Exploitdb Exploits

31,344 exploits tracked across all sources.

Sort: Activity Stars
CVE-2011-4809 EXPLOITDB text VERIFIED
Joomlaextensions Com Hmcommunity < 1.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) language[], (2) university[], (3) persent[], (4) company_name[], (5) designation[], (6) music[], (7) books[], (8) movies[], (9) games[], (10) syp[], (11) ft[], and (12) fa[] parameters in a save task for a profile to index.php. NOTE: some of these details are obtained from third party information.
by 599eme Man
CVE-2011-5112 EXPLOITDB text
Blueflyingfish Com Alameda < 1.0.0 - SQL Injection
SQL injection vulnerability in Alameda (com_alameda) component before 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the storeid parameter to index.php.
by kaMtiEz
CVE-2011-5186 EXPLOITDB text VERIFIED
Burnsy Jbshop Plugin - XSS
Cross-site scripting (XSS) vulnerability in jbshop.php in the jbShop plugin for e107 7 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter.
by Robert Cooper
CVE-2011-4829 EXPLOITDB text VERIFIED
Barter-sites Com Listing - SQL Injection
SQL injection vulnerability in the com_listing component in Barter Sites component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter to index.php.
by Chris Russell
CVE-2011-4806 EXPLOITDB text VERIFIED
Phpalbum < 0.4.1.16 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in main.php in phpAlbum 0.4.1.16 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) var1 and (2) keyword parameters.
by BHG Security Center
CVE-2011-4807 EXPLOITDB text VERIFIED
Phpalbum < 0.4.1.16 - Path Traversal
Directory traversal vulnerability in main.php in phpAlbum 0.4.1.16 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the var1 parameter.
by BHG Security Center
CVE-2011-4823 EXPLOITDB text VERIFIED
Extensionsforjoomla Com Vikrealestate - SQL Injection
Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a results action and (2) imm parameter in a show action to index.php.
by Chris Russell
EIP-2026-108392 EXPLOITDB text VERIFIED
Joomla! Component com_jeemasms 3.2 - Multiple Vulnerabilities
by Chris Russell
CVE-2011-4830 EXPLOITDB text VERIFIED
Barter-sites Com Listing - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the com_listing component in Barter Sites component 1.3 for Joomla! allow remote authenticated users to inject arbitrary web script or HTML via the (1) listing_title, (2) description, (3) homeurl (aka Website Address), (4) paystring (aka Payment types accepted), (5) sell_price, (6) shipping_cost, and (7) quantity parameters to index.php.
by Chris Russell
EIP-2026-116008 EXPLOITDB text VERIFIED
Opera Web Browser 11.52 - Escape Sequence Stack Buffer Overflow (Denial of Service) (PoC)
by Marcel Bernhardt
EIP-2026-112199 EXPLOITDB text VERIFIED
SjXjV 2.3 - 'post.php' SQL Injection
by 599eme Man
EIP-2026-111329 EXPLOITDB text VERIFIED
Plici Search 2.0.0.Stable.r.1878 - 'p48-search.html' Cross-Site Scripting
by 599eme Man
CVE-2011-5113 EXPLOITDB text VERIFIED
Techdeluge Com Techfolio - SQL Injection
SQL injection vulnerability in frontend/models/techfoliodetail.php in Techfolio (com_techfolio) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.
by Chris Russell
EIP-2026-106784 EXPLOITDB text VERIFIED
eFront 3.6.10 - 'professor.php' Script Multiple SQL Injections
by Vulnerability Research Laboratory
CVE-2011-4803 EXPLOITDB text
Bravenewcode Wptouch - SQL Injection
SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
by longrifle0x
EIP-2026-106782 EXPLOITDB text
eFront 3.6.10 (build 11944) - Multiple Vulnerabilities
by EgiX
EIP-2026-119303 EXPLOITDB text VERIFIED
XAMPP 1.7.4 - Cross-Site Scripting
by Sangteamtham
EIP-2026-113156 EXPLOITDB text VERIFIED
vTiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities (2)
by LiquidWorm
CVE-2011-5185 EXPLOITDB text
Realmatrix Online Subtitles Workshop < 2.0 - XSS
Cross-site scripting (XSS) vulnerability in video_comments.php in Online Subtitles Workshop before 2.0 rev 131 allows remote attackers to inject arbitrary web script or HTML via the comment parameter.
by M.Jock3R
EIP-2026-103023 EXPLOITDB text VERIFIED
Trend Micro IWSS 3.1 - Local Privilege Escalation
by Buguroo Offensive Security
CVE-2011-3315 EXPLOITDB text VERIFIED
Cisco Unified IP Interactive Voice Response - Path Traversal
Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049.
by Sandro Gauci
EIP-2026-108608 EXPLOITDB text
Joomla! Component com_yjcontactus - Local File Inclusion
by MeGo
EIP-2026-105124 EXPLOITDB text VERIFIED
Alsbtain Bulletin 1.5/1.6 - Multiple Local File Inclusions
by Null H4ck3r
EIP-2026-107902 EXPLOITDB text VERIFIED
InverseFlow 2.4 - Multiple Cross-Site Scripting Vulnerabilities
by Amir Expl0its
CVE-2011-1513 EXPLOITDB text VERIFIED
e107 CMS <0.7.24 - Code Injection
Static code injection vulnerability in install_.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code into e107_config.php via a crafted MySQL server name.
by Matt Bergin
By Source
All 31,344 Writeup 60,280 Exploitdb 50,009 Nomisec 21,865 Metasploit 3,224 Github 2,665 Vulncheck_xdb 906 Inthewild 514 Gitlab 442 Gitee 415 Patchapalooza 312
By Language
text 31,344 python 6,006 ruby 5,913 c 3,574 perl 2,849 html 2,053 php 1,326 bash 460 java 364 c++ 250 javascript 220 shell 92 go 58 postscript 25 xml 24