Exploitdb Exploits

31,344 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-106922 EXPLOITDB text VERIFIED
etomite 1.1 - Multiple Vulnerabilities
by High-Tech Bridge SA
EIP-2026-106140 EXPLOITDB text VERIFIED
Contenido CMS 4.8.12 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
EIP-2026-106139 EXPLOITDB text
Contenido CMS 4.8.12 - Cross-Site Scripting
by High-Tech Bridge SA
CVE-2010-4782 EXPLOITDB text VERIFIED
Softwebs Nepal Ananda Real Estate 3.4 - SQL Injection
Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) city, (2) state, (3) country, (4) minprice, (5) maxprice, (6) bed, and (7) bath parameters, different vectors than CVE-2006-6807.
by underground-stockholm.com
CVE-2010-3266 EXPLOITDB text VERIFIED
BugTracker.NET <3.4.5 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the pcd parameter to edit_bug.aspx, (2) the bug_id parameter to edit_comment.aspx, (3) the id parameter to edit_user_permissions2.aspx, or (4) the default_name parameter to edit_customfield.aspx. NOTE: some of these details are obtained from third party information.
by Core Security
EIP-2026-110388 EXPLOITDB text
OsCSS 1.2 - Arbitrary File Upload
by Shichemt Alen
CVE-2010-4406 EXPLOITDB text VERIFIED
Brunetton Littlephpgallery - Path Traversal
Directory traversal vulnerability in gallery.php in Brunetton LittlePhpGallery 1.0.2, when magic_quotes_gpc is disabled, allows remote attackers to list, include, and execute arbitrary local files via a ..// (dot dot slash slash) in the repertoire parameter.
by kire bozorge khavarmian
EIP-2026-106454 EXPLOITDB text
Digitalus 1.10.0 Alpha2 - Arbitrary File Upload
by eidelweiss
CVE-2010-4849 EXPLOITDB text VERIFIED
Alibaba Clone B2B 3.4 - SQL Injection
SQL injection vulnerability in countrydetails.php in Alibaba Clone B2B 3.4 allows remote attackers to execute arbitrary SQL commands via the es_id parameter.
by Dr.0rYX & Cr3W-DZ
CVE-2010-3267 EXPLOITDB text VERIFIED
BugTracker.NET <3.4.5 - SQL Injection
Multiple SQL injection vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the qu_id parameter to bugs.aspx, (2) the row_id parameter to delete_query.aspx, the (3) new_project or (4) us_id parameter to edit_bug.aspx, or (5) the bug_list parameter to massedit.aspx. NOTE: some of these details are obtained from third party information.
by Core Security
CVE-2010-4282 EXPLOITDB text
Artica Pandora Fms < 3.1 - Path Traversal
Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora_help.php, and allow remote attackers to include and execute, create, modify, or delete arbitrary local files via (3) the layout parameter to operation/agentes/networkmap.php.
by Juan Galiana Lara
CVE-2010-4281 EXPLOITDB text
Artica Pandora Fms < 3.1 - Code Injection
Incomplete blacklist vulnerability in the safe_url_extraclean function in ajax.php in Pandora FMS before 3.1.1 allows remote attackers to execute arbitrary PHP code by using a page parameter containing a UNC share pathname, which bypasses the check for the : (colon) character.
by Juan Galiana Lara
CVE-2010-4851 EXPLOITDB text VERIFIED
Eclime 1.1.2b - SQL Injection
Multiple SQL injection vulnerabilities in Eclime 1.1.2b allow remote attackers to execute arbitrary SQL commands via the (1) ref or (2) poll_id parameter to index.php, or the (3) country parameter to create_account.php.
by High-Tech Bridge SA
CVE-2010-4780 EXPLOITDB text VERIFIED
Enano CMS <1.1.8-1.0.6pl3 - SQL Injection
SQL injection vulnerability in the check_banlist function in includes/sessions.php in Enano CMS 1.1.7pl1; 1.0.6pl2; and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2 allows remote attackers to execute arbitrary SQL commands via the email parameter to index.php. NOTE: some of these details are obtained from third party information.
by High-Tech Bridge SA
CVE-2010-4400 EXPLOITDB text
Dynpg - SQL Injection
SQL injection vulnerability in _rights.php in DynPG CMS 4.2.0 allows remote attackers to execute arbitrary SQL commands via the giveRights_UserId parameter.
by High-Tech Bridge SA
CVE-2010-4399 EXPLOITDB text
Dynpg - Path Traversal
Directory traversal vulnerability in languages.inc.php in DynPG CMS 4.1.1 and 4.2.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the CHG_DYNPG_SET_LANGUAGE parameter to index.php. NOTE: some of these details are obtained from third party information.
by High-Tech Bridge SA
CVE-2010-4280 EXPLOITDB text
Artica Pandora Fms < 3.1 - SQL Injection
Multiple SQL injection vulnerabilities in Pandora FMS before 3.1.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the id_group parameter in an operation/agentes/ver_agente action to ajax.php or (2) the group_id parameter in an operation/agentes/estado_agente action to index.php, related to operation/agentes/estado_agente.php.
by Juan Galiana Lara
CVE-2010-4278 EXPLOITDB text VERIFIED
Artica Pandora Fms < 3.1 - OS Command Injection
operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the layout parameter in an operation/agentes/networkmap action to index.php.
by Juan Galiana Lara
CVE-2010-4283 EXPLOITDB text
Artica Pandora Fms < 3.1 - Code Injection
PHP remote file inclusion vulnerability in extras/pandora_diag.php in Pandora FMS before 3.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the argv[1] parameter.
by Juan Galiana Lara
CVE-2010-4280 EXPLOITDB text
Artica Pandora Fms < 3.1 - SQL Injection
Multiple SQL injection vulnerabilities in Pandora FMS before 3.1.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the id_group parameter in an operation/agentes/ver_agente action to ajax.php or (2) the group_id parameter in an operation/agentes/estado_agente action to index.php, related to operation/agentes/estado_agente.php.
by Juan Galiana Lara
CVE-2010-4279 EXPLOITDB text VERIFIED
Artica Pandora Fms < 3.1 - Authentication Bypass
The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which allows remote attackers to bypass authentication by sending a request to index.php with "admin" in the loginhash_user parameter, in conjunction with the md5 hash of "admin" in the loginhash_data parameter.
by Juan Galiana Lara
CVE-2010-4313 EXPLOITDB text
Novo-ws Orbis Cms - Unrestricted File Upload
Unrestricted file upload vulnerability in fileman_file_upload.php in Orbis CMS 1.0.2 allows remote authenticated users to execute arbitrary code by uploading a .php file, and then accessing it via a direct request to the file in uploads/.
by Mark Stanislav
EIP-2026-109156 EXPLOITDB text
Link Protect 1.2 - Persistent Cross-Site Scripting
by Shichemt Alen
EIP-2026-108556 EXPLOITDB text VERIFIED
Joomla! Component com_storedirectory - 'id' SQL Injection
by XroGuE
EIP-2026-108231 EXPLOITDB text VERIFIED
Joomla! Component Catalogue - SQL Injection / Local File Inclusion
by XroGuE
By Source
All 31,344 Writeup 60,382 Exploitdb 50,009 Nomisec 21,890 Metasploit 3,227 Github 2,735 Vulncheck_xdb 907 Inthewild 514 Gitlab 442 Gitee 415 Patchapalooza 312
By Language
text 31,344 python 6,038 ruby 5,916 c 3,576 perl 2,849 html 2,053 php 1,326 bash 460 java 364 c++ 251 javascript 220 shell 96 go 61 postscript 25 xml 24