Exploitdb Exploits

31,344 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-109352 EXPLOITDB text VERIFIED
Max's Guestbook - HTML Injection / Cross-Site Scripting
by MiND C0re
EIP-2026-107522 EXPLOITDB text VERIFIED
GuestBookPlus - HTML Injection / Bypass Comments Limit
by MiND C0re
EIP-2026-105797 EXPLOITDB text
CF Image Hosting Script 1.3.8 - Remote File Inclusion
by FoX HaCkEr
EIP-2026-115550 EXPLOITDB text VERIFIED
LeadTools ActiveX Raster Twain 16.5 - 'LtocxTwainu.dll' Buffer Overflow (PoC)
by LiquidWorm
CVE-2008-2094 EXPLOITDB text VERIFIED
Xoops Article Module - SQL Injection
SQL injection vulnerability in article.php in the Article module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter.
by []0iZy5
CVE-2010-3205 EXPLOITDB text
Textpattern CMS <4.2.0 - RCE
PHP remote file inclusion vulnerability in index.php in Textpattern CMS 4.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter.
by Sn!pEr.S!Te
CVE-2010-3207 EXPLOITDB text VERIFIED
GaleriaSHQIP 1.0 - SQL Injection
SQL injection vulnerability in index.php in GaleriaSHQIP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the album_id parameter. NOTE: some of these details are obtained from third party information.
by Valentin
CVE-2010-3206 EXPLOITDB text
diy-cms 1.0 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in DiY-CMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang parameter to modules/guestbook/blocks/control.block.php, (2) main_module parameter to index.php, and (3) getFile parameter to includes/general.functions.php.
by LoSt.HaCkEr
EIP-2026-105796 EXPLOITDB text VERIFIED
CF Image Hosting Script 1.3 - 'settings.cdb' Information Disclosure
by Dr.$audi
CVE-2010-3204 EXPLOITDB text
Pecio CMS 2.0.5 - RCE
Multiple PHP remote file inclusion vulnerabilities in Pecio CMS 2.0.5 allow remote attackers to execute arbitrary PHP code via a URL in the template parameter to (1) post.php, (2) article.php, (3) blog.php, or (4) home.php in pec_templates/nova-blue/.
by eidelweiss
CVE-2008-5841 EXPLOITDB text VERIFIED
iGaming <1.5 - SQL Injection
Multiple SQL injection vulnerabilities in iGaming 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the browse parameter to (1) previews.php and (2) reviews.php, and the (3) id parameter to index.php in a viewarticle action.
by Sweet
EIP-2026-106915 EXPLOITDB text
Esvon Classifieds 4.0 - Multiple Vulnerabilities
by Sn!pEr.S!Te
EIP-2026-100544 EXPLOITDB text VERIFIED
Shop Creator 4.0 - SQL Injection
by Pouya_Server
EIP-2026-112947 EXPLOITDB text VERIFIED
Valarsoft WebMatic 3.0.5 - Multiple HTML Injection Vulnerabilities
by High-Tech Bridge SA
EIP-2026-112571 EXPLOITDB text VERIFIED
TCMS - Multiple Input Validation Vulnerabilities
by High-Tech Bridge SA
EIP-2026-111547 EXPLOITDB text VERIFIED
Prometeo 1.0.65 - SQL Injection
by Lord Tittis3000
EIP-2026-110383 EXPLOITDB text
osCommerce Online Merchant - Remote File Inclusion
by LoSt.HaCkEr
CVE-2010-4878 EXPLOITDB text VERIFIED
Kontakt Formular 1.1 - RCE
PHP remote file inclusion vulnerability in formmailer.php in Kontakt Formular 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the script_pfad parameter.
by bd0rk
EIP-2026-108514 EXPLOITDB text
Joomla! Component com_remository - Arbitrary File Upload
by J3yk0ob
CVE-2010-4884 EXPLOITDB text VERIFIED
Gaestebuch 1.2 - RCE
PHP remote file inclusion vulnerability in guestbook/gbook.php in Gaestebuch 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the script_pfad parameter.
by bd0rk
EIP-2026-106114 EXPLOITDB text VERIFIED
CompuCMS - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
EIP-2026-105281 EXPLOITDB text VERIFIED
Atomic Photo Album 1.0.2 - Multiple Vulnerabilities
by sh00t0ut
CVE-2010-3073 EXPLOITDB text VERIFIED
EncFS <1.7.0 - Info Disclosure
SSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms.
by Micha Riser
CVE-2010-3129 EXPLOITDB text VERIFIED
uTorrent <2.0.3 - RCE
Untrusted search path vulnerability in uTorrent 2.0.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse plugin_dll.dll, userenv.dll, shfolder.dll, dnsapi.dll, dwmapi.dll, iphlpapi.dll, dhcpcsvc.dll, dhcpcsvc6.dll, or rpcrtremote.dll that is located in the same folder as a .torrent or .btsearch file.
by Dr_IDE
CVE-2010-3124 EXPLOITDB text
VLC Media Player <1.1.3 - RCE
Untrusted search path vulnerability in bin/winvlc.c in VLC Media Player 1.1.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located in the same folder as a .mp3 file.
by Secfence
By Source
All 31,344 Writeup 60,398 Exploitdb 50,009 Nomisec 21,907 Metasploit 3,227 Github 2,752 Vulncheck_xdb 907 Inthewild 514 Gitlab 442 Gitee 415 Patchapalooza 312
By Language
text 31,344 python 6,044 ruby 5,916 c 3,579 perl 2,849 html 2,054 php 1,326 bash 460 java 364 c++ 251 javascript 220 shell 97 go 61 postscript 25 xml 24