Exploitdb Exploits

31,342 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-2903 EXPLOITDB text
PHP Address Book <7.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to group.php, or the (2) target_language or (3) target_flag parameter to translate.php.
by Stefan Schurtz
CVE-2012-1502 EXPLOITDB text
Pypam < 0.5.0 - Resource Management Error
Double free vulnerability in the PyPAM_conv in PAMmodule.c in PyPam 0.5.0 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a NULL byte in a password string.
by Markus Vervier
EIP-2026-112733 EXPLOITDB text VERIFIED
ToendaCMS 1.6.2 - '/setup/index.php?site' Traversal Local File Inclusion
by AkaStep
CVE-2012-1900 EXPLOITDB text
Razorcms < 1.2.1 - CSRF
Cross-site request forgery (CSRF) vulnerability in admin/index.php in RazorCMS 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary web pages via a showcats action.
by Ivano Binetti
EIP-2026-111684 EXPLOITDB text
RazorCMS 1.2.1 STABLE - Arbitrary File Upload
by i2sec_Hyo jun Oh
EIP-2026-109093 EXPLOITDB text VERIFIED
LeKommerce - 'id' SQL Injection
by Mazt0r
EIP-2026-102485 EXPLOITDB text VERIFIED
Ilient SysAid 8.5.5 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
by Julien Ahrens
EIP-2026-101173 EXPLOITDB text VERIFIED
Barracuda CudaTel Communication Server 2.0.029.1 - Multiple HTML Injection Vulnerabilities
by Benjamin Kunz Mejri
EIP-2026-100536 EXPLOITDB text VERIFIED
SAP Business Objects InfoView System - '/webi/webi_modify.aspx?id' Cross-Site Scripting
EIP-2026-100535 EXPLOITDB text VERIFIED
SAP Business Objects InfoView System - '/help/helpredir.aspx?guide' Cross-Site Scripting
EIP-2026-100534 EXPLOITDB text VERIFIED
SAP Business Objects InfoVew System - 'listing.aspx?searchText' Cross-Site Scripting
CVE-2011-4837 EXPLOITDB text VERIFIED
Homeseer Hs2 - CSRF
Cross-site request forgery (CSRF) vulnerability in /ctrl in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to hijack the authentication of admins for requests that execute arbitrary programs.
by Silent_Dream
EIP-2026-118952 EXPLOITDB text VERIFIED
NetDecision 4.6.1 - Multiple Directory Traversal Vulnerabilities
by Luigi Auriemma
CVE-2006-2758 EXPLOITDB text
Jetty - Path Traversal
Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary files via a %2e%2e%5c (encoded ../) in the URL. NOTE: this might be the same issue as CVE-2005-3747.
by LiquidWorm
CVE-2012-1617 EXPLOITDB text VERIFIED
Juan Ramon Osclass < 2.3.5 - Path Traversal
Directory traversal vulnerability in combine.php in OSClass before 2.3.6 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the type parameter. NOTE: this vulnerability can be leveraged to upload arbitrary files.
by Filippo Cavallarin
EIP-2026-106966 EXPLOITDB text VERIFIED
Exponent CMS 2.0 - 'src' SQL Injection
by Rob Miller
EIP-2026-100366 EXPLOITDB text
Iciniti Store - SQL Injection
by Sense of Security
EIP-2026-107186 EXPLOITDB text VERIFIED
Fork CMS 3.2.x - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
by Gjoko Krstic
EIP-2026-112521 EXPLOITDB text
Symfony2 - Local File Disclosure
by Sense of Security
CVE-2012-1112 EXPLOITDB text VERIFIED
Open-Realty CMS <2.5.8 - Path Traversal
Directory traversal vulnerability in Open-Realty CMS 2.5.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the select_users_template parameter to index.php.
by Aung Khant
EIP-2026-109190 EXPLOITDB text
lizard cart - 'search.php' SQL Injection
by Number 7
CVE-2012-1110 EXPLOITDB text VERIFIED
Etano <1.22 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Etano 1.22 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user, (2) email, (3) email2, (4) f17_zip, or (5) agree parameter to join.php; (6) PATH_INFO, (7) st, (8) f17_city, (9) f17_country, (10) f17_state, (11) f17_zip, (12) f19, (13) wphoto, (14) search, or (15) v parameter to search.php; (16) PATH_INFO or (17) st parameter to photo_search.php; or (18) return parameter to photo_view.php.
by Aung Khant
CVE-2012-1110 EXPLOITDB text VERIFIED
Etano <1.22 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Etano 1.22 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user, (2) email, (3) email2, (4) f17_zip, or (5) agree parameter to join.php; (6) PATH_INFO, (7) st, (8) f17_city, (9) f17_country, (10) f17_state, (11) f17_zip, (12) f19, (13) wphoto, (14) search, or (15) v parameter to search.php; (16) PATH_INFO or (17) st parameter to photo_search.php; or (18) return parameter to photo_view.php.
by Aung Khant
CVE-2012-1110 EXPLOITDB text VERIFIED
Etano <1.22 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Etano 1.22 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user, (2) email, (3) email2, (4) f17_zip, or (5) agree parameter to join.php; (6) PATH_INFO, (7) st, (8) f17_city, (9) f17_country, (10) f17_state, (11) f17_zip, (12) f19, (13) wphoto, (14) search, or (15) v parameter to search.php; (16) PATH_INFO or (17) st parameter to photo_search.php; or (18) return parameter to photo_view.php.
by Aung Khant
EIP-2026-104809 EXPLOITDB text VERIFIED
11in1 CMS 1.2.1 - 'admin/tps?id' SQL Injection
by Chokri B.A
By Source
All 31,342 Writeup 60,265 Exploitdb 50,007 Nomisec 21,834 Metasploit 3,224 Github 2,604 Vulncheck_xdb 906 Inthewild 514 Gitlab 442 Gitee 415 Patchapalooza 312
By Language
text 31,342 python 5,978 ruby 5,913 c 3,569 perl 2,849 html 2,053 php 1,326 bash 460 java 362 c++ 250 javascript 217 shell 91 go 55 postscript 25 xml 24