Exploitdb Exploits

31,344 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-105967 EXPLOITDB text VERIFIED
CMS Firebrand Tec - Local File Inclusion
by R3VAN_BASTARD
EIP-2026-105927 EXPLOITDB text VERIFIED
clipak - Arbitrary File Upload
by indoushka
CVE-2010-1586 EXPLOITDB text VERIFIED
HP SMH 2.x.x.x - Open Redirect
Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter.
by Aung Khant
CVE-2006-0888 EXPLOITDB text
Invision Power Services Invision Power Board - Denial of Service
index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation disabled, allows remote attackers to cause an unspecified denial of service by registering a large number of users.
by SeeMe
CVE-2010-1945 EXPLOITDB text VERIFIED
Openmairie Openfoncier - Code Injection
Multiple PHP remote file inclusion vulnerabilities in openMairie Openfoncier 2.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) action.class.php, (2) architecte.class.php, (3) avis.class.php, (4) bible.class.php, and (5) blocnote.class.php in obj/.
by cr4wl3r
CVE-2010-1928 EXPLOITDB text VERIFIED
Openmairie Openplanning - Path Traversal
Directory traversal vulnerability in scr/soustab.php in openMairie openPlanning 1.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.
by cr4wl3r
CVE-2010-1604 EXPLOITDB text VERIFIED
Ncrypted Nct Jobs Portal Script - SQL Injection
Multiple SQL injection vulnerabilities in admin_login.php in NCT Jobs Portal Script allow remote attackers to execute arbitrary SQL commands via the (1) user parameter (aka login field) and (2) passwd parameter (aka password field). NOTE: some of these details are obtained from third party information.
by Sid3^effects
CVE-2010-1702 EXPLOITDB text
WHMCS 4.2 - SQL Injection via submitticket.php deptid Parameter
SQL injection vulnerability in submitticket.php in WHMCompleteSolution (WHMCS) 4.2 allows remote attackers to execute arbitrary SQL commands via the deptid parameter.
by Islam DefenDers
EIP-2026-112005 EXPLOITDB text VERIFIED
Sethi Family Guestbook 3.1.8 - Cross-Site Scripting
by Valentin
EIP-2026-111449 EXPLOITDB text VERIFIED
PowerEasy 2006 - 'ComeUrl' Cross-Site Scripting
by Liscker
CVE-2010-1935 EXPLOITDB text VERIFIED
Openmairie Openpresse - Path Traversal
Directory traversal vulnerability in scr/soustab.php in openMairie Openpresse 1.01, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.
by cr4wl3r
CVE-2010-1934 EXPLOITDB text VERIFIED
Openmairie Openplanning - Code Injection
Multiple PHP remote file inclusion vulnerabilities in openMairie openPlanning 1.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) categorie.class.php, (2) profil.class.php, (3) collectivite.class.php, (4) ressource.class.php, (5) droit.class.php, (6) utilisateur.class.php, and (7) planning.class.php in obj/.
by cr4wl3r
CVE-2010-1948 EXPLOITDB text VERIFIED
Openmairie Openfoncier - Path Traversal
Directory traversal vulnerability in scr/soustab.php in openMairie Openfoncier 2.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.
by cr4wl3r
CVE-2010-1606 EXPLOITDB text VERIFIED
Ncrypted Nct Jobs Portal Script - XSS
Multiple cross-site scripting (XSS) vulnerabilities in NCT Jobs Portal Script allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) Keywords, (3) Tags, or (4) Desired City field.
by Sid3^effects
CVE-2007-2826 EXPLOITDB text
Madirish Webmail 2.0 - Remote Code Execution via GLOBALS[basedir] Parameter
PHP remote file inclusion vulnerability in lib/addressbook.php in Madirish Webmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter.
by eidelweiss
EIP-2026-107323 EXPLOITDB text
G5 Scripts Guestbook PHP 1.2.8 - Cross-Site Scripting
by Valentin
CVE-2007-4085 EXPLOITDB text VERIFIED
AlstraSoft AskMe Pro - SQL Injection
Multiple SQL injection vulnerabilities in AlstraSoft AskMe Pro allow remote attackers to execute arbitrary SQL commands via the (1) que_id parameter to forum_answer.php or (2) the cat_id parameter to search.php.
by v3n0m
EIP-2026-109414 EXPLOITDB text VERIFIED
Memorial Web Site Script - Reset Password / Insecure Cookie Handling
by Chip d3 bi0s
EIP-2026-109413 EXPLOITDB text VERIFIED
Memorial Web Site Script - Multiple Arbitrary Delete Vulnerabilities
by Chip d3 bi0s
EIP-2026-109412 EXPLOITDB text VERIFIED
memorial Web site script - 'id' SQL Injection
by v3n0m
EIP-2026-109063 EXPLOITDB text VERIFIED
lanewsfactory - Multiple Vulnerabilities
by Salvatore Fresta
EIP-2026-107820 EXPLOITDB text VERIFIED
In-portal 5.0.3 - Arbitrary File Upload
by eidelweiss
EIP-2026-106897 EXPLOITDB text VERIFIED
EPay Enterprise 4.13 - 'cid' SQL Injection
by v3n0m
EIP-2026-115210 EXPLOITDB text VERIFIED
EDraw Flowchart ActiveX Control 2.3 - 'EDImage.ocx' Remote Denial of Service (IE)
by LiquidWorm
CVE-2008-6848 EXPLOITDB text VERIFIED
phpGreetCards 3.7 - Cross-Site Scripting via Category Parameter
Cross-site scripting (XSS) vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to inject arbitrary web script or HTML via the category parameter in a select action.
by Valentin
By Source
All 31,344 Writeup 60,470 Exploitdb 50,009 Nomisec 21,927 Metasploit 3,232 Github 2,872 Vulncheck_xdb 908 Inthewild 514 Gitlab 443 Gitee 415 Patchapalooza 312
By Language
text 31,344 python 6,139 ruby 5,921 c 3,586 perl 2,849 html 2,054 php 1,327 bash 460 java 364 c++ 251 javascript 220 shell 98 go 64 postscript 25 xml 24