Exploitdb Exploits

31,344 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-108273 EXPLOITDB text
Joomla! Component com_b2portfolio 1.0.0 - Multiple SQL Injections
by Salvatore Fresta
EIP-2026-114231 EXPLOITDB text VERIFIED
WordPress Plugin WP Publication Archive 2.0.1 - 'file' Information Disclosure
by AutoSec Tools
EIP-2026-114216 EXPLOITDB text VERIFIED
WordPress Plugin WP Featured Post with Thumbnail 3.0 - 'src' Cross-Site Scripting
by AutoSec Tools
CVE-2011-0740 EXPLOITDB text VERIFIED
Pleer Rss Feed Reader - XSS
Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in RSS Feed Reader 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the rss_url parameter.
by AutoSec Tools
EIP-2026-113573 EXPLOITDB text VERIFIED
WordPress Plugin Audio 0.5.1 - 'showfile' Cross-Site Scripting
by AutoSec Tools
EIP-2026-110674 EXPLOITDB text VERIFIED
PHP Coupon Script 6.0 - 'bus' Blind SQL Injection
by h4ck3r
EIP-2026-111012 EXPLOITDB text VERIFIED
phpCMS 9.0 - Blind SQL Injection
by eidelweiss
EIP-2026-106275 EXPLOITDB text
cultbooking 2.0.4 - Multiple Vulnerabilities
by LiquidWorm
CVE-2011-0644 EXPLOITDB text VERIFIED
Phpcms 2008 - SQL Injection
SQL injection vulnerability in include/admin/model_field.class.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the modelid parameter to flash_upload.php.
by R3d-D3V!L
EIP-2026-111308 EXPLOITDB text VERIFIED
Pixie CMS 1.0.4 - '/admin/index.php' SQL Injection
by High-Tech Bridge SA
CVE-2011-0645 EXPLOITDB text VERIFIED
Phpcms 2008 - SQL Injection
SQL injection vulnerability in data.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the where_time parameter in a get action.
by R3d-D3V!L
CVE-2011-0646 EXPLOITDB text VERIFIED
Anserv Php Low Bids - SQL Injection
SQL injection vulnerability in viewfaqs.php in PHP LOW BIDS allows remote attackers to execute arbitrary SQL commands via the cat parameter.
by h4ck3r
CVE-2011-0635 EXPLOITDB text
Simploo Cms < 1.7.1 - Code Injection
Static code injection vulnerability in Simploo CMS 1.7.1 and earlier allows remote authenticated users to inject arbitrary PHP code into config/custom/base.ini.php via the ftpserver parameter (FTP-Server field) to the sicore/updates/optionssav operation for index.php.
by David Vieira-Kurz
EIP-2026-110926 EXPLOITDB text VERIFIED
PHPAuctions - 'viewfaqs.php' SQL Injection
by h4ck3r
EIP-2026-110652 EXPLOITDB text VERIFIED
PHP auctions - 'viewfaqs.php' Blind SQL Injection
by h4ck3r
CVE-2011-0511 EXPLOITDB text VERIFIED
Joomtraders Com Allcinevid - SQL Injection
SQL injection vulnerability in the allCineVid component (com_allcinevid) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by Salvatore Fresta
CVE-2010-4335 EXPLOITDB text
Cakefoundation Cakephp < 1.3.6 - Improper Input Validation
The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files.
by felix
EIP-2026-104178 EXPLOITDB text VERIFIED
B-Cumulus - 'tagcloud' Multiple Cross-Site Scripting Vulnerabilities
by MustLive
CVE-2011-0020 EXPLOITDB text VERIFIED
Pango 1.28.3 - Buffer Overflow
Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.
by Dan Rosenberg
CVE-2011-0645 EXPLOITDB text VERIFIED
Phpcms 2008 - SQL Injection
SQL injection vulnerability in data.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the where_time parameter in a get action.
by R3d-D3V!L
CVE-2011-0512 EXPLOITDB text VERIFIED
Jikaka Teams Structure Module - SQL Injection
SQL injection vulnerability in team.php in the Teams Structure module 3.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the team_id parameter.
by Saif
EIP-2026-105181 EXPLOITDB text VERIFIED
AneCMS 1.3 - Persistent Cross-Site Scripting
by Penguin
CVE-2011-1020 EXPLOITDB text
Linux Kernel < 2.6.37 - Information Disclosure
The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls.
by halfdog
CVE-2011-0515 EXPLOITDB text
Kingsoft Antivirus - Denial of Service
KisKrnl.sys 2011.1.13.89 and earlier in Kingsoft AntiVirus 2011 SP5.2 allows local users to cause a denial of service (crash) via a crafted request that is not properly handled by the KiFastCallEntry hook.
by MJ0011
CVE-2010-4331 EXPLOITDB text
Seopanel - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) default_news or (2) sponsors cookies, which are not properly handled by (a) controllers/index.ctrl.php or (b) controllers/settings.ctrl.php.
by Mark Stanislav
By Source
All 31,344 Writeup 60,355 Exploitdb 50,009 Nomisec 21,883 Metasploit 3,225 Github 2,722 Vulncheck_xdb 906 Inthewild 514 Gitlab 442 Gitee 415 Patchapalooza 312
By Language
text 31,344 python 6,037 ruby 5,914 c 3,575 perl 2,849 html 2,053 php 1,326 bash 460 java 364 c++ 251 javascript 220 shell 96 go 61 postscript 25 xml 24