Exploitdb Exploits

31,344 exploits tracked across all sources.

Sort: Activity Stars

CVE-2011-5267 EXPLOITDB text

Wikiwig - XSS

Multiple cross-site scripting (XSS) vulnerabilities in spell-check-savedicts.php in the SpellChecker module in Xinha, as used in WikiWig 5.01 and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) to_p_dict or (2) to_r_list parameter. NOTE: this issue might be related to the htmlarea plugin and CVE-2013-5670.

by AutoSec Tools

View

EIP-2026-111392 EXPLOITDB text

pointter PHP content management system 1.2 - Multiple Vulnerabilities

by LiquidWorm

View

EIP-2026-109218 EXPLOITDB text VERIFIED

LotusCMS 3.0.3 - Multiple Vulnerabilities

by High-Tech Bridge SA

View

EIP-2026-105360 EXPLOITDB text

b2evolution 4.0.3 - Persistent Cross-Site Scripting

by AutoSec Tools

View

EIP-2026-105199 EXPLOITDB text VERIFIED

AplikaMedia CMS - 'page_info.php' SQL Injection

by H3X

View

CVE-2011-0745 EXPLOITDB text VERIFIED

Sugarcrm < 6.1.2 - Improper Input Validation

SugarCRM before 6.1.3 does not properly handle reloads and direct requests for a warning page produced by a certain duplicate check, which allows remote authenticated users to discover (1) the names of customers via a ShowDuplicates action to the Accounts module, reachable through index.php; or (2) the names of contact persons via a ShowDuplicates action to the Contacts module, reachable through index.php.

by RedTeam Pentesting GmbH

View

EIP-2026-109200 EXPLOITDB text

Log1 CMS 2.0 - Multiple Vulnerabilities

by Aodrulez

View

EIP-2026-105610 EXPLOITDB text VERIFIED

BoutikOne - 'search.php' Multiple SQL Injections

by cdx.security

View

EIP-2026-105609 EXPLOITDB text VERIFIED

BoutikOne - 'rss_top10.php?lang' SQL Injection

by cdx.security

View

EIP-2026-105608 EXPLOITDB text VERIFIED

BoutikOne - 'rss_promo.php?lang' SQL Injection

by cdx.security

View

EIP-2026-105607 EXPLOITDB text VERIFIED

BoutikOne - 'rss_news.php?lang' SQL Injection

by cdx.security

View

EIP-2026-105606 EXPLOITDB text VERIFIED

BoutikOne - 'rss_flash.php?lang' SQL Injection

by cdx.security

View

EIP-2026-105605 EXPLOITDB text VERIFIED

BoutikOne - 'list.php?path' SQL Injection

by cdx.security

View

EIP-2026-105603 EXPLOITDB text VERIFIED

BoutikOne - 'categorie.php?path' SQL Injection

by cdx.security

View

EIP-2026-104110 EXPLOITDB text VERIFIED

Trend Micro WebReputation API 10.5 - URI SecURIty Bypass

by DcLabs Security Research Group

View

EIP-2026-102200 EXPLOITDB text VERIFIED

iOS Checkview 1.1 - Directory Traversal

by kim@story

View

EIP-2026-100559 EXPLOITDB text

SmarterMail 8.0 - Multiple Cross-Site Scripting Vulnerabilities

by Hoyt LLC Research

View

EIP-2026-106195 EXPLOITDB text VERIFIED

Cover Vision - SQL Injection

by Egyptian.H4x0rz

View

EIP-2026-106136 EXPLOITDB text VERIFIED

Constructr CMS 3.03 - Multiple Remote Vulnerabilities

by LiquidWorm

View

CVE-2010-4437 EXPLOITDB text

Oracle WebLogic Server - Unknown Vuln

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.0, 9.1, 9.2.4, 10.0.2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet Container.

by Roberto Suggi Liverani

View

EIP-2026-102664 EXPLOITDB text VERIFIED

Linux NTP query client 4.2.6p1 - Heap Overflow

by mr_me

View

EIP-2026-100561 EXPLOITDB text VERIFIED

SmarterStats 6.0 - Multiple Vulnerabilities

by Hoyt LLC Research

View

CVE-2011-5267 EXPLOITDB text VERIFIED

Wikiwig - XSS

by John Leitch

View

EIP-2026-113859 EXPLOITDB text VERIFIED

WordPress Plugin Lazyest Gallery 1.0.26 - 'image' Cross-Site Scripting

by High-Tech Bridge SA

View

EIP-2026-113434 EXPLOITDB text VERIFIED

Wikiwig 5.01 - Cross-Site Scripting / HTML Injection

by AutoSec Tools

View

By Source

Exploitdb 50,009

By Language

text 31,344