Exploitdb Exploits

31,344 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-3355 EXPLOITDB text VERIFIED
Datetopia Buy Dating Site - XSS
Cross-site scripting (XSS) vulnerability in profile.php in Datetopia Buy Dating Site 1.0 allows remote attackers to inject arbitrary web script or HTML via the s_r parameter.
by Moudi
EIP-2026-113124 EXPLOITDB text
Visitors Google Map Lite 1.0.1 Free mod_visitorsgooglemap Module - SQL Injection
by Chip d3 bi0s
CVE-2010-4893 EXPLOITDB text VERIFIED
FestOS 2.3b - XSS
Cross-site scripting (XSS) vulnerability in foodvendors.php in FestOS 2.3b allows remote attackers to inject arbitrary web script or HTML via the category parameter in a details action.
by Abysssec
CVE-2010-3456 EXPLOITDB text VERIFIED
EnergyScripts Simple Download 1.0 - Path Traversal
Directory traversal vulnerability in download.php in EnergyScripts (ES) Simple Download 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
by Kazza
EIP-2026-104216 EXPLOITDB text
CS-Cart 1.3.3 - 'install.php' Cross-Site Scripting
by crmpays
EIP-2026-100562 EXPLOITDB text VERIFIED
SmarterTools SmarterStats 5.3.3819 - 'frmHelp.aspx' Cross-Site Scripting
by David Hoyt
EIP-2026-100109 EXPLOITDB text VERIFIED
aradblog - Multiple Vulnerabilities
by Abysssec
EIP-2026-100672 EXPLOITDB text
FreeBSD 8.1/7.3 - 'vm.pmap' Local Race Condition
by Maksymilian Arciemowicz
EIP-2026-100547 EXPLOITDB text VERIFIED
sirang web-based d-control - Multiple Vulnerabilities
by Abysssec
EIP-2026-119354 EXPLOITDB text VERIFIED
ColdOfficeView 2.04 - Multiple Blind SQL Injections
by mr_me
CVE-2010-4915 EXPLOITDB text VERIFIED
ColdGen ColdBookmarks 1.22 - SQL Injection
SQL injection vulnerability in index.cfm in ColdGen ColdBookmarks 1.22 allows remote attackers to execute arbitrary SQL commands via the BookmarkID parameter in an EditBookmark action.
by mr_me
CVE-2007-3162 EXPLOITDB text VERIFIED
Westbyte Internet Download Accelerator - Buffer Overflow
Buffer overflow in the NotSafe function in the idaiehlp ActiveX control in idaiehlp.dll 1.9.1.74 in Internet Download Accelerator (ida) 5.2 allows remote attackers to cause a denial of service (Internet Explorer crash) via a long argument.
by eidelweiss
CVE-2010-4906 EXPLOITDB text VERIFIED
Zenphoto <1.3.1.2 - SQL Injection
SQL injection vulnerability in zp-core/full-image.php in Zenphoto 1.3 and 1.3.1.2 allows remote attackers to execute arbitrary SQL commands via the a parameter. NOTE: some of these details are obtained from third party information.
by Bogdan Calin
CVE-2010-4907 EXPLOITDB text VERIFIED
Zenphoto 1.3 - XSS
Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenphoto 1.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter. NOTE: the from parameter is already covered by CVE-2009-4562.
by Bogdan Calin
EIP-2026-106609 EXPLOITDB text VERIFIED
dynpage 1.0 - Multiple Vulnerabilities
by Abysssec
CVE-2010-1093 EXPLOITDB text VERIFIED
1024 CMS 2.1.1 - SQL Injection
SQL injection vulnerability in rss.php in 1024 CMS 2.1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a vp action.
by Stephan Sattler
CVE-2010-3306 EXPLOITDB text VERIFIED
Weborf <0.12.3 - Path Traversal
Directory traversal vulnerability in the modURL function in instance.c in Weborf before 0.12.3 allows remote attackers to read arbitrary files via ..%2f sequences in a URI.
by Rew
EIP-2026-113730 EXPLOITDB text
WordPress Plugin Events Manager Extended - Persistent Cross-Site Scripting
by Craw
EIP-2026-111889 EXPLOITDB text VERIFIED
Santafox 2.0.2 - 'search' Cross-Site Scripting
by High-Tech Bridge SA
CVE-2010-4901 EXPLOITDB text VERIFIED
MySource Matrix 3.28.3 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in char_map.php in MySource Matrix 3.28.3 allow remote attackers to inject arbitrary web script or HTML via the (1) height or (2) width parameter.
by Gjoko Krstic
CVE-2010-4904 EXPLOITDB text VERIFIED
Joomla! com_aardvertiser 2.1-2.1.1 - SQL Injection
SQL injection vulnerability in the Aardvertiser (com_aardvertiser) component 2.1 and 2.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_name parameter in a view action to index.php. NOTE: some of these details are obtained from third party information.
by Stephan Sattler
EIP-2026-107884 EXPLOITDB text VERIFIED
InterPhoto Gallery - Multiple Vulnerabilities
by Abysssec
CVE-2010-3077 EXPLOITDB text VERIFIED
Horde Application Framework <3.3.9 - XSS
Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter.
by Moritz Naumann
EIP-2026-107573 EXPLOITDB text VERIFIED
HeffnerCMS 1.22 - 'index.php' Local File Inclusion
by MiND C0re
CVE-2010-4919 EXPLOITDB text VERIFIED
Micronetsoft RV Dealer Website 1.0 - SQL Injection
SQL injection vulnerability in detail.asp in Micronetsoft RV Dealer Website 1.0 allows remote attackers to execute arbitrary SQL commands via the vehicletypeID parameter.
by L0rd CrusAd3r
By Source
All 31,344 Writeup 60,396 Exploitdb 50,009 Nomisec 21,904 Metasploit 3,227 Github 2,744 Vulncheck_xdb 907 Inthewild 514 Gitlab 442 Gitee 415 Patchapalooza 312
By Language
text 31,344 python 6,041 ruby 5,916 c 3,577 perl 2,849 html 2,054 php 1,326 bash 460 java 364 c++ 251 javascript 220 shell 97 go 61 postscript 25 xml 24