Exploitdb Exploits

31,342 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-5331 EXPLOITDB text
AsaanCart 0.9 - Path Traversal
Directory traversal vulnerability in asaanCart 0.9 allows remote attackers to include arbitrary local files via a .. (dot dot) in the page parameter to index.php.
by Number 7
EIP-2026-103637 EXPLOITDB text VERIFIED
presto! pagemanager 9.01 - Multiple Vulnerabilities
by Luigi Auriemma
EIP-2026-103458 EXPLOITDB text VERIFIED
EMC NetWorker 7.6 sp3 - Denial of Service
by Luigi Auriemma
CVE-2012-1922 EXPLOITDB text
Sitecom Wlm-2501 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Sitecom WLM-2501 allow remote attackers to hijack the authentication of administrators for requests that modify settings for (1) Mac Filtering via admin/formFilter, (2) IP/Port Filtering via formFilter, (3) Port Forwarding via formPortFw, (4) Wireless Access Control via admin/formWlAc, (5) Wi-Fi Protected Setup via formWsc, (6) URL Blocking Filter via formURL, (7) Domain Blocking Filter via formDOMAINBLK, and (8) IP Address ACL Filter via admin/formACL in goform/, different vectors than CVE-2012-1921.
by Ivano Binetti
EIP-2026-101270 EXPLOITDB text VERIFIED
F5 FirePass 7.0 - SQL Injection
by anonymous
CVE-2005-2892 EXPLOITDB text
PBLang <4.65 - Path Traversal
Directory traversal vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to read arbitrary files via ".." sequences and "%00" (trailing null byte) in the u parameter.
by Number 7
EIP-2026-110032 EXPLOITDB text VERIFIED
Omnistar Live - Cross-Site Scripting / SQL Injection
by sonyy
EIP-2026-106323 EXPLOITDB text VERIFIED
Cycade Gallery - SQL Injection
by -DownFall
EIP-2026-104850 EXPLOITDB text
4Images Image Gallery Management System - Cross-Site Request Forgery
by Dmar al3noOoz
CVE-2012-0943 EXPLOITDB text VERIFIED
Light Display Manager <1.0.6, <1.1.7 - Info Disclosure
debian/guest-account in Light Display Manager (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT per ADT1/ADT2 due to different codebases and affected versions. CVE-2012-6648 has been assigned for the gdm-guest-session issue.
by Ryan Lortie
EIP-2026-116626 EXPLOITDB text VERIFIED
XnView FlashPix Image Processing - Heap Overflow
by Francis Provencher
CVE-2012-1774 EXPLOITDB text
Gretech GOM Media Player <2.1.39.5101 - Unknown Vuln
Unspecified vulnerability in the Open URL feature in Gretech GOM Media Player before 2.1.39.5101 has unknown impact and attack vectors, a different vulnerability than CVE-2007-5779 and CVE-2012-1264.
by longrifle0x
CVE-2012-2099 EXPLOITDB text VERIFIED
Wikidforum - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Wikidforum 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) search field, or the (2) Author or (3) select_sort parameters in an advanced search.
by Stefan Schurtz
CVE-2012-6520 EXPLOITDB text VERIFIED
Wikidforum - SQL Injection
Multiple SQL injection vulnerabilities in the advanced search in Wikidforum 2.10 allow remote attackers to execute arbitrary SQL commands via the (1) select_sort or (2) opt_search_select parameters. NOTE: this issue could not be reproduced by third parties.
by Stefan Schurtz
CVE-2012-2099 EXPLOITDB text VERIFIED
Wikidforum - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Wikidforum 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) search field, or the (2) Author or (3) select_sort parameters in an advanced search.
by Stefan Schurtz
CVE-2012-1556 EXPLOITDB text VERIFIED
Synology Diskstation Manager - XSS
Cross-site scripting (XSS) vulnerability in Synology Photo Station 5 for DiskStation Manager (DSM) 3.2-1955 allows remote attackers to inject arbitrary web script or HTML via the name parameter to photo/photo_one.php.
by Simon Ganiere
EIP-2026-111880 EXPLOITDB text VERIFIED
Saman Portal - Local File Inclusion
by TMT
EIP-2026-104902 EXPLOITDB text
Acal Calendar 2.2.6 - Cross-Site Request Forgery
by Number 7
CVE-2012-4871 EXPLOITDB text VERIFIED
LiteSpeed Web Server 4.1.11 - XSS
Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in LiteSpeed Web Server 4.1.11 allows remote attackers to inject arbitrary web script or HTML via the gtitle parameter.
by K1P0D
EIP-2026-101483 EXPLOITDB text VERIFIED
TP-Link TL-WR740N 111130 - 'ping_addr' HTML Injection
by l20ot
EIP-2026-100946 EXPLOITDB text VERIFIED
Zend Server 5.6.0 - Multiple Remote Script Insertion Vulnerabilities
by LiquidWorm
EIP-2026-112169 EXPLOITDB text VERIFIED
Singapore 0.10.1 - 'gallery' Cross-Site Scripting
by T0xic
EIP-2026-102367 EXPLOITDB text VERIFIED
EJBCA 4.0.7 - 'issuer' Cross-Site Scripting
by MustLive
CVE-2012-1912 EXPLOITDB text
Chatelao Php Address Book < 7.0 - XSS
Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index.php vector is already covered by CVE-2008-2566.
by Stefan Schurtz
CVE-2012-1911 EXPLOITDB text
Chatelao Php Address Book < 6.2.11 - SQL Injection
Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565.
by Stefan Schurtz
By Source
All 31,342 Writeup 60,265 Exploitdb 50,007 Nomisec 21,834 Metasploit 3,224 Github 2,604 Vulncheck_xdb 906 Inthewild 514 Gitlab 442 Gitee 415 Patchapalooza 312
By Language
text 31,342 python 5,978 ruby 5,913 c 3,569 perl 2,849 html 2,053 php 1,326 bash 460 java 362 c++ 250 javascript 217 shell 91 go 55 postscript 25 xml 24