Exploitdb Exploits

31,339 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-109439 EXPLOITDB text VERIFIED
MGB - Multiple Cross-Site Scripting / SQL Injections
by Stefan Schurtz
EIP-2026-107156 EXPLOITDB text VERIFIED
Flogr - 'tag' Multiple Cross-Site Scripting Vulnerabilities
by Nafsh
EIP-2026-102960 EXPLOITDB text
Python - Untrusted Search Path/Code Execution
by rogueclown
CVE-2012-4032 EXPLOITDB text VERIFIED
Websitepanel < 1.2.1 - Improper Input Validation
Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in ReturnUrl to Default.aspx.
by Anastasios Monachos
CVE-2012-10042 EXPLOITDB HIGH text VERIFIED
Sflog! CMS 1.0 - Authenticated RCE
Sflog! CMS 1.0 contains an authenticated arbitrary file upload vulnerability in the blog management interface. The application ships with default credentials (admin:secret) and allows authenticated users to upload files via manage.php. The upload mechanism fails to validate file types, enabling attackers to upload a PHP backdoor into a web-accessible directory (blogs/download/uploads/). Once uploaded, the file can be executed remotely, resulting in full remote code execution.
by dun
EIP-2026-114073 EXPLOITDB text VERIFIED
WordPress Plugin SocialFit - 'msg' Cross-Site Scripting
by Sammy FORGIT
EIP-2026-113856 EXPLOITDB text VERIFIED
WordPress Plugin Knews Multilingual Newsletters - Cross-Site Scripting
by Sammy FORGIT
EIP-2026-113627 EXPLOITDB text VERIFIED
WordPress Plugin church_admin - 'id' Cross-Site Scripting
by Sammy FORGIT
CVE-2012-3350 EXPLOITDB text
Valarsoft Webmatic - SQL Injection
SQL injection vulnerability in index.php in Webmatic 3.1.1 allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header.
by High-Tech Bridge SA
EIP-2026-112008 EXPLOITDB text VERIFIED
sflog! - 'section' Local File Inclusion
by dun
EIP-2026-106936 EXPLOITDB text
Event Script PHP 1.1 CMS - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2012-2138 EXPLOITDB text VERIFIED
Org.apache.sling.servlets.post < 2.1.0 - Access Control
The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
by IOactive
EIP-2026-113959 EXPLOITDB text VERIFIED
WordPress Plugin PHPFreeChat - 'url' Cross-Site Scripting
by Sammy FORGIT
EIP-2026-107521 EXPLOITDB text
Guestbook Scripts PHP 1.5 - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-107240 EXPLOITDB text
Freeside SelfService CGI/API 2.3.3 - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-105955 EXPLOITDB text
CLscript CMS 3.0 - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-114819 EXPLOITDB text VERIFIED
.NET Framework - Tilde Character Denial of Service
by Soroush Dalili
EIP-2026-113905 EXPLOITDB text VERIFIED
WordPress Plugin MoodThingy Widget 0.8.7 - Blind SQL Injection
by Chris Kellum
EIP-2026-113307 EXPLOITDB text VERIFIED
Webify Link Directory - SQL Injection
by Daniel Godoy
EIP-2026-105890 EXPLOITDB text VERIFIED
Classified Ads Script PHP - 'admin.php' Multiple SQL Injections
by snup
CVE-2012-10051 EXPLOITDB HIGH text VERIFIED
Photodex ProShow Producer <5.0.3256 - Buffer Overflow
Photodex ProShow Producer version 5.0.3256 contains a stack-based buffer overflow vulnerability in the handling of plugin load list files. When a specially crafted load file is placed in the installation directory, the application fails to properly validate its contents, leading to a buffer overflow when the file is parsed during startup. Exploitation requires local access to place the file and user interaction to launch the application.
by Julien Ahrens
EIP-2026-113677 EXPLOITDB text VERIFIED
WordPress Plugin custom tables - 'key' Cross-Site Scripting
by Sammy FORGIT
EIP-2026-111143 EXPLOITDB text VERIFIED
phpMyBackupPro 2.2 - Local File Inclusion
by dun
EIP-2026-110724 EXPLOITDB text VERIFIED
PHP MBB - Cross-Site Scripting / SQL Injection
by TheCyberNuxbie
EIP-2026-107465 EXPLOITDB text
gpEasy CMS Minishop 1.5 Plugin - Persistent Cross-Site Scripting
by Carlos Mario Penagos Hollmann
By Source
All 31,339 Writeup 60,258 Exploitdb 50,004 Nomisec 21,809 Metasploit 3,224 Github 2,599 Vulncheck_xdb 906 Inthewild 514 Gitlab 442 Gitee 415 Patchapalooza 312
By Language
text 31,339 python 5,976 ruby 5,913 c 3,568 perl 2,849 html 2,053 php 1,326 bash 460 java 362 c++ 250 javascript 215 shell 91 go 55 postscript 25 xml 24