Exploitdb Exploits

31,346 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-109525 EXPLOITDB text VERIFIED
Mobile Chat 2.0.2 - 'chatsmileys.php' Cross-Site Scripting
by indoushka
CVE-2010-0371 EXPLOITDB text VERIFIED
Hitmaaan Gallery 1.3 - Cross-Site Scripting via gall or levela Parameters
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Hitmaaan Gallery 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gall and (2) levela parameters.
by indoushka
EIP-2026-107058 EXPLOITDB text
Fatwiki (fwiki) 1.0 - Remote File Inclusion
by kaMtiEz
CVE-2010-1111 EXPLOITDB text VERIFIED
Jokes Complete Website - Cross-Site Scripting via id Parameter or searchingred Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Jokes Complete Website allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to joke.php and the (2) searchingred parameter to results.php.
by indoushka
CVE-2010-1111 EXPLOITDB text VERIFIED
Jokes Complete Website - Cross-Site Scripting via id Parameter or searchingred Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Jokes Complete Website allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to joke.php and the (2) searchingred parameter to results.php.
by indoushka
CVE-2010-0367 EXPLOITDB text VERIFIED
BitScripts Bits Video Script 2.05 Gold Beta - Remote Code Execution via rowptem[template] Parameter
Multiple PHP remote file inclusion vulnerabilities in BitScripts Bits Video Script 2.05 Gold Beta, and possibly 2.04, allow remote attackers to execute arbitrary PHP code via a URL in the rowptem[template] parameter to (1) showcasesearch.php and (2) showcase2search.php.
by indoushka
CVE-2010-0367 EXPLOITDB text VERIFIED
BitScripts Bits Video Script 2.05 Gold Beta - Remote Code Execution via rowptem[template] Parameter
Multiple PHP remote file inclusion vulnerabilities in BitScripts Bits Video Script 2.05 Gold Beta, and possibly 2.04, allow remote attackers to execute arbitrary PHP code via a URL in the rowptem[template] parameter to (1) showcasesearch.php and (2) showcase2search.php.
by indoushka
CVE-2010-0365 EXPLOITDB text VERIFIED
BitScripts Bits Video Script 2.04 and 2.05 Gold Beta - Cross-Site Scripting via search.php order Parameter
Cross-site scripting (XSS) vulnerability in search.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allows remote attackers to inject arbitrary web script or HTML via the order parameter.
by indoushka
CVE-2010-0366 EXPLOITDB text VERIFIED
BitScripts Bits Video Script 2.04-2.05 Gold Beta - Unauthenticated Arbitrary File Upload
Multiple unrestricted file upload vulnerabilities in (1) register.php and (2) addvideo.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
by indoushka
CVE-2010-0366 EXPLOITDB text VERIFIED
BitScripts Bits Video Script 2.04-2.05 Gold Beta - Unauthenticated Arbitrary File Upload
Multiple unrestricted file upload vulnerabilities in (1) register.php and (2) addvideo.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
by indoushka
EIP-2026-104427 EXPLOITDB text VERIFIED
Serialsystem 1.0.4 Beta - 'list' Cross-Site Scripting
by indoushka
EIP-2026-104256 EXPLOITDB text VERIFIED
FreePBX 2.5.x < 2.6.0 - Persistent Cross-Site Scripting
by Ivan Huertas
EIP-2026-104255 EXPLOITDB text VERIFIED
FreePBX 2.5.x - Information Disclosure
by Ivan Huertas
EIP-2026-104254 EXPLOITDB text VERIFIED
FreePBX 2.5.1 - SQL Injection
by Ivan Huertas
CVE-2010-0713 EXPLOITDB text VERIFIED
Zenoss < 2.5 - Cross-Site Request Forgery via Admin Password Reset and Command Change
Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss 2.3.3, and other versions before 2.5, allow remote attackers to hijack the authentication of an administrator for (1) requests that reset user passwords via zport/dmd/ZenUsers/admin, and (2) requests that change user commands, which allows for remote execution of system commands via zport/dmd/userCommands/.
by Adam Baldwin
EIP-2026-119223 EXPLOITDB text
Trend Micro Web-Deployment - ActiveX Remote Execution
by superli
EIP-2026-116628 EXPLOITDB text VERIFIED
Xunlei XPPlayer 5.9.14.1246 - ActiveX Remote Execution (PoC)
by superli
EIP-2026-112914 EXPLOITDB text VERIFIED
Uploader by CeleronDude 5.3.0 - Arbitrary File Upload (2)
by Stink'
CVE-2010-0390 EXPLOITDB text VERIFIED
PHP F1 Max's Image Uploader 1.0 - Unauthenticated Arbitrary File Upload via pjpeg/jpeg Extension Handling
Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
by indoushka
EIP-2026-108494 EXPLOITDB text VERIFIED
Joomla! Component com_prime - Directory Traversal
by FL0RiX
EIP-2026-108476 EXPLOITDB text VERIFIED
Joomla! Component com_pc - Local File Inclusion
by Pyske
CVE-2010-0373 EXPLOITDB text VERIFIED
Joomla! com_libros - SQL Injection via id Parameter
SQL injection vulnerability in the libros (com_libros) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
by FL0RiX
EIP-2026-101391 EXPLOITDB text VERIFIED
Novatel Wireless MiFi 2352 - Password Information Disclosure
by Alejandro Ramos
EIP-2026-112780 EXPLOITDB text VERIFIED
Transload Script - Arbitrary File Upload
by DigitALL
EIP-2026-111794 EXPLOITDB text VERIFIED
RoseOnlineCMS 3 B1 - Remote Authentication Bypass
by cr4wl3r
By Source
All 31,346 Writeup 60,488 Exploitdb 50,014 Nomisec 21,943 Metasploit 3,232 Github 2,951 Vulncheck_xdb 909 Inthewild 514 Gitlab 443 Gitee 415 Patchapalooza 312
By Language
text 31,346 python 6,204 ruby 5,922 c 3,592 perl 2,849 html 2,056 php 1,327 bash 460 java 364 c++ 252 javascript 220 shell 100 go 64 postscript 25 xml 24