Exploitdb Exploits

31,344 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-112356 EXPLOITDB text VERIFIED
Sourcefabric Campsite - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
EIP-2026-113405 EXPLOITDB text VERIFIED
Whizzy CMS 10.02 - Local File Inclusion
by Anarchy Angel
EIP-2026-108543 EXPLOITDB text VERIFIED
Joomla! Component com_SimpleShop - SQL Injection
by UnD3rGr0unD W4rri0rZ
EIP-2026-108475 EXPLOITDB text VERIFIED
Joomla! Component com_pbbooking 1.0.4_3 - Multiple Blind SQL Injections
by Salvatore Fresta
EIP-2026-108276 EXPLOITDB text VERIFIED
Joomla! Component com_beamospetition - SQL Injection
by Forza-Dz
EIP-2026-118196 EXPLOITDB text
Zemana AntiLogger 'AntiLog32.sys' 1.5.2.755 - Local Privilege Escalation
by th_decoder
EIP-2026-112388 EXPLOITDB text VERIFIED
SPIP 2.1 - 'var_login' Cross-Site Scripting
by dotsafe.fr
EIP-2026-109975 EXPLOITDB text
nuBuilder - Remote File Inclusion
by Ahlspiess
EIP-2026-108482 EXPLOITDB text VERIFIED
Joomla! Component com_photomapgallery 1.6.0 - Multiple Blind SQL Injections
by Salvatore Fresta
EIP-2026-105791 EXPLOITDB text VERIFIED
Cetera eCommerce - Multiple SQL Injections
by MustLive
EIP-2026-105789 EXPLOITDB text VERIFIED
Cetera eCommerce - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
by MustLive
CVE-2010-2933 EXPLOITDB text
AV Scripts AV Arcade 3 - SQL Injection
SQL injection vulnerability in AV Scripts AV Arcade 3 allows remote attackers to execute arbitrary SQL commands via the ava_code cookie to the "main page," related to index.php and the login task.
by saudi0hacker
CVE-2010-2785 EXPLOITDB text VERIFIED
KVIrc 3.x-4.x - RCE
The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \r and \40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452.
by unic0rn
EIP-2026-102488 EXPLOITDB text VERIFIED
Jira 4.0.1 - Cross-Site Scripting / Information Disclosure
by MaXe
EIP-2026-112291 EXPLOITDB text VERIFIED
Social Media - 'index.php' Local File Inclusion
by Harri Johansson
CVE-2010-2850 EXPLOITDB text VERIFIED
nubuilder <10.07.12 - Path Traversal
Directory traversal vulnerability in productionnu2/fileuploader.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dir parameter.
by John Leitch
CVE-2010-2909 EXPLOITDB text VERIFIED
Joomla! com_ttvideo 1.0 - SQL Injection
SQL injection vulnerability in ttvideo.php in the TTVideo (com_ttvideo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a video action to index.php.
by Salvatore Fresta
EIP-2026-108267 EXPLOITDB text VERIFIED
Joomla! Component com_appointinator 1.0.1 - Multiple Vulnerabilities
by Salvatore Fresta
CVE-2009-4939 EXPLOITDB text VERIFIED
Impactsoftcompany Adpeeps - XSS
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AdPeeps 8.5d1 allow remote attackers to inject arbitrary web script or HTML via the (1) uid parameter, (2) uid parameter in a login_lookup action, (3) uid parameter in an adminlogin action, (4) campaignid parameter in a createcampaign action, (5) type parameter in a view_account_stats action, (6) period parameter in a view_account_stats action, (7) uid parameter in a view_adrates action, (8) accname parameter in an account_confirmation action, (9) loginpass parameter in an account_confirmation action, (10) e9 parameter in a setup_account action, (11) from parameter in an email_advertisers action, (12) message parameter in an email_advertisers action, (13) idno parameter in an edit_ad_package action, (14) Advertiser Name field, (15) First Name field, (16) Last Name field, (17) Address field, (18) Phone Number field, (19) Password Hint field, or (20) URL field; and (21) allow remote authenticated users to inject arbitrary web script or HTML via an unspecified form associated with a view_adrates action.
by Matt
EIP-2026-115597 EXPLOITDB text VERIFIED
Media Player Classic - Heap Overflow / Denial of Service
by Praveen Darshanam
CVE-2010-2918 EXPLOITDB text VERIFIED
Visites (com_joomla-visites) 1.1 RC2 - Remote Code Execution via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
by Li0n-PaL
CVE-2010-4949 EXPLOITDB text VERIFIED
Joomla! <2.1.2, FreiChat/FreiChatPure - XSS
Cross-site scripting (XSS) vulnerability in the (1) FreiChat component before 2.1.2 for Joomla! and the (2) FreiChatPure component before 1.2.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML by entering it in an unspecified window.
by nag_sunny
CVE-2010-2925 EXPLOITDB text VERIFIED
Freeway CMS <1.4.3.210 - SQL Injection
SQL injection vulnerability in index.php in Freeway CMS 1.4.3.210 allows remote attackers to execute arbitrary SQL commands via the ecPath parameter.
by **RoAd_KiLlEr**
CVE-2008-7258 EXPLOITDB text VERIFIED
Anibal Monsalve Salazar sSMTP 2.61-2.62 - DoS
The standardise function in Anibal Monsalve Salazar sSMTP 2.61 and 2.62 allows local users to cause a denial of service (application exit) via an e-mail message containing a long line that begins with a . (dot) character. NOTE: CVE disputes this issue because it is solely a usability problem for senders of messages with certain long lines, and has no security impact
by Brendan Boerner
EIP-2026-114406 EXPLOITDB text VERIFIED
XAOS CMS - SQL Injection
by H-SK33PY
By Source
All 31,344 Writeup 60,406 Exploitdb 50,009 Nomisec 21,913 Metasploit 3,229 Github 2,761 Vulncheck_xdb 907 Inthewild 514 Gitlab 443 Gitee 415 Patchapalooza 312
By Language
text 31,344 python 6,046 ruby 5,918 c 3,579 perl 2,849 html 2,054 php 1,327 bash 460 java 364 c++ 251 javascript 220 shell 98 go 61 postscript 25 xml 24