Exploitdb Exploits

31,344 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-1602 EXPLOITDB text VERIFIED
Zimbllc Com Zimbcomment - Path Traversal
Directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
by AntiSecurity
CVE-2010-1495 EXPLOITDB text VERIFIED
Matamko com_matamko 1.01 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the Matamko (com_matamko) component 1.01 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
by AntiSecurity
CVE-2010-1954 EXPLOITDB text VERIFIED
Joomlacomponent.inetlanka Com Multiroot - Path Traversal
Directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot) component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
by AntiSecurity
CVE-2010-1953 EXPLOITDB text VERIFIED
Joomlacomponent.inetlanka Com Multimap - Path Traversal
Directory traversal vulnerability in the iNetLanka Multiple Map (com_multimap) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
by AntiSecurity
CVE-2010-1723 EXPLOITDB text VERIFIED
Joomlacomponent.inetlanka Com Drawroot - Path Traversal
Directory traversal vulnerability in the iNetLanka Contact Us Draw Root Map (com_drawroot) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
by AntiSecurity
CVE-2010-1717 EXPLOITDB text VERIFIED
iF surfALERT 1.2 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the iF surfALERT (com_if_surfalert) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
by AntiSecurity
CVE-2010-1956 EXPLOITDB text VERIFIED
Thefactory Com Gadgetfactory - Path Traversal
Directory traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
by AntiSecurity
EIP-2026-108360 EXPLOITDB text VERIFIED
Joomla! Component com_google - Local File Inclusion
by AntiSecurity
CVE-2010-1718 EXPLOITDB text VERIFIED
Lispeltuut Com Archeryscores - Path Traversal
Directory traversal vulnerability in archeryscores.php in the Archery Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
by wishnusakti + inc0mp13te
EIP-2026-106753 EXPLOITDB text VERIFIED
eclime 1.1 - Bypass / Create and Download Backup
by indoushka
CVE-2010-1498 EXPLOITDB text VERIFIED
dl_stats < 2.0 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in dl_stats before 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) download.php and (2) view_file.php.
by Valentin Hoebel
EIP-2026-105071 EXPLOITDB text VERIFIED
Alegro 1.2.1 - SQL Injection
by indoushka
CVE-2006-5918 EXPLOITDB text VERIFIED
Php Rapid Kill - Unrestricted File Upload
Unrestricted file upload vulnerability in RapidKill (aka PHP Rapid Kill) 5.7 Pro, and certain other versions, allows remote attackers to upload and execute arbitrary PHP scripts via the "Link to Download" field. NOTE: it is possible that the field value is restricted to files on specific public web sites.
by DigitALL
CVE-2010-1710 EXPLOITDB text VERIFIED
Ramoncastro Siestta - Path Traversal
Directory traversal vulnerability in login.php in Siestta 2.0, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the idioma parameter.
by JosS
EIP-2026-113238 EXPLOITDB text VERIFIED
WebAdmin - Arbitrary File Upload
by DigitALL
EIP-2026-112912 EXPLOITDB text VERIFIED
Uploader 0.7 - Arbitrary File Upload
by DigitALL
CVE-2010-1711 EXPLOITDB text VERIFIED
Siestta 2.0 - Cross-Site Scripting via Usuario Parameter
Cross-site scripting (XSS) vulnerability in carga_foto_al.php in Siestta 2.0, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the usuario parameter.
by JosS
CVE-2010-1496 EXPLOITDB text VERIFIED
Joomla! com_joltcard 1.2.1 - SQL Injection
SQL injection vulnerability in the JoltCard (com_joltcard) component 1.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cardID parameter in a view action to index.php.
by Valentin
EIP-2026-108471 EXPLOITDB text VERIFIED
Joomla! Component com_pandafminigames - SQL Injection
by Valentin
EIP-2026-108437 EXPLOITDB text
Joomla! Component com_manager 1.5.3 - 'id' SQL Injection
by Islam DefenDers Mr.HaMaDa
EIP-2026-107782 EXPLOITDB text VERIFIED
ilchClan 1.0.5B - SQL Injection
by Easy Laster
EIP-2026-107062 EXPLOITDB text
FCKEditor Core - 'FileManager test.html' Arbitrary File Upload (1)
by Mr.MLL
EIP-2026-104857 EXPLOITDB text VERIFIED
60 cycleCMS 2.5.2 - Cross-Site Request Forgery (Change Username and Password)
by EL-KAHINA
CVE-2010-0432 EXPLOITDB text VERIFIED
Apache OFBiz < 09.04 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
by Lucas Apa
CVE-2010-0432 EXPLOITDB text VERIFIED
Apache OFBiz < 09.04 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
by Lucas Apa
By Source
All 31,344 Writeup 60,470 Exploitdb 50,009 Nomisec 21,927 Metasploit 3,232 Github 2,872 Vulncheck_xdb 908 Inthewild 514 Gitlab 443 Gitee 415 Patchapalooza 312
By Language
text 31,344 python 6,139 ruby 5,921 c 3,586 perl 2,849 html 2,054 php 1,327 bash 460 java 364 c++ 251 javascript 220 shell 98 go 64 postscript 25 xml 24