Exploitdb Exploits

31,342 exploits tracked across all sources.

Sort: Activity Stars
CVE-2011-2917 EXPLOITDB text
Mambo < 4.6.5 - SQL Injection
SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter.
by KraL BeNiM
EIP-2026-102378 EXPLOITDB text VERIFIED
Infoblox NetMRI 6.2.1 - Admin Login Page Multiple Cross-Site Scripting Vulnerabilities
by Jose Carlos de Arriba
EIP-2026-108261 EXPLOITDB text VERIFIED
Joomla! Component com_alfcontact 1.9.3 - Multiple Cross-Site Scripting Vulnerabilities
by Jose Carlos de Arriba
CVE-2011-4713 EXPLOITDB text VERIFIED
Oscss < 2.10 - Path Traversal
Directory traversal vulnerability in catalog/content.php in osCSS2 2.1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the _ID parameter to (1) catalog/shopping_cart.php or (2) catalog/content.php.
by Stefan Schurtz
CVE-2011-4334 EXPLOITDB HIGH text VERIFIED
LabWiki <1.1 - RCE
edit.php in LabWiki 1.1 and earlier does not properly verify uploaded user files, which allows remote authenticated users to upload arbitrary PHP files via a PHP file with a .gif extension in the userfile parameter.
by muuratsalo
CVSS 8.8
EIP-2026-105264 EXPLOITDB text VERIFIED
AShop - Open Redirection / Cross-Site Scripting
by Infoserve Security Team
EIP-2026-110513 EXPLOITDB text VERIFIED
PBCS Technology - 'articlenav.php' SQL Injection
by Kalashinkov3
EIP-2026-104807 EXPLOITDB text VERIFIED
11in1 CMS 1.0.1 - 'do.php' CRLF Injection
by LiquidWorm
EIP-2026-119304 EXPLOITDB text VERIFIED
XAMPP 1.7.7 - 'PHP_SELF' Multiple Cross-Site Scripting Vulnerabilities
by Gjoko Krstic
CVE-2007-4517 EXPLOITDB text
Oracle 10g R2 - Buffer Overflow
Buffer overflow in the XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedure in Oracle 10g R2 allows remote authenticated users to execute arbitrary code via a long (1) OWNER or (2) NAME argument.
by David Maman
CVE-2011-4810 EXPLOITDB text VERIFIED
Whmcs Whmcompletesolution - Path Traversal
Multiple directory traversal vulnerabilities in WHMCompleteSolution (WHMCS) 3.x and 4.x allow remote attackers to read arbitrary files via the templatefile parameter to (1) submitticket.php and (2) downloads.php, and (3) the report parameter to admin/reports.php.
by ZxH-Labs
EIP-2026-112245 EXPLOITDB text VERIFIED
SmartJobBoard - 'keywords' Cross-Site Scripting
by Mr.PaPaRoSSe
CVE-2011-5183 EXPLOITDB text VERIFIED
Bioinformatics Ordersys < 1.6.3 - SQL Injection
Multiple SQL injection vulnerabilities in OrderSys 1.6.4 and earlier allow remote attackers to execute arbitrary SQL commands via the where_clause parameter to (1) index.php, (2) index_long.php, or (3) index_short.php in ordering/interface_creator/.
by muuratsalo
EIP-2026-109059 EXPLOITDB text VERIFIED
LabStoRe 1.5.4 - SQL Injection
by muuratsalo
EIP-2026-104958 EXPLOITDB text VERIFIED
Admin Bot - 'news.php' SQL Injection
by baltazar
EIP-2026-102415 EXPLOITDB text
Oracle NoSQL 11g 1.1.100 R2 - 'log' Directory Traversal
by Buherátor
EIP-2026-119377 EXPLOITDB text VERIFIED
HP Data Protector Media Operations 6.20 - Directory Traversal
by Luigi Auriemma
EIP-2026-115652 EXPLOITDB text VERIFIED
Microsoft Excel 2003 11.8335.8333 - Use-After-Free
by Luigi Auriemma
EIP-2026-114310 EXPLOITDB text VERIFIED
WordPress Theme Bonus 1.0 - 's' Cross-Site Scripting
by 3spi0n
CVE-2011-4813 EXPLOITDB text
Whmcs Whmcompletesolution - Path Traversal
Directory traversal vulnerability in clientarea.php in WHMCompleteSolution (WHMCS) 3.x.x allows remote attackers to read arbitrary files via an invalid action and a ../ (dot dot slash) in the templatefile parameter.
by red virus
CVE-2011-4431 EXPLOITDB text VERIFIED
Merethis Centreon < 2.3.1 - Path Traversal
Directory traversal vulnerability in main.php in Merethis Centreon before 2.3.2 allows remote authenticated users to execute arbitrary commands via a .. (dot dot) in the command_name parameter.
by Christophe de la Fuente
CVE-2011-4825 EXPLOITDB text VERIFIED
Phpletter Ajax File And Image Manager < 1.0 - Code Injection
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
by EgiX
EIP-2026-104992 EXPLOITDB text
Advanced Poll 2.02 - SQL Injection
by Yassin Aboukir
CVE-2011-4716 EXPLOITDB text VERIFIED
Dream-multimedia-tv Dreambox Dm800 HD SE Firmware - Path Traversal
Directory traversal vulnerability in file in DreamBox DM800 1.6rc3, 1.5rc1, and earlier allows remote attackers to read arbitrary files via the file parameter.
by Todor Donev
CVE-2011-4831 EXPLOITDB text VERIFIED
David Azoulay Web File Browser - Path Traversal
Directory traversal vulnerability in webFileBrowser.php in Web File Browser 0.4b14 allows remote authenticated users to read arbitrary files via a ..%2f (encoded dot dot) in the file parameter in a download action.
by Sangyun YOO
By Source
All 31,342 Writeup 60,273 Exploitdb 50,007 Nomisec 21,864 Metasploit 3,224 Github 2,663 Vulncheck_xdb 906 Inthewild 514 Gitlab 442 Gitee 415 Patchapalooza 312
By Language
text 31,342 python 6,005 ruby 5,913 c 3,573 perl 2,849 html 2,053 php 1,326 bash 460 java 364 c++ 250 javascript 220 shell 92 go 58 postscript 25 xml 24