Exploitdb Exploits

31,344 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-1872 EXPLOITDB text VERIFIED
FlashCard 2.6.5 and 3.0.1 - Cross-Site Scripting via id Parameter
Cross-site scripting (XSS) vulnerability in cPlayer.php in FlashCard 2.6.5 and 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: some of these details are obtained from third party information.
by Valentin
CVE-2009-2439 EXPLOITDB text
Web Development House Alibaba Clone - SQL Injection
Multiple SQL injection vulnerabilities in Web Development House Alibaba Clone allow remote attackers to execute arbitrary SQL commands via the (1) IndustryID parameter to category.php and the (2) SellerID parameter to supplier/view_contact_details.php. NOTE: this is a product that was developed by a third party; it is not associated with alibaba.com or the Alibaba Group.
by spykit
CVE-2010-1431 EXPLOITDB text VERIFIED
Cacti < 0.8.7e - SQL Injection via Export Item ID Parameter
SQL injection vulnerability in templates_export.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the export_item_id parameter.
by Nahuel Grisolia
EIP-2026-105682 EXPLOITDB text VERIFIED
Cacti 0.8.7e - OS Command Injection
by Nahuel Grisolia
CVE-2010-1876 EXPLOITDB text VERIFIED
Ajsquare AJ Shopping Cart - SQL Injection
SQL injection vulnerability in index.php in AJ Shopping Cart 1.0 allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action.
by v3n0m
CVE-2009-2779 EXPLOITDB text VERIFIED
ajsquare aj_matrix_dna - SQL Injection via id Parameter in productdetail Action
SQL injection vulnerability in index.php in AJ Matrix DNA allows remote attackers to execute arbitrary SQL commands via the id parameter in a productdetail action.
by v3n0m
CVE-2010-1157 EXPLOITDB text VERIFIED
Apache Tomcat <6.0.26 - Info Disclosure
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
by Deniz Cevik
CVE-2010-1587 EXPLOITDB text VERIFIED
Apache ActiveMQ <5.3.2 and <5.4.0 - Info Disclosure
The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
by Veerendra G.G
EIP-2026-101307 EXPLOITDB text VERIFIED
Huawei EchoLife HG520 3.10.18.5-1.0.5.0 - Remote Information Disclosure
by hkm
CVE-2010-0356 EXPLOITDB text VERIFIED
Viscomsoft Movie Player Pro SDK Activex - Memory Corruption
Stack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 ActiveX control in MoviePlayer.ocx 6.8.0.0 in Viscom Software Movie Player Pro SDK ActiveX 6.8 allows remote attackers to execute arbitrary code via a long strFontName parameter to the DrawText method.
by shinnai
CVE-2010-1712 EXPLOITDB text VERIFIED
Webmobo WB News 2.3.3 - Cross-Site Scripting via Name and Message Parameters
Multiple cross-site scripting (XSS) vulnerabilities in base/Comments.php in Webmobo WB News 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and possibly (2) message parameters. NOTE: some of these details are obtained from third party information.
by ITSecTeam
EIP-2026-112941 EXPLOITDB text VERIFIED
v2marketplacescript Upload_images Script (-7777) - Arbitrary File Upload
by cyberlog
EIP-2026-109129 EXPLOITDB text VERIFIED
LightNEasy 3.1.x - Multiple Vulnerabilities
by ITSecTeam
CVE-2010-1607 EXPLOITDB text VERIFIED
Paysyspro Com Wmi - Path Traversal
Directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi) component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
by wishnusakti + inc0mp13te
CVE-2010-1878 EXPLOITDB text VERIFIED
Blueflyingfish.no-ip Com Orgchart - Path Traversal
Directory traversal vulnerability in the OrgChart (com_orgchart) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
by AntiSecurity
CVE-2010-1491 EXPLOITDB text VERIFIED
MMS Blog (com_mmsblog) 2.3.0 - Path Traversal
Directory traversal vulnerability in the MMS Blog (com_mmsblog) component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
by AntiSecurity
EIP-2026-108490 EXPLOITDB text
Joomla! Component com_portfolio - Local File Disclosure
by Mr.tro0oqy
EIP-2026-106666 EXPLOITDB text VERIFIED
e107 CMS 0.7.19 - Cross-Site Request Forgery
by High-Tech Bridge SA
EIP-2026-106658 EXPLOITDB text VERIFIED
e107 0.7.x - '/e107_admin/banner.php' SQL Injection
by High-Tech Bridge SA
EIP-2026-106376 EXPLOITDB text VERIFIED
DBSite wb CMS - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
by The_Exploited
CVE-2010-0432 EXPLOITDB text VERIFIED
Apache OFBiz < 09.04 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
by Lucas Apa
CVE-2010-1486 EXPLOITDB text VERIFIED
CactuShop < 6.155 - Stored Cross-Site Scripting via Billing or Shipping Address
Multiple cross-site scripting (XSS) vulnerabilities in _invoice.asp in CactuShop before 6.155 allow remote attackers to inject arbitrary web script or HTML via the (1) billing address or (2) shipping address.
by 7Safe
CVE-2010-1949 EXPLOITDB text VERIFIED
Emultisoft Com Jnewspaper - SQL Injection
SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php. NOTE: some of these details are obtained from third party information.
by Don Tukulesto
CVE-2010-1946 EXPLOITDB text VERIFIED
Openmairie Openregistrecil - Code Injection
Multiple PHP remote file inclusion vulnerabilities in openMairie Openregistrecil 1.02, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) autorisation_normale.class.php, (2) collectivite.class.php, (3) dossier.class.php, (4) norme_simplifiee.class.php, (5) registre.class.php, (6) autorisation_unique.class.php, (7) demande_avis.class.php, (8) droit.class.php, (9) organisme.class.php, (10) service.class.php, (11) categorie_donnee.class.php, (12) destinataire.class.php, (13) profil.class.php, (14) tabdyn_visu.class.php, (15) categorie_personne.class.php, (16) dispense.class.php, (17) modificatif.class.php, (18) reference.class.php, and (19) utilisateur.class.php in obj/.
by cr4wl3r
EIP-2026-118931 EXPLOITDB text VERIFIED
Multi-Threaded HTTP Server 1.1 - Source Disclosure
by Dr_IDE
By Source
All 31,344 Writeup 60,470 Exploitdb 50,009 Nomisec 21,927 Metasploit 3,232 Github 2,872 Vulncheck_xdb 908 Inthewild 514 Gitlab 443 Gitee 415 Patchapalooza 312
By Language
text 31,344 python 6,139 ruby 5,921 c 3,586 perl 2,849 html 2,054 php 1,327 bash 460 java 364 c++ 251 javascript 220 shell 98 go 64 postscript 25 xml 24