Exploitdb Exploits

31,344 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-111021 EXPLOITDB text VERIFIED
phpcollab 2.5 - Multiple Vulnerabilities
by High-Tech Bridge SA
EIP-2026-104803 EXPLOITDB text VERIFIED
1024 CMS 1.1.0 Beta - Multiple Input Validation Vulnerabilities
by QSecure & Demetris Papapetrou
EIP-2026-101272 EXPLOITDB text VERIFIED
FiberHome HG-110 - Cross-Site Scripting / Directory Traversal
by Zerial
CVE-2011-10009 EXPLOITDB HIGH text VERIFIED
S40 CMS v0.4.2 - Path Traversal
S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and access arbitrary files outside the web root. This can be exploited remotely without authentication by appending traversal sequences and a null byte to bypass file extension checks.
by Osirys
EIP-2026-113158 EXPLOITDB text VERIFIED
vTiger CRM 5.2.1 - 'vtigerservice.php' Cross-Site Scripting
by AutoSec Tools
EIP-2026-106807 EXPLOITDB text VERIFIED
eGroupWare 1.8.1 - 'test.php' Cross-Site Scripting
by AutoSec Tools
EIP-2026-100464 EXPLOITDB text VERIFIED
Omer Portal 3.220060425 - 'arama_islem.asp' Cross-Site Scripting
by kurdish hackers team
CVE-2011-1714 EXPLOITDB text
QooxDoo 1.3 - XSS
Cross-site scripting (XSS) vulnerability in framework/source/resource/qx/test/jsonp_primitive.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web script or HTML via the callback parameter.
by AutoSec Tools
EIP-2026-112612 EXPLOITDB text VERIFIED
TextPattern 4.2 - 'index.php' Cross-Site Scripting
by kurdish hackers team
CVE-2011-1723 EXPLOITDB text VERIFIED
Redmine <1.1.1 - XSS
Cross-site scripting (XSS) vulnerability in app/views/layouts/base.rhtml in Redmine 1.0.1 through 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to projects/hg-helloworld/news/. NOTE: some of these details are obtained from third party information.
by Mesut Timur
EIP-2026-107494 EXPLOITDB text VERIFIED
greenpants 0.1.7 - Multiple Vulnerabilities
by Ptrace Security
CVE-2011-1715 EXPLOITDB text
QooxDoo 1.3 - Path Traversal
Directory traversal vulnerability in framework/source/resource/qx/test/part/delay.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to read arbitrary files via ..%2f (encoded dot dot) sequences in the file parameter.
by AutoSec Tools
EIP-2026-106567 EXPLOITDB text VERIFIED
Dream Vision Technologies Web Portal - SQL Injection
by eXeSoul
CVE-2011-1669 EXPLOITDB text
WP Custom Pages <0.5.0.1 - Path Traversal
Directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter.
by AutoSec Tools
EIP-2026-112921 EXPLOITDB text VERIFIED
UseBB 1.0.11 - 'admin.php' Local File Inclusion
by High-Tech Bridge SA
EIP-2026-112813 EXPLOITDB text
Tutorialms 1.4 - 'show' SQL Injection
by LiquidWorm
CVE-2011-5160 EXPLOITDB text
Open-emr Openemr - XSS
Cross-site scripting (XSS) vulnerability in setup.php in OpenEMR 4 allows remote attackers to inject arbitrary web script or HTML via the site parameter.
by AutoSec Tools
EIP-2026-106820 EXPLOITDB text VERIFIED
Eleanor CMS - Cross-Site Scripting / Multiple SQL Injections
by High-Tech Bridge SA
CVE-2009-5065 EXPLOITDB text VERIFIED
Mark Pilgrim Feedparser < 4.1 - XSS
Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas.
by fazalmajid
EIP-2026-114513 EXPLOITDB text VERIFIED
Yaws-Wiki 1.88-1 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
by Michael Brooks
EIP-2026-114462 EXPLOITDB text VERIFIED
XOOPS 2.5 - 'banners.php' Multiple Local File Inclusions
by KedAns-Dz
EIP-2026-114281 EXPLOITDB text VERIFIED
WordPress Plugin WPwizz AdWizz Plugin 1.0 - 'link' Cross-Site Scripting
by John Leitch
EIP-2026-110801 EXPLOITDB text VERIFIED
PHP-Fusion - 'article_id' SQL Injection
by KedAns-Dz
EIP-2026-109691 EXPLOITDB text VERIFIED
MyBB 1.4/1.6 - Multiple Vulnerabilities
by MustLive
EIP-2026-107352 EXPLOITDB text VERIFIED
Gazelle CMS 1.0 - Cross-Site Scripting / SQL Injection
by kurdish hackers team
By Source
All 31,344 Writeup 60,344 Exploitdb 50,009 Nomisec 21,883 Metasploit 3,225 Github 2,709 Vulncheck_xdb 906 Inthewild 514 Gitlab 442 Gitee 415 Patchapalooza 312
By Language
text 31,344 python 6,029 ruby 5,914 c 3,575 perl 2,849 html 2,053 php 1,326 bash 460 java 364 c++ 251 javascript 220 shell 95 go 61 postscript 25 xml 24