Exploitdb Exploits

31,346 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-109282 EXPLOITDB text VERIFIED
Mambo Component AkoGallery - SQL Injection
by snakespc
CVE-2010-0678 EXPLOITDB text VERIFIED
Katalog Stron Hurricane 1.3.5 - Remote Code Execution via includes_directory Parameter
PHP remote file inclusion vulnerability in includes/moderation.php in Katalog Stron Hurricane 1.3.5, and possibly earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the includes_directory parameter.
by kaMtiEz
CVE-2010-0691 EXPLOITDB text VERIFIED
JTL-Shop 2 - SQL Injection via Druckansicht s Parameter
SQL injection vulnerability in druckansicht.php in JTL-Shop 2 allows remote attackers to execute arbitrary SQL commands via the s parameter.
by Lo$T
CVE-2010-0696 EXPLOITDB text
JoomlaWorks AllVideos <3.2 - Path Traversal
Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.
by Pouya Daneshmand
EIP-2026-108579 EXPLOITDB text VERIFIED
Joomla! Component com_videos - SQL Injection
by snakespc
EIP-2026-107090 EXPLOITDB text
File Upload Manager 1.3 - Web Shell File Upload
by ROOT_EGY
EIP-2026-105696 EXPLOITDB text VERIFIED
Calendarix 0.8.20071118 - SQL Injection
by Thibow
CVE-2010-0680 EXPLOITDB text VERIFIED
ZeusCMS 0.2 - Path Traversal via Page Parameter
Directory traversal vulnerability in index.php in ZeusCMS 0.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter.
by ViRuSMaN
CVE-2008-0843 EXPLOITDB text VERIFIED
StatCounteX 3.0 and 3.1 - Unauthenticated Sensitive Information Disclosure and Configuration Manipulation via admin.asp
StatCounteX 3.0 and 3.1 allows remote attackers to obtain sensitive information and edit configuration scripts via a direct request to admin.asp.
by Phenom
EIP-2026-115861 EXPLOITDB text VERIFIED
Mozilla Firefox 3.6 - Denial of Service (1)
by Asheesh kumar Mani Tripathi
EIP-2026-115726 EXPLOITDB text VERIFIED
Microsoft Internet Explorer 8 - Denial of Service
by Asheesh kumar Mani Tripathi
CVE-2010-0681 EXPLOITDB text VERIFIED
ZeusCMS 0.2 - Information Disclosure via Direct Request for admin/backup.sql
ZeusCMS 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request for admin/backup.sql.
by ViRuSMaN
CVE-2010-0672 EXPLOITDB text VERIFIED
WSN Guest 1.02 - SQL Injection via Orderlinks Parameter
SQL injection vulnerability in index.php in WSN Guest 1.02 allows remote attackers to execute arbitrary SQL commands via the orderlinks parameter.
by Gamoscu
CVE-2010-0682 EXPLOITDB text VERIFIED
WordPress 2.9 - Authenticated Information Disclosure via Trash Post Access
WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter.
by tmacuk
EIP-2026-113131 EXPLOITDB text VERIFIED
Vito CMS - SQL Injection
CVE-2010-0674 EXPLOITDB text VERIFIED
StatCounteX 3.1 - Unauthenticated Sensitive Information Exposure via Direct Database Request
StatCounteX 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for path/stats.mdb.
by Phenom
EIP-2026-112360 EXPLOITDB text VERIFIED
southburn Web - 'products.php' SQL Injection
by AtT4CKxT3rR0r1ST
EIP-2026-109616 EXPLOITDB text VERIFIED
MRW PHP Upload - Arbitrary File Upload
by Phenom
EIP-2026-107893 EXPLOITDB text VERIFIED
InterTech Co 1.0 - SQL Injection
by Red-D3v1L
EIP-2026-108028 EXPLOITDB text VERIFIED
Izumi 1.1.0 - Multiple Local File Inclusion / Remote File Inclusions
by cr4wl3r
EIP-2026-106333 EXPLOITDB text VERIFIED
daChooch - SQL Injection
by snakespc
EIP-2026-105982 EXPLOITDB text VERIFIED
CMS Made Simple 1.6.6 - Multiple Vulnerabilities
by Beenu Arora
EIP-2026-105981 EXPLOITDB text VERIFIED
CMS Made Simple 1.6.6 - Local File Inclusion / Cross-Site Scripting
by Beenu Arora
CVE-2010-0695 EXPLOITDB text VERIFIED
basic-cms - Cross-Site Scripting via nav_id Parameter
Cross-site scripting (XSS) vulnerability in pages/index.php in BASIC-CMS allows remote attackers to inject arbitrary web script or HTML via the nav_id parameter.
by Red-D3v1L
EIP-2026-105123 EXPLOITDB text VERIFIED
Alqatari Group 1.0 - Blind SQL Injection
by Red-D3v1L
By Source
All 31,346 Writeup 60,481 Exploitdb 50,014 Nomisec 21,942 Metasploit 3,232 Github 2,946 Vulncheck_xdb 908 Inthewild 514 Gitlab 443 Gitee 415 Patchapalooza 312
By Language
text 31,346 python 6,200 ruby 5,922 c 3,592 perl 2,849 html 2,055 php 1,327 bash 460 java 364 c++ 252 javascript 220 shell 100 go 64 postscript 25 xml 24