Exploitdb Exploits

31,342 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-105662 EXPLOITDB text VERIFIED
ButorWiki 3.0 - 'service' Cross-Site Scripting
by sonyy
EIP-2026-102380 EXPLOITDB text VERIFIED
JaWiki - 'versionNo' Cross-Site Scripting
by sonyy
EIP-2026-116624 EXPLOITDB text VERIFIED
xnview 1.98.5 - Multiple Vulnerabilities
by Luigi Auriemma
EIP-2026-115966 EXPLOITDB text VERIFIED
Novell Groupwise Messenger Client 2.1.0 - Unicode Stack Overflow
by Luigi Auriemma
EIP-2026-115965 EXPLOITDB text VERIFIED
Novell Groupwise Messenger 2.1.0 - Memory Corruption
by Luigi Auriemma
EIP-2026-115964 EXPLOITDB text VERIFIED
Novell Groupwise Messenger 2.1.0 - Arbitrary Memory Corruption
by Luigi Auriemma
CVE-2012-1029 EXPLOITDB text VERIFIED
Tube Ace 1.6 - SQL Injection
SQL injection vulnerability in mobile/search/index.php in Tube Ace (Adult PHP Tube Script) 1.6 allows remote attackers to execute arbitrary SQL commands via the q parameter. NOTE: some of these details are obtained from third party information.
by Daniel Godoy
CVE-2012-1294 EXPLOITDB text VERIFIED
Contimex Impulsio Cms - SQL Injection
SQL injection vulnerability in CONTIMEX Impulsio CMS allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by sonyy
EIP-2026-105966 EXPLOITDB text VERIFIED
CMS Faethon 1.3.4 - 'articles.php' Multiple SQL Injections
by tempe_mendoan
EIP-2026-109095 EXPLOITDB text VERIFIED
LEPTON 1.1.3 - Cross-Site Scripting
by High-Tech Bridge SA
CVE-2012-0997 EXPLOITDB text VERIFIED
11in1 1.2.1 - CSRF
Cross-site request forgery (CSRF) vulnerability in admin/index.php in 11in1 1.2.1 stable 12-31-2011 allows remote attackers to hijack the authentication of administrators for requests that add new topics via an addTopic action.
by High-Tech Bridge SA
CVE-2012-0996 EXPLOITDB text VERIFIED
11in1 1.2.1 - Path Traversal
Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php.
by High-Tech Bridge SA
CVE-2012-0996 EXPLOITDB text VERIFIED
11in1 1.2.1 - Path Traversal
Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php.
by High-Tech Bridge SA
CVE-2012-1213 EXPLOITDB text VERIFIED
Zimbra - XSS
Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in Zimbra Web Client in Zimbra Collaboration Suite (ZCS) 6.x before 6.0.15 and 7.x before 7.1.3 allows remote attackers to inject arbitrary web script or HTML via the view parameter.
by sonyy
CVE-2012-1217 EXPLOITDB text VERIFIED
Simhl Sths V2 Web Portal - XSS
Multiple cross-site scripting (XSS) vulnerabilities in STHS v2 Web Portal 2.2 allow remote attackers to inject arbitrary web script or HTML via the team parameter to (1) prospects.php, (2) prospect.php, or (3) team.php.
by Liyan Oz
CVE-2012-1217 EXPLOITDB text VERIFIED
Simhl Sths V2 Web Portal - XSS
Multiple cross-site scripting (XSS) vulnerabilities in STHS v2 Web Portal 2.2 allow remote attackers to inject arbitrary web script or HTML via the team parameter to (1) prospects.php, (2) prospect.php, or (3) team.php.
by Liyan Oz
CVE-2012-1217 EXPLOITDB text VERIFIED
Simhl Sths V2 Web Portal - XSS
Multiple cross-site scripting (XSS) vulnerabilities in STHS v2 Web Portal 2.2 allow remote attackers to inject arbitrary web script or HTML via the team parameter to (1) prospects.php, (2) prospect.php, or (3) team.php.
by Liyan Oz
EIP-2026-112257 EXPLOITDB text VERIFIED
SMW+ 1.5.6 - 'target' HTML Injection
by sonyy
CVE-2012-1211 EXPLOITDB text VERIFIED
Powie Pfile - XSS
Cross-site scripting (XSS) vulnerability in pfile/kommentar.php in Powie pFile 1.02 allows remote attackers to inject arbitrary web script or HTML via the filecat parameter.
by indoushka
CVE-2012-1210 EXPLOITDB text VERIFIED
Powie Pfile - SQL Injection
SQL injection vulnerability in pfile/file.php in Powie pFile 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by indoushka
EIP-2026-100792 EXPLOITDB text VERIFIED
EditWrxLite CMS - 'wrx.cgi' Remote Command Execution
by chippy1337
CVE-2012-1304 EXPLOITDB text
Fork CMS 3.2.4 - Local File Inclusion / Cross-Site Scripting
by Avram Marius
CVE-2012-1208 EXPLOITDB text
Fork-cms Fork Cms - XSS
Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) report parameter to blog/settings or (2) error parameter to users/index.
by Avram Marius
EIP-2026-106793 EXPLOITDB text VERIFIED
eFront Community++ 3.6.10 - SQL Injection / Multiple HTML Injection Vulnerabilities
by Benjamin Kunz Mejri
CVE-2012-1200 EXPLOITDB text VERIFIED
Nova-cms Nova Cms - Code Injection
Multiple PHP remote file inclusion vulnerabilities in Nova CMS allow remote attackers to execute arbitrary PHP code via a URL in the (1) fileType parameter to optimizer/index.php, (2) id parameter to administrator/modules/moduleslist.php, (3) filename parameter to includes/function/gets.php, or (4) conf[blockfile] parameter to includes/function/usertpl.php.
by indoushka
By Source
All 31,342 Writeup 60,268 Exploitdb 50,007 Nomisec 21,852 Metasploit 3,224 Github 2,606 Vulncheck_xdb 906 Inthewild 514 Gitlab 442 Gitee 415 Patchapalooza 312
By Language
text 31,342 python 5,980 ruby 5,913 c 3,569 perl 2,849 html 2,053 php 1,326 bash 460 java 362 c++ 250 javascript 217 shell 91 go 55 postscript 25 xml 24