Exploitdb Exploits

31,344 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-4940 EXPLOITDB text VERIFIED
WAnewsletter 2.1.2 - SQL Injection
SQL injection vulnerability in index.php in WAnewsletter 2.1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by BrOx-Dz
EIP-2026-110414 EXPLOITDB text VERIFIED
OvBB 0.16a - Multiple Local File Inclusions
by cOndemned
EIP-2026-110328 EXPLOITDB text VERIFIED
OpenText LiveLink 9.7.1 - Multiple Cross-Site Scripting Vulnerabilities
by Alejandro Ramos
CVE-2010-4933 EXPLOITDB text
Geeklog 1.3.8 - SQL Injection
SQL injection vulnerability in filemgmt/singlefile.php in Geeklog 1.3.8 allows remote attackers to execute arbitrary SQL commands via the lid parameter.
by Gamoscu
EIP-2026-112205 EXPLOITDB text VERIFIED
Skybluecanvas 1.1-r248 - Cross-Site Request Forgery
by Sweet
CVE-2010-4926 EXPLOITDB text VERIFIED
TimeTrack <1.2.4 - SQL Injection
SQL injection vulnerability in the TimeTrack (com_timetrack) component 1.2.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ct_id parameter in a timetrack action to index.php.
by Salvatore Fresta
CVE-2010-4929 EXPLOITDB text VERIFIED
Joostina (com_ezautos) - SQL Injection
SQL injection vulnerability in the Joostina (com_ezautos) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the firstCode parameter in a helpers action to index.php.
by Gamoscu
EIP-2026-105633 EXPLOITDB text
BSI Hotel Booking System Admin 1.4/2.0 - Authentication Bypass
by K-159
EIP-2026-100337 EXPLOITDB text VERIFIED
gausCMS - Multiple Vulnerabilities
by Abysssec
EIP-2026-119154 EXPLOITDB text VERIFIED
Softek Barcode Reader Toolkit ActiveX 7.1.4.14 - 'SoftekATL.dll' Remote Buffer Overflow
by LiquidWorm
CVE-2010-1248 EXPLOITDB text VERIFIED
Microsoft Office Excel <2004 - Buffer Overflow
Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability."
by Abysssec
CVE-2010-3608 EXPLOITDB text VERIFIED
Wire Plastic Design Wpquiz - SQL Injection
Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) password (pw) parameters to (a) admin.php or (b) user.php.
by KnocKout
CVE-2010-3601 EXPLOITDB text VERIFIED
Invisionpower Ibphotohost - SQL Injection
SQL injection vulnerability in index.php in ibPhotohost 1.1.2 allows remote attackers to execute arbitrary SQL commands via the img parameter.
by fred777
CVE-2010-4930 EXPLOITDB text VERIFIED
@mail <6.2.0 - XSS
Cross-site scripting (XSS) vulnerability in index.php in @mail Webmail before 6.2.0 allows remote attackers to inject arbitrary web script or HTML via the MailType parameter in a mail/auth/processlogin action.
by Vicente Aguilera Diaz
EIP-2026-103884 EXPLOITDB text VERIFIED
CollabNet Subversion Edge Log Parser - HTML Injection
by Sumit Kumar Soni
EIP-2026-100482 EXPLOITDB text VERIFIED
Personal.Net Portal - Multiple Vulnerabilities
by Abysssec
CVE-2010-3484 EXPLOITDB text VERIFIED
LightNEasy 3.2.1 - SQL Injection
SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the handle parameter to LightNEasy.php, a different vector than CVE-2008-6593.
by Solidmedia
CVE-2010-3482 EXPLOITDB text
Primitive CMS 1.0.9 - SQL Injection
Multiple SQL injection vulnerabilities in cms_write.php in Primitive CMS 1.0.9 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) title and (2) menutitle parameters. NOTE: this can be leveraged with CVE-2010-3483 to conduct attacks without authentication.
by Stephan Sattler
EIP-2026-115640 EXPLOITDB text VERIFIED
Microsoft DRM Technology - 'msnetobj.dll' ActiveX Multiple Vulnerabilities
by Asheesh kumar Mani Tripathi
CVE-2010-3483 EXPLOITDB text
Primitive CMS 1.0.9 - Privilege Escalation
cms_write.php in Primitive CMS 1.0.9 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request. NOTE: this vulnerability can be leveraged to conduct cross-site scripting attacks, as demonstrated using the (1) title, (2) content, and (3) menutitle parameters.
by Stephan Sattler
CVE-2010-4752 EXPLOITDB text VERIFIED
LightNEasy 3.2.1 - SQL Injection
SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter, a different vector than CVE-2008-6593, CVE-2010-3484, and CVE-2010-3485. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Solidmedia
EIP-2026-102726 EXPLOITDB text
RarCrack 0.2 - 'Filename init() .bss' (PoC)
by Stoke
CVE-2010-3486 EXPLOITDB text VERIFIED
SmarterMail 7.1.3876 - Path Traversal
Directory traversal vulnerability in FileStorageUpload.ashx in SmarterMail 7.1.3876 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash), (2) %5C (encoded backslash), or (3) %255c (double-encoded backslash) in the name parameter.
by sqlhacker
EIP-2026-110264 EXPLOITDB text VERIFIED
Opencart 1.4.9.1 - Arbitrary File Upload
by Net.Edit0r
EIP-2026-107052 EXPLOITDB text
Fashione E-Commerce Webshop - Multiple SQL Injections
by secret
By Source
All 31,344 Writeup 60,396 Exploitdb 50,009 Nomisec 21,904 Metasploit 3,227 Github 2,744 Vulncheck_xdb 907 Inthewild 514 Gitlab 442 Gitee 415 Patchapalooza 312
By Language
text 31,344 python 6,041 ruby 5,916 c 3,577 perl 2,849 html 2,054 php 1,326 bash 460 java 364 c++ 251 javascript 220 shell 97 go 61 postscript 25 xml 24