Exploitdb Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-114212 EXPLOITDB text VERIFIED
WordPress Plugin WP E-Commerce 3.8.6 - 'cart_messages[]' Cross-Site Scripting
by High-Tech Bridge SA
EIP-2026-104227 EXPLOITDB text VERIFIED
DZYGroup CMS Portal - Multiple SQL Injections
by Netrondoank
EIP-2026-104137 EXPLOITDB text VERIFIED
Xpdf 3.02-13 - 'zxpdf' Security Bypass
by Chung-chieh Shan
EIP-2026-100226 EXPLOITDB text VERIFIED
Community Server 2007/2008 - 'TagSelector.aspx' Cross-Site Scripting
by PontoSec
CVE-2011-4106 EXPLOITDB text VERIFIED
TimThumb < 2.0 - Remote Code Execution via Domain Whitelist Bypass
TimThumb (timthumb.php) before 2.0 does not validate the entire source with the domain white list, which allows remote attackers to upload and execute arbitrary code via a URL containing a white-listed domain in the src parameter, then accessing it via a direct request to the file in the cache directory, as exploited in the wild in August 2011.
by MaXe
EIP-2026-109617 EXPLOITDB text VERIFIED
mt LinkDatenbank - 'b' Cross-Site Scripting
by Err0R
EIP-2026-108600 EXPLOITDB text VERIFIED
Joomla! Component com_xeslidegalfx - 'id' SQL Injection
by Ne0 H4ck3R
EIP-2026-108389 EXPLOITDB text VERIFIED
Joomla! Component com_jdirectory - SQL Injection
by Caddy Dz
EIP-2026-108312 EXPLOITDB text VERIFIED
Joomla! Component com_community - 'userid' SQL Injection
by Ne0 H4ck3R
EIP-2026-107586 EXPLOITDB text VERIFIED
HESK 2.2 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
EIP-2026-103903 EXPLOITDB text VERIFIED
foomatic-gui python-foomatic 0.7.9.4 - 'pysmb.py' Arbitrary Shell Command Execution
by daveb
EIP-2026-100164 EXPLOITDB text VERIFIED
BESNI OKUL PORTAL - 'sayfa.asp' Cross-Site Scripting
by Err0R
EIP-2026-100152 EXPLOITDB text VERIFIED
Ataccan E-Ticaret Scripti - 'id' SQL Injection
by Err0R
EIP-2026-112186 EXPLOITDB text VERIFIED
SiteGenius - Blind SQL Injection
by AutoRUN & dR.sqL
EIP-2026-109726 EXPLOITDB text VERIFIED
MyBB MyTabs Plugin - SQL Injection
by AutoRUN & dR.sqL
EIP-2026-109725 EXPLOITDB text VERIFIED
MyBB MyTabs Plugin - 'tab' SQL Injection
by AutoRUN & dR.sqL
CVE-2013-0332 EXPLOITDB text
ZoneMinder 1.24.x - Path Traversal via View Request or Action Parameter
Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) view, (2) request, or (3) action parameter.
by iye
EIP-2026-106281 EXPLOITDB text VERIFIED
Curverider Elgg 1.7.9 - Multiple Cross-Site Scripting Vulnerabilities
by Aung Khant
EIP-2026-106028 EXPLOITDB text
CMSPro! 2.08 - Cross-Site Request Forgery
by Xadpritox
EIP-2026-104080 EXPLOITDB text VERIFIED
Skype 5.3 - 'Mobile Phone' HTML Injection
by noptrix
EIP-2026-108812 EXPLOITDB text
Joomla! Component obSuggest - Local File Inclusion
by v3n0m
EIP-2026-106451 EXPLOITDB text
Digital Scribe 1.5 - register_form()' Multiple POST Cross-Site Scripting Vulnerabilities
by LiquidWorm
EIP-2026-109157 EXPLOITDB text VERIFIED
Link Station Pro - Multiple Vulnerabilities
by $#4d0\/\/[r007k17]
CVE-2011-2745 EXPLOITDB text VERIFIED
Chyrp < 2.0 - Authenticated Arbitrary PHP File Upload via swfupload Extension
upload_handler.php in the swfupload extension in Chyrp 2.0 and earlier relies on client-side JavaScript code to restrict the file extensions of uploaded files, which allows remote authenticated users to upload a .php file, and consequently execute arbitrary PHP code, via a write_post action to the default URI under admin/.
by Wireghoul
CVE-2011-2744 EXPLOITDB text VERIFIED
Chyrp < 2.1 - Remote File Inclusion via Action Parameter
Directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI.
by Wireghoul