick de Brouwer
EIP-2026-108447 EXPLOITDB text VERIFIED
Joomla! Component com_movm - SQL Injection
by D4NB4R
EIP-2026-106473 EXPLOITDB text VERIFIED
Distimo Monitor - Multiple Cross-Site Scripting Vulnerabilities
by Benjamin Kunz Mejri
CVE-2011-2702 EXPLOITDB text VERIFIED
GNU Glibc < 2.12.2 - Code Injection
Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function.
by c0ntex
EIP-2026-102401 EXPLOITDB text VERIFIED
ManageEngine Applications Manager - Multiple SQL Injections
by Ibrahim El-Sayed
EIP-2026-102400 EXPLOITDB text VERIFIED
ManageEngine Applications Manager - Multiple Cross-Site Scripting / SQL Injections
by Ibrahim El-Sayed
EIP-2026-119363 EXPLOITDB text
Dr. Web Control Center 6.00.3.201111300 - Cross-Site Scripting
by Oliver Karow
EIP-2026-109146 EXPLOITDB text VERIFIED
Limny - 'index.php' Multiple SQL Injections
by L0n3ly-H34rT
EIP-2026-102476 EXPLOITDB text VERIFIED
DataWatch Monarch Business Intelligence - Multiple Input Validation Vulnerabilities
by Raymond Rizk
CVE-2012-10048 EXPLOITDB HIGH text VERIFIED
Zenoss Core 3.x - Command Injection
Zenoss Core 3.x contains a command injection vulnerability in the showDaemonXMLConfig endpoint. The daemon parameter is passed directly to a Popen() call in ZenossInfo.py without proper sanitation, allowing authenticated users to execute arbitrary commands on the server as the zenoss user.
by Brendan Coles
CVE-2012-3848 EXPLOITDB text VERIFIED
Sonicwall Scrutinizer < 9.5.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to d4d/exporters.php, (2) the HTTP Referer header to d4d/exporters.php, or (3) unspecified input to d4d/contextMenu.php.
by Mario Ceballos
CVE-2012-2627 EXPLOITDB text VERIFIED
Plixer Scrutinizer <9.5.0 - Code Injection
d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\Scrutinizer\snmp\mibs\ via a multipart/form-data POST request.
by Mario Ceballos
CVE-2012-2626 EXPLOITDB text VERIFIED
Plixer Scrutinizer <9.5.0 - RCE
cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action.
by Mario Ceballos
EIP-2026-110012 EXPLOITDB text VERIFIED
ocPortal 7.1.5 - 'redirect' Open Redirection
by Aung Khant
CVE-2012-3351 EXPLOITDB MEDIUM text VERIFIED
Longtailvideo JW Player < 5.10.2295 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video JW Player through 5.10.2295 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) logo.link, or (3) aboutlink parameter, or a nested URI scheme name for (4) javascript, (5) asfunction, or (6) vbscript.
by MustLive
CVSS 6.1
EIP-2026-106873 EXPLOITDB text VERIFIED
eNdonesia - 'cid' SQL Injection
by Crim3R
EIP-2026-110940 EXPLOITDB text VERIFIED
phpBB - Multiple SQL Injections
by HauntIT
EIP-2026-112586 EXPLOITDB text VERIFIED
tekno.Portal 0.1b - 'anket.php' SQL Injection
by Socket_0x03
By Source
All 31,339 Writeup 60,254 Exploitdb 50,004 Nomisec 21,798 Metasploit 3,224 Github 2,598 Vulncheck_xdb 906 Inthewild 514 Gitlab 442 Gitee 415 Patchapalooza 312
By Language
text 31,339 python 5,976 ruby 5,913 c 3,568 perl 2,849 html 2,053 php 1,326 bash 460 java 362 c++ 250 javascript 215 shell 91 go 55 postscript 25 xml 24