Exploitdb Exploits

31,346 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-2273 EXPLOITDB text VERIFIED
Dojo 1.0.x-1.0.2, 1.1.x-1.1.1, 1.2.x-1.2.3, 1.3.x-1.3.2, 1.4.x-1.4.1 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, and util/buildscripts/jslib/buildUtil.js, as demonstrated by the (1) dojoUrl and (2) testUrl parameters to util/doh/runner.html.
by Adam Bixby
CVE-2010-2275 EXPLOITDB text VERIFIED
Dojo Toolkit SDK < 1.4.2 - Cross-Site Scripting via Theme Parameter
Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/test_Button.html.
by Adam Bixby
EIP-2026-104145 EXPLOITDB text VERIFIED
(Multiple Products) - 'banner.swf' Cross-Site Scripting
by MustLive
EIP-2026-100638 EXPLOITDB text VERIFIED
Zigurrat Farsi CMS - '/manager/textbox.asp' SQL Injection
by Isfahan
CVE-2010-1054 EXPLOITDB text VERIFIED
ParsCMS - SQL Injection via RP Parameter
Multiple SQL injection vulnerabilities in ParsCMS allow remote attackers to execute arbitrary SQL commands via the RP parameter to (1) fa_default.asp and (2) en_default.asp.
by Isfahan
CVE-2010-0973 EXPLOITDB text VERIFIED
phppool media Domain Verkaus and Auktions Portal - SQL Injection
SQL injection vulnerability in index.php in phppool media Domain Verkaus and Auktions Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Easy Laster
CVE-2010-0970 EXPLOITDB text VERIFIED
PhpMyLogon 2 - SQL Injection via Username Parameter
SQL injection vulnerability in phpmylogon.php in PhpMyLogon 2 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
by blake
EIP-2026-110829 EXPLOITDB text
PHP-Nuke - Local File Inclusion
by ITSecTeam
EIP-2026-110807 EXPLOITDB text
PHP-Fusion 6.01.15.4 - 'downloads.php' SQL Injection
by Inj3ct0r
EIP-2026-108465 EXPLOITDB text VERIFIED
Joomla! Component com_org - SQL Injection
by N2n-Hacker
EIP-2026-108458 EXPLOITDB text VERIFIED
Joomla! Component com_nfnaddressbook - SQL Injection
by snakespc
EIP-2026-107264 EXPLOITDB text VERIFIED
Front Door 0.4b - SQL Injection
by blake
EIP-2026-106425 EXPLOITDB text VERIFIED
DesktopOnNet 3 Beta9 - Local File Inclusion
by cr4wl3r
EIP-2026-104223 EXPLOITDB text VERIFIED
DirectAdmin 1.33.6 - 'CMD_DB_VIEW' Cross-Site Scripting
by r0t
CVE-2010-0967 EXPLOITDB text VERIFIED
Geekhelps ADMP 1.01 - Path Traversal
Multiple directory traversal vulnerabilities in Geekhelps ADMP 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the style parameter to (1) colorvoid/footer.php, (2) default-green/footer.php, (3) default-orange/footer.php, and (4) default/footer.php in themes/. NOTE: some of these details are obtained from third party information.
by ITSecTeam
EIP-2026-114413 EXPLOITDB text VERIFIED
Xbtit 2.0.0 - SQL Injection
by Ctacok
CVE-2010-1341 EXPLOITDB text VERIFIED
Systemsoftware Community Black Forum - SQL Injection
SQL injection vulnerability in index.php in Systemsoftware Community Black Forum allows remote attackers to execute arbitrary SQL commands via the s_flaeche parameter.
by Easy Laster
EIP-2026-109291 EXPLOITDB text VERIFIED
Mambo Component MambAds - SQL Injection
by Dreadful
EIP-2026-108532 EXPLOITDB text VERIFIED
Joomla! Component com_seek - 'id' SQL Injection
by DevilZ TM
EIP-2026-108526 EXPLOITDB text VERIFIED
Joomla! Component com_sbsfile - Local File Inclusion
by DevilZ TM
EIP-2026-108322 EXPLOITDB text VERIFIED
Joomla! Component com_d-greinar - 'maintree' Cross-Site Scripting
by DevilZ TM
EIP-2026-108315 EXPLOITDB text VERIFIED
Joomla! Component com_comp - SQL Injection
by DevilZ TM
CVE-2010-0968 EXPLOITDB text VERIFIED
Geekhelps ADMP 1.01 - SQL Injection
SQL injection vulnerability in bannershow.php in Geekhelps ADMP 1.01 allows remote attackers to execute arbitrary SQL commands via the click parameter.
by ITSecTeam
EIP-2026-105347 EXPLOITDB text VERIFIED
Azeno CMS - SQL Injection
by DevilZ TM
CVE-2010-1057 EXPLOITDB text VERIFIED
Phpkobo AdFreely <1.01 - Path Traversal
Multiple directory traversal vulnerabilities in Phpkobo AdFreely (aka Ad Board Script) 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a ..// (dot dot slash slash) in the LANG_CODE parameter to common.inc.php in (1) codelib/cfg/, (2) codelib/sys/, (3) staff/, and (4) staff/app/; and (5) staff/file.php. NOTE: some of these details are obtained from third party information.
by ITSecTeam
By Source
All 31,346 Writeup 60,479 Exploitdb 50,014 Nomisec 21,938 Metasploit 3,232 Github 2,886 Vulncheck_xdb 908 Inthewild 514 Gitlab 443 Gitee 415 Patchapalooza 312
By Language
text 31,346 python 6,149 ruby 5,922 c 3,588 perl 2,849 html 2,054 php 1,327 bash 460 java 364 c++ 252 javascript 220 shell 99 go 64 postscript 25 xml 24