Exploitdb Exploits

31,344 exploits tracked across all sources.

Sort: Activity Stars
CVE-2011-4958 EXPLOITDB text VERIFIED
Silverstripe < 2.3.12 - XSS
Cross-site scripting (XSS) vulnerability in the process function in SSViewer.php in SilverStripe before 2.3.13 and 2.4.x before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to template placeholders, as demonstrated by a request to (1) admin/reports/, (2) admin/comments/, (3) admin/, (4) admin/show/, (5) admin/assets/, and (6) admin/security/.
by Stefan Schurtz
EIP-2026-108571 EXPLOITDB text VERIFIED
Joomla! Component com_tree - 'key' SQL Injection
by CoBRa_21
EIP-2026-108538 EXPLOITDB text VERIFIED
Joomla! Component com_shop - 'id' SQL Injection
by CoBRa_21
EIP-2026-108289 EXPLOITDB text VERIFIED
Joomla! Component com_br - 'state_id' SQL Injection
by CoBRa_21
EIP-2026-104828 EXPLOITDB text VERIFIED
2Moons 1.4 - Multiple Remote File Inclusions
by indoushka
CVE-2011-5277 EXPLOITDB text VERIFIED
Advanced Forum Signatures - SQL Injection
Multiple SQL injection vulnerabilities in signature.php in the Advanced Forum Signatures (aka afsignatures) plugin 2.0.4 for MyBB allow remote attackers to execute arbitrary SQL commands via the (1) afs_type, (2) afs_background, (3) afs_showonline, (4) afs_bar_left, (5) afs_bar_center, (6) afs_full_line1, (7) afs_full_line2, (8) afs_full_line3, (9) afs_full_line4, (10) afs_full_line5, or (11) afs_full_line6 parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Mario_Vs
CVE-2011-10034 EXPLOITDB MEDIUM text VERIFIED
AUTOMGEN <8.0.0.7 - Memory Corruption
AUTOMGEN versions up to and including 8.0.0.7 (also referenced as 8.022) contain a vulnerability in that project file handling frees an object and subsequently dereferences the stale pointer when processing certain malformed fields. The dangling-pointer use enables an attacker to influence an indirect call through attacker-controlled memory, resulting in denial-of-service. In some conditions, remote code execution may be possible.
by Luigi Auriemma
CVE-2011-4273 EXPLOITDB text VERIFIED
GoAhead Webserver 2.18 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in GoAhead Webserver 2.18 allow remote attackers to inject arbitrary web script or HTML via (1) the group parameter to goform/AddGroup, related to addgroup.asp; (2) the url parameter to goform/AddAccessLimit, related to addlimit.asp; or the (3) user (aka User ID) or (4) group parameter to goform/AddUser, related to adduser.asp.
by Silent Dream
CVE-2011-4273 EXPLOITDB text VERIFIED
GoAhead Webserver 2.18 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in GoAhead Webserver 2.18 allow remote attackers to inject arbitrary web script or HTML via (1) the group parameter to goform/AddGroup, related to addgroup.asp; (2) the url parameter to goform/AddAccessLimit, related to addlimit.asp; or the (3) user (aka User ID) or (4) group parameter to goform/AddUser, related to adduser.asp.
by Silent Dream
CVE-2011-4273 EXPLOITDB text VERIFIED
GoAhead Webserver 2.18 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in GoAhead Webserver 2.18 allow remote attackers to inject arbitrary web script or HTML via (1) the group parameter to goform/AddGroup, related to addgroup.asp; (2) the url parameter to goform/AddAccessLimit, related to addlimit.asp; or the (3) user (aka User ID) or (4) group parameter to goform/AddUser, related to adduser.asp.
by Silent Dream
CVE-2011-4871 EXPLOITDB text VERIFIED
Opcsystems.net < 4.0 - Improper Input Validation
Open Automation Software OPC Systems.NET before 5.0 allows remote attackers to cause a denial of service via a malformed .NET RPC packet on TCP port 58723.
by Luigi Auriemma
CVE-2011-4883 EXPLOITDB text VERIFIED
Atvise Webmi2ads < 2.0.1 - Improper Input Validation
The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 does not properly validate values in HTTP requests, which allows remote attackers to cause a denial of service (resource consumption) via a crafted request.
by Luigi Auriemma
EIP-2026-111802 EXPLOITDB text
Roundcube Webmail 0.3.1 - Cross-Site Request Forgery / SQL Injection
by Smith Falcon
EIP-2026-111420 EXPLOITDB text
POSH - Multiple Vulnerabilities
by Crashfr
EIP-2026-110302 EXPLOITDB text
openEngine 2.0 - Multiple Blind SQL Injection Vulnerabilities
by Stefan Schurtz
CVE-2011-4569 EXPLOITDB text VERIFIED
TOM K Forum Userbar Plugin - SQL Injection
SQL injection vulnerability in userbarsettings.php in the Userbar plugin 2.2 for MyBB Forum allows remote attackers to execute arbitrary SQL commands via the image2 parameter.
by Mario_Vs
CVE-2011-5278 EXPLOITDB text VERIFIED
Advanced Forum Signatures - SQL Injection
SQL injection vulnerability in signature.php in Advanced Forum Signatures plugin (aka afsignatures) 2.0.4 for MyBB allows remote attackers to execute arbitrary SQL commands via the afs_bar_right parameter.
by Mario_Vs
EIP-2026-108959 EXPLOITDB text
KaiBB 2.0.1 - SQL Injection
by Stefan Schurtz
EIP-2026-108049 EXPLOITDB text VERIFIED
Jaws 0.8.14 - Multiple Remote File Inclusions
by indoushka
EIP-2026-107097 EXPLOITDB text
Filmis 0.2 Beta - Multiple Vulnerabilities
by M.Jock3R
EIP-2026-106178 EXPLOITDB text
cotonti CMS 0.9.4 - Multiple Vulnerabilities
by LiquidWorm
EIP-2026-104866 EXPLOITDB text VERIFIED
6KBBS 8.0 build 20101201 - Cross-Site Scripting / Information Disclosure
by labs insight
EIP-2026-104865 EXPLOITDB text
6kbbs - Multiple Vulnerabilities
by labs insight
EIP-2026-108342 EXPLOITDB text VERIFIED
Joomla! Component com_expedition - 'id' SQL Injection
by BHG Security Center
EIP-2026-107463 EXPLOITDB text
GotoCode Online Classifieds - Multiple Vulnerabilities
by Nathaniel Carew
By Source
All 31,344 Writeup 60,280 Exploitdb 50,009 Nomisec 21,865 Metasploit 3,224 Github 2,665 Vulncheck_xdb 906 Inthewild 514 Gitlab 442 Gitee 415 Patchapalooza 312
By Language
text 31,344 python 6,006 ruby 5,913 c 3,574 perl 2,849 html 2,053 php 1,326 bash 460 java 364 c++ 250 javascript 220 shell 92 go 58 postscript 25 xml 24