Exploitdb Exploits

31,344 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-119291 EXPLOITDB text
wodWebServer.NET 1.3.3 - Directory Traversal
by AutoSec Tools
EIP-2026-113265 EXPLOITDB text VERIFIED
webEdition CMS 6.1.0.2 - Multiple Vulnerabilities
by AutoSec Tools
EIP-2026-112158 EXPLOITDB text VERIFIED
SimplisCMS 1.0.3.0 - Multiple Vulnerabilities
by NassRawI
EIP-2026-110336 EXPLOITDB text VERIFIED
OrangeHRM 2.6.2 - 'jobVacancy.php' Cross-Site Scripting
by AutoSec Tools
EIP-2026-105790 EXPLOITDB text VERIFIED
Cetera eCommerce - Multiple Cross-Site Scripting / SQL Injections
by MustLive
EIP-2026-107043 EXPLOITDB text
Family Connections CMS 2.3.2 - Persistent Cross-Site Scripting / XML Injection
by LiquidWorm
EIP-2026-107041 EXPLOITDB text VERIFIED
Family Connections 2.3.2 - 'subject' HTML Injection
by Zero Science Lab
EIP-2026-112527 EXPLOITDB text VERIFIED
SyndeoCMS 2.8.02 - Multiple Vulnerabilities (2)
by High-Tech Bridge SA
EIP-2026-111774 EXPLOITDB text VERIFIED
Ripe Website Manager 1.1 - Cross-Site Scripting / Multiple SQL Injections
by High-Tech Bridge SA
EIP-2026-109882 EXPLOITDB text VERIFIED
netjukebox 4.01B/5.25 - 'skin' Cross-Site Scripting
by AutoSec Tools
EIP-2026-109368 EXPLOITDB text VERIFIED
MC Content Manager 10.1.1 - Multiple Cross-Site Scripting Vulnerabilities
by MustLive
EIP-2026-107477 EXPLOITDB text VERIFIED
GrapeCity Data Dynamics Reports 1.6.2084.14 - Multiple Cross-Site Scripting Vulnerabilities
by Dionach
CVE-2011-0545 EXPLOITDB text
Symantec Liveupdate Administrator - CSRF
Cross-site request forgery (CSRF) vulnerability in adduser.do in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts, and possibly have unspecified other impact, via the userRole parameter.
by Nikolas Sotiriu
CVE-2011-1524 EXPLOITDB text
Symantec LiveUpdate Administrator <2.3 - XSS
Cross-site scripting (XSS) vulnerability in the management login GUI page in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to inject arbitrary web script or HTML via the username field, as demonstrated by injecting an IFRAME element into the event log, a different vulnerability than CVE-2011-0545.
by Nikolas Sotiriu
EIP-2026-116504 EXPLOITDB text VERIFIED
VMCPlayer 1.0 - Denial of Service
by BraniX
CVE-2011-4041 EXPLOITDB text VERIFIED
Advantech/BroadWin WebAccess - RCE
webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC request to TCP port 4592.
by Ruben Santamarta
EIP-2026-100622 EXPLOITDB text VERIFIED
Web Wiz Forums 9.5 - Multiple SQL Injections
by eXeSoul
EIP-2026-100616 EXPLOITDB text VERIFIED
Web Wiz Forum - Injection
by eXeSoul
CVE-2011-1567 EXPLOITDB text
IGSSdataServer.exe <9.00.00.11063 - Buffer Overflow
Multiple stack-based buffer overflows in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted (1) ListAll, (2) Write File, (3) ReadFile, (4) Delete, (5) RenameFile, and (6) FileInfo commands in an 0xd opcode; (7) the Add, (8) ReadFile, (9) Write File, (10) Rename, (11) Delete, and (12) Add commands in an RMS report templates (0x7) opcode; and (13) 0x4 command in an STDREP request (0x8) opcode to TCP port 12401.
by Luigi Auriemma
CVE-2011-1566 EXPLOITDB text
7-Technologies IGSS <9.00.00.11059 - Path Traversal
Directory traversal vulnerability in dc.exe 9.00.00.11059 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to execute arbitrary programs via ..\ (dot dot backslash) sequences in opcodes (1) 0xa and (2) 0x17 to TCP port 12397.
by Luigi Auriemma
CVE-2011-1565 EXPLOITDB text
7-Technologies IGSS <9.00.00.11063 - Path Traversal
Directory traversal vulnerability in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to (1) read (opcode 0x3) or (2) create or write (opcode 0x2) arbitrary files via ..\ (dot dot backslash) sequences to TCP port 12401.
by Luigi Auriemma
CVE-2011-1563 EXPLOITDB text
DATAC RealFlex RealWin <2.1 Build 6.1.10.10 - Buffer Overflow
Multiple stack-based buffer overflows in the HMI application in DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and earlier allow remote attackers to execute arbitrary code via (1) a long username in an On_FC_CONNECT_FCS_LOGIN packet, and crafted (2) On_FC_CTAGLIST_FCS_CADDTAG, (3) On_FC_CTAGLIST_FCS_CDELTAG, (4) On_FC_CTAGLIST_FCS_ADDTAGMS, (5) On_FC_RFUSER_FCS_LOGIN, (6) unspecified "On_FC_BINFILE_FCS_*FILE", (7) On_FC_CGETTAG_FCS_GETTELEMETRY, (8) On_FC_CGETTAG_FCS_GETCHANNELTELEMETRY, (9) On_FC_CGETTAG_FCS_SETTELEMETRY, (10) On_FC_CGETTAG_FCS_SETCHANNELTELEMETRY, and (11) On_FC_SCRIPT_FCS_STARTPROG packets to port 910.
by Luigi Auriemma
EIP-2026-119134 EXPLOITDB text VERIFIED
siemens tecnomatix factorylink 8.0.1.1473 - Multiple Vulnerabilities
by Luigi Auriemma
CVE-2011-1568 EXPLOITDB text
7-Technologies IGSS <9.00.00.11074 - RCE
Format string vulnerability in the logText function in shmemmgr9.dll in IGSSdataServer.exe 9.00.00.11074, and 9.00.00.11063 and earlier, in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated using the RMS Reports Delete command, related to the logging of messages to GSST.LOG. NOTE: some of these details are obtained from third party information.
by Luigi Auriemma
EIP-2026-115423 EXPLOITDB text
iconics genesis32 and genesis64 - Multiple Vulnerabilities
by Luigi Auriemma
By Source
All 31,344 Writeup 60,344 Exploitdb 50,009 Nomisec 21,883 Metasploit 3,225 Github 2,709 Vulncheck_xdb 906 Inthewild 514 Gitlab 442 Gitee 415 Patchapalooza 312
By Language
text 31,344 python 6,029 ruby 5,914 c 3,575 perl 2,849 html 2,053 php 1,326 bash 460 java 364 c++ 251 javascript 220 shell 95 go 61 postscript 25 xml 24