Exploitdb Exploits

31,344 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-108043 EXPLOITDB text
Jarida 1.0 - Multiple Vulnerabilities
by Ptrace Security
CVE-2011-3645 EXPLOITDB text
Newgen OmniDocs - Auth Bypass
Newgen OmniDocs allows remote attackers to bypass intended access restrictions via (1) a modified FolderRights parameter to doccab/doclist.jsp, which leads to arbitrary permission changes; or (2) a modified UserIndex parameter to doccab/userprofile/editprofile.jsp, which selects the settings page of an arbitrary user.
by Sohil Garg
EIP-2026-100695 EXPLOITDB text VERIFIED
Adobe ColdFusion 7 - Multiple Cross-Site Scripting Vulnerabilities
by MustLive
EIP-2026-116336 EXPLOITDB text VERIFIED
Sterling Trader 7.0.2 - Integer Overflow
by Luigi Auriemma
EIP-2026-113625 EXPLOITDB text
WordPress Plugin CevherShare 2.0 - SQL Injection
by bd0rk
EIP-2026-113608 EXPLOITDB text VERIFIED
WordPress Plugin BuddyPress 1.2.10 / WordPress Theme DEV Blogs Mu 1.2.6 (WordPress 3.1.4) - Regular Subscriber HTML Injection
by knull
EIP-2026-111864 EXPLOITDB text VERIFIED
S9Y Serendipity Freetag-plugin 3.23 - 'serendipity[tagview]' Cross-Site Scripting
by Stefan Schurtz
EIP-2026-108222 EXPLOITDB text VERIFIED
Joomla! Component Biitatemplateshop - 'groups' SQL Injection
by BHG Security Group
EIP-2026-104938 EXPLOITDB text VERIFIED
AdaptCMS 2.0.1 - Cross-Site Scripting / Information Disclosure
by Stefan Schurtz
CVE-2011-3861 EXPLOITDB text VERIFIED
Web Minimalist 200901 - XSS
Cross-site scripting (XSS) vulnerability in the Web Minimalist 200901 theme before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
by SiteWatch
CVE-2011-3859 EXPLOITDB text VERIFIED
WordPress Trending <0.2 - XSS
Cross-site scripting (XSS) vulnerability in the Trending theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
by SiteWatch
EIP-2026-114332 EXPLOITDB text VERIFIED
WordPress Theme Hybrid 0.9 - 'cpage' Cross-Site Scripting
by SiteWatch
CVE-2011-3855 EXPLOITDB text VERIFIED
WordPress F8 Lite <4.2.2 - XSS
Cross-site scripting (XSS) vulnerability in the F8 Lite theme before 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
by SiteWatch
CVE-2011-3860 EXPLOITDB text VERIFIED
Cover WP <1.6.6 - XSS
Cross-site scripting (XSS) vulnerability in the Cover WP theme before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
by jabdah
EIP-2026-113869 EXPLOITDB text VERIFIED
WordPress Plugin Link Library 5.2.1 - SQL Injection
by Miroslav Stampar
CVE-2011-4671 EXPLOITDB text VERIFIED
Adrotate < 3.6.7 - SQL Injection
SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter (aka redirect URL).
by Miroslav Stampar
CVE-2011-3579 EXPLOITDB text VERIFIED
IceWarp WebMail <10.3.3 - SSRF/Info Disclosure
server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference.
by David Kirkpatrick
EIP-2026-116347 EXPLOITDB text VERIFIED
sunway ForceControl 6.1 sp3 - Multiple Vulnerabilities
by Luigi Auriemma
EIP-2026-114660 EXPLOITDB text VERIFIED
Zyncro 3.0.1.20 - Social Network Message Menu SQL Injection
by Ferran Pichel Llaquet
EIP-2026-114659 EXPLOITDB text VERIFIED
Zyncro 3.0.1.20 - Multiple HTML Injection Vulnerabilities
by Ferran Pichel Llaquet
CVE-2011-3010 EXPLOITDB text VERIFIED
Twiki < 5.0.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic; or (2) the query string to SlideShow.pm in the SlideShowPlugin.
by Mesut Timur
CVE-2011-3010 EXPLOITDB text VERIFIED
Twiki < 5.0.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic; or (2) the query string to SlideShow.pm in the SlideShowPlugin.
by Mesut Timur
EIP-2026-105338 EXPLOITDB text VERIFIED
AWStats 6.95/7.0 - 'awredir.pl' Multiple Cross-Site Scripting Vulnerabilities
by MustLive
CVE-2011-5127 EXPLOITDB text
Bluecoat Reporter - Path Traversal
Directory traversal vulnerability in Blue Coat Reporter 9.x before 9.2.4.13, 9.2.5.x before 9.2.5.1, and 9.3 before 9.3.1.2 on Windows allows remote attackers to read arbitrary files, and consequently execute arbitrary code, via an unspecified HTTP request.
by nitr0us
EIP-2026-115623 EXPLOITDB text VERIFIED
MetaServer RT 3.2.1.450 - Multiple Vulnerabilities
by Luigi Auriemma
By Source
All 31,344 Writeup 60,280 Exploitdb 50,009 Nomisec 21,865 Metasploit 3,224 Github 2,665 Vulncheck_xdb 906 Inthewild 514 Gitlab 442 Gitee 415 Patchapalooza 312
By Language
text 31,344 python 6,006 ruby 5,913 c 3,574 perl 2,849 html 2,053 php 1,326 bash 460 java 364 c++ 250 javascript 220 shell 92 go 58 postscript 25 xml 24