Exploitdb Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-107549 EXPLOITDB text VERIFIED
Habari 0.6.5 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
EIP-2026-107230 EXPLOITDB text VERIFIED
FreeNAS 0.7.2.5543 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
by db.pub.mail
EIP-2026-103166 EXPLOITDB text VERIFIED
Mitel Audio and Web Conferencing (AWC) - Arbitrary Shell Command Injection
by Jan Fry
CVE-2010-1677 EXPLOITDB text VERIFIED
MHonArc 2.6.16 - Denial of Service via Nested Start Tags
MHonArc 2.6.16 allows remote attackers to cause a denial of service (CPU consumption) via start tags that are placed within other start tags, as demonstrated by a <bo<bo<bo<bo<body>dy>dy>dy>dy> sequence, a different vulnerability than CVE-2010-4524.
by anonymous
EIP-2026-112944 EXPLOITDB text VERIFIED
Vacation Rental Script 4.0 - Arbitrary File Upload
by Br0ly
EIP-2026-112297 EXPLOITDB text VERIFIED
Social Share - 'postid' SQL Injection
by Aliaksandr Hartsuyeu
EIP-2026-111369 EXPLOITDB text VERIFIED
plx Ad Trader 3.2 - Authentication Bypass
by R4dc0re
EIP-2026-110883 EXPLOITDB text
PHP-Nuke MaticMarket 2.02 - Local File Inclusion
by xer0x
CVE-2010-4843 EXPLOITDB text
PHP Web Scripts Ad Manager Pro 3.0 - SQL Injection
SQL injection vulnerability in website-page.php in PHP Web Scripts Ad Manager Pro 3.0 allows remote attackers to execute arbitrary SQL commands via the pageId parameter.
by R4dc0re
CVE-2010-4619 EXPLOITDB text VERIFIED
Mafya Oyun Scrpti - SQL Injection via profil.php id Parameter
SQL injection vulnerability in profil.php in Mafya Oyun Scrpti (aka Mafia Game Script) allows remote attackers to execute arbitrary SQL commands via the id parameter.
by DeadLy DeMon
CVE-2010-4617 EXPLOITDB text VERIFIED
JotLoader 2.2.1 - Path Traversal via Section Parameter
Directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.
by v3n0m
EIP-2026-107867 EXPLOITDB text VERIFIED
Inout Webmail Script - Persistent Cross-Site Scripting
by Sid3^effects
EIP-2026-100305 EXPLOITDB text
Elcom CommunityManager.NET - Authentication Bypass
by Sense of Security
EIP-2026-108695 EXPLOITDB text VERIFIED
Joomla! Component JE Auto - Local File Inclusion
by Sid3^effects
CVE-2010-4615 EXPLOITDB text VERIFIED
Oto Galeri Sistemi 1.0 - SQL Injection via arac or marka Parameter
Multiple SQL injection vulnerabilities in Oto Galeri Sistemi 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) arac parameter to carsdetail.asp and the (2) marka parameter to twohandscars.asp.
by DeadLy DeMon
EIP-2026-111943 EXPLOITDB text VERIFIED
SchuldnerBeratung - SQL Injection
by DeadLy DeMon
CVE-2010-4845 EXPLOITDB text VERIFIED
MH Products Projekt Shop - SQL Injection
Multiple SQL injection vulnerabilities in MH Products Projekt Shop allow remote attackers to execute arbitrary SQL commands via the (1) ts parameter to details.php and possibly the (2) ilceler parameter to index.php.
by DeadLy DeMon
CVE-2010-4846 EXPLOITDB text VERIFIED
MH Products Pay Pal Shop Digital - SQL Injection
SQL injection vulnerability in view_item.php in MH Products Pay Pal Shop Digital allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.
by DeadLy DeMon
EIP-2026-109376 EXPLOITDB text
MCFileManager Plugin for TinyMCE 3.2.2.3 - Arbitrary File Upload
by Vladimir Vorontsov
CVE-2010-4619 EXPLOITDB text VERIFIED
Mafya Oyun Scrpti - SQL Injection via profil.php id Parameter
SQL injection vulnerability in profil.php in Mafya Oyun Scrpti (aka Mafia Game Script) allows remote attackers to execute arbitrary SQL commands via the id parameter.
by DeadLy DeMon
CVE-2010-4614 EXPLOITDB text VERIFIED
Ero Auktion 2010 - SQL Injection via item.php id Parameter
SQL injection vulnerability in item.php in Ero Auktion 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2010-0723.
by DeadLy DeMon
CVE-2010-4842 EXPLOITDB text VERIFIED
MHP DownloadScript <2.2 - SQL Injection
SQL injection vulnerability in admin/login.php in MHP DownloadScript (aka MH Products Download Center) 2.2 allows remote attackers to execute arbitrary SQL commands via the Name parameter. NOTE: some of these details are obtained from third party information.
by DeadLy DeMon
EIP-2026-118251 EXPLOITDB text VERIFIED
Alt-N WebAdmin 3.3.3 - Remote Source Code Information Disclosure
by wsn1983
EIP-2026-118062 EXPLOITDB text
ViRobot Desktop 5.5 and Server 3.5 < 2008.8.1.1 - Local Privilege Escalation
by MJ0011
EIP-2026-117703 EXPLOITDB text
NProtect Anti-Virus 2007 < 2010.5.11.1 - Local Privilege Escalation
by MJ0011