Exploitdb Exploits

31,344 exploits tracked across all sources.

Sort: Activity Stars
CVE-2011-2780 EXPLOITDB text VERIFIED
Chyrp < 2.0 - Path Traversal
Directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2011-2744.
by Wireghoul
EIP-2026-102500 EXPLOITDB text
ManageEngine ServiceDesk Plus 8.0 Build 8013 - Multiple Cross-Site Scripting Vulnerabilities
by Narendra Shinde
EIP-2026-118941 EXPLOITDB text VERIFIED
MyWebServer 1.0.3 - Arbitrary File Download
by X-h4ck
EIP-2026-115060 EXPLOITDB text VERIFIED
Citrix XenApp / XenDesktop XML Service - Heap Corruption
by n.runs AG
EIP-2026-115059 EXPLOITDB text VERIFIED
Citrix XenApp / XenDesktop - Stack Buffer Overflow
by n.runs AG
CVE-2011-2403 EXPLOITDB text VERIFIED
HP Network Automation - SQL Injection
SQL injection vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
by anonymous
EIP-2026-100549 EXPLOITDB text VERIFIED
Sitecore CMS 6.4.1 - 'url' Open Redirection
by Tom Neaves
EIP-2026-118903 EXPLOITDB text VERIFIED
MinaliC WebServer 2.0 - Remote Source Disclosure
by X-h4ck
EIP-2026-111099 EXPLOITDB text VERIFIED
PHPJunkYard GBook 1.6/1.7 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
EIP-2026-109364 EXPLOITDB text VERIFIED
MBoard 1.3 - 'url' Open Redirection
by High-Tech Bridge SA
CVE-2011-2522 EXPLOITDB text VERIFIED
Samba < 3.3.16 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.
by Narendra Shinde
CVE-2011-0222 EXPLOITDB text
Apple Safari < 5.0.5 - Memory Corruption
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
by Abysssec
CVE-2011-5071 EXPLOITDB text VERIFIED
Sitracker Support Incident Tracker < 3.63 - SQL Injection
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information.
by Yuri Goltsev
CVE-2011-5071 EXPLOITDB text VERIFIED
Sitracker Support Incident Tracker < 3.63 - SQL Injection
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information.
by Yuri Goltsev
CVE-2011-5071 EXPLOITDB text VERIFIED
Sitracker Support Incident Tracker < 3.63 - SQL Injection
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information.
by Yuri Goltsev
CVE-2011-5071 EXPLOITDB text VERIFIED
Sitracker Support Incident Tracker < 3.63 - SQL Injection
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information.
by Yuri Goltsev
EIP-2026-110795 EXPLOITDB text
PHP-Barcode 0.3pl1 - Remote Code Execution
by beford
EIP-2026-110332 EXPLOITDB text
OpenX Ad Server 2.8.7 - Cross-Site Request Forgery
by Narendra Shinde
EIP-2026-104328 EXPLOITDB text
ManageEngine ServiceDesk Plus 8.0.0 Build 8013 - Improper User Privileges
by Narendra Shinde
EIP-2026-113441 EXPLOITDB text VERIFIED
Willscript Recipes Website Script Silver Edition - 'viewRecipe.php' SQL Injection
by Lazmania61
EIP-2026-110107 EXPLOITDB text VERIFIED
Online Grades 3.2.5 - Multiple Cross-Site Scripting Vulnerabilities
by Gjoko Krstic
EIP-2026-109653 EXPLOITDB text VERIFIED
MusicBox 3.7 - Multiple Vulnerabilities
by R@1D3N
EIP-2026-108580 EXPLOITDB text VERIFIED
Joomla! Component com_virtualmoney 1.5 - SQL Injection
by FL0RiX
EIP-2026-107449 EXPLOITDB text VERIFIED
Godly Forums - 'id' SQL Injection
by 3spi0n
EIP-2026-106043 EXPLOITDB text VERIFIED
CobraScripts Trading Marketplace Script - 'cid' SQL Injection
by Ehsan_Hp200
By Source
All 31,344 Writeup 60,294 Exploitdb 50,009 Nomisec 21,871 Metasploit 3,224 Github 2,678 Vulncheck_xdb 906 Inthewild 514 Gitlab 442 Gitee 415 Patchapalooza 312
By Language
text 31,344 python 6,015 ruby 5,913 c 3,574 perl 2,849 html 2,053 php 1,326 bash 460 java 364 c++ 250 javascript 220 shell 92 go 58 postscript 25 xml 24