Exploitdb Exploits

31,344 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-5012 EXPLOITDB text
DaLogin <2.2.5 - SQL Injection
SQL injection vulnerability in new.php in DaLogin 2.2 and 2.2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
by hc0
CVE-2010-4998 EXPLOITDB text
ardeaCore PHP Framework <2.2 - RCE
PHP remote file inclusion vulnerability in ardeaCore/lib/core/ardeaInit.php in ardeaCore PHP Framework 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the pathForArdeaCore parameter. NOTE: some of these details are obtained from third party information.
by cr4wl3r
CVE-2010-2436 EXPLOITDB text VERIFIED
Anecms Blog < 1.3 - SQL Injection
SQL injection vulnerability in modules/blog/index.php in AneCMS Blog 1.3 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO.
by High-Tech Bridge SA
CVE-2010-2437 EXPLOITDB text VERIFIED
Anecms Blog < 1.3 - XSS
Cross-site scripting (XSS) vulnerability in class/tools.class.php in AneCMS Blog 1.3 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the comment variable to modules/blog/index.php.
by High-Tech Bridge SA
EIP-2026-101076 EXPLOITDB text
Savy Soda Documents - Mobile Office Suite '.XLS' Denial of Service
by Matthew Bergin
EIP-2026-101060 EXPLOITDB text
Office^2 iPhone - '.XLS' Denial of Service
by Matthew Bergin
EIP-2026-101018 EXPLOITDB text VERIFIED
GoodiWare GoodReader iPhone - '.XLS' Denial of Service
by Matthew Bergin
CVE-2010-5010 EXPLOITDB text VERIFIED
SchoolMation 2.3 - XSS
Cross-site scripting (XSS) vulnerability in schoolmv2/html/studentmain.php in SchoolMation 2.3 allows remote attackers to inject arbitrary web script or HTML via the session parameter.
by Sid3^effects
CVE-2010-1885 EXPLOITDB text VERIFIED
Microsoft Windows 2003 Server - OS Command Injection
The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."
by Tavis Ormandy
CVE-2010-2265 EXPLOITDB text VERIFIED
Microsoft Windows 2003 Server - XSS
Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction.
by Tavis Ormandy
CVE-2010-5011 EXPLOITDB text VERIFIED
SchoolMation 2.3 - SQL Injection
SQL injection vulnerability in schoolmv2/html/studentmain.php in SchoolMation 2.3 allows remote attackers to execute arbitrary SQL commands via the session parameter.
by Sid3^effects
EIP-2026-109491 EXPLOITDB text VERIFIED
Miniweb 2.0 Business Portal and Social Networking Platform - SQL Injection
by L0rd CrusAd3r
CVE-2010-2340 EXPLOITDB text VERIFIED
Arabportal Arab Portal - SQL Injection
SQL injection vulnerability in members.php in Arab Portal 2.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the by parameter in the msearch action.
by SwEET-DeViL
EIP-2026-100472 EXPLOITDB text VERIFIED
Pars Design CMS - Arbitrary File Upload
by Securitylab.ir
CVE-2010-5026 EXPLOITDB text VERIFIED
Science Fair In A Box <2.0.6, 2.2.0 - SQL Injection
SQL injection vulnerability in winners.php in Science Fair In A Box (SFIAB) 2.0.6 and 2.2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter. NOTE: some of these details are obtained from third party information.
by L0rd CrusAd3r
CVE-2010-2354 EXPLOITDB text VERIFIED
Pilotgroup Elms Pro - SQL Injection
SQL injection vulnerability in subscribe.php in Pilot Group (PG) eLMS Pro allows remote attackers to execute arbitrary SQL commands via the course_id parameter.
by Sid3^effects
EIP-2026-116720 EXPLOITDB text
ActivePerl 5.8.8.817 - Local Buffer Overflow
by PoisonCode
CVE-2010-5027 EXPLOITDB text VERIFIED
Science Fair In A Box <2.0.6, 2.2.0 - XSS
Cross-site scripting (XSS) vulnerability in winners.php in Science Fair In A Box (SFIAB) 2.0.6 and 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the type parameter. NOTE: some of these details are obtained from third party information.
by L0rd CrusAd3r
EIP-2026-110912 EXPLOITDB text
PHPAccess - SQL Injection
by L0rd CrusAd3r
CVE-2010-2357 EXPLOITDB text VERIFIED
Eicrasoft Eicra Realestate Script - SQL Injection
SQL injection vulnerability in index.php in Eicra Realestate Script 1.0 and 1.6.0 allows remote attackers to execute arbitrary SQL commands via the p_id parameter. NOTE: some of these details are obtained from third party information.
by L0rd CrusAd3r
EIP-2026-110745 EXPLOITDB text VERIFIED
PHP Property Rental Script - SQL Injection / Cross-Site Scripting
by L0rd CrusAd3r
EIP-2026-110573 EXPLOITDB text VERIFIED
PGAUTOPro - SQL Injection / Cross-Site Scripting (2)
by Sid3^effects
EIP-2026-110572 EXPLOITDB text VERIFIED
PGAUTOPro - SQL Injection / Cross-Site Scripting (1)
by Sid3^effects
EIP-2026-108420 EXPLOITDB text
Joomla! Component com_jtickets - SQL Injection
by Sid3^effects
EIP-2026-108419 EXPLOITDB text
Joomla! Component com_jsubscription - SQL Injection
by Sid3^effects
By Source
All 31,344 Writeup 60,430 Exploitdb 50,009 Nomisec 21,921 Metasploit 3,230 Github 2,773 Vulncheck_xdb 907 Inthewild 514 Gitlab 443 Gitee 415 Patchapalooza 312
By Language
text 31,344 python 6,051 ruby 5,919 c 3,584 perl 2,849 html 2,054 php 1,327 bash 460 java 364 c++ 251 javascript 220 shell 98 go 61 postscript 25 xml 24