Exploitdb Exploits

31,346 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-110902 EXPLOITDB text VERIFIED
PHP-RESIDENCE 0.7.2 - Multiple Local File Inclusions
by cr4wl3r
EIP-2026-109551 EXPLOITDB text VERIFIED
MoME CMS 0.8.5 - Remote Authentication Bypass
by cr4wl3r
EIP-2026-108020 EXPLOITDB text VERIFIED
ITechSctipts Alibaba Clone - Multiple Vulnerabilities
by Hamza 'MizoZ' N.
CVE-2009-2894 EXPLOITDB text VERIFIED
Ebay Clone 2009 - SQL Injection via id or cid Parameter
Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to product_desc.php, and the cid parameter to (2) showcategory.php and (3) gallery.php.
by Hamza 'MizoZ' N.
EIP-2026-106354 EXPLOITDB text VERIFIED
DasForum - 'layout' Local File Inclusion
by cr4wl3r
EIP-2026-105952 EXPLOITDB text VERIFIED
CLONEBID B2B Marketplace - Multiple Vulnerabilities
by Hamza 'MizoZ' N.
EIP-2026-114925 EXPLOITDB text
Aqua Real 1.0/2.0 - Local Crash (PoC)
by R3d-D3V!L
EIP-2026-112794 EXPLOITDB text VERIFIED
Triburom - 'forum.php' Cross-Site Scripting
by ViRuSMaN
EIP-2026-111402 EXPLOITDB text VERIFIED
PonVFTP - Bypass / Arbitrary File Upload
by S2K9
EIP-2026-111401 EXPLOITDB text VERIFIED
PonVFTP - 'login.php' SQL Injection
by S2K9
EIP-2026-109351 EXPLOITDB text VERIFIED
Max's File Uploader - Arbitrary File Upload
by S2K9
CVE-2010-2006 EXPLOITDB text VERIFIED
LetoDMS < 1.7.2 - Authenticated Path Traversal via Lang Parameter
Directory traversal vulnerability in op/op.Login.php in LetoDMS (formerly MyDMS) 1.7.2 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
by D. Fabian
EIP-2026-103586 EXPLOITDB text VERIFIED
Multiple Media Players ((iTunes / QuickTime) - HTTP DataHandler Overflow
by Dr_IDE
CVE-2009-4273 EXPLOITDB text VERIFIED
stap-server <1.1 - Command Injection
stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request.
by Frank Ch. Eigler
CVE-2010-0288 EXPLOITDB text VERIFIED
DokuWiki < 2009-12-25b - Unauthenticated Privilege Escalation via ACL Manager Plugin
A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010.
by IHTeam
EIP-2026-114427 EXPLOITDB text VERIFIED
Xforum 1.4 - 'nbpageliste' Cross-Site Scripting
by ViRuSMaN
EIP-2026-112583 EXPLOITDB text VERIFIED
Technology for Solutions 1.0 - 'id' Cross-Site Scripting
by PaL-D3v1L
CVE-2010-0374 EXPLOITDB text VERIFIED
codingfish com_marketplace 1.2 - Cross-Site Scripting via catid Parameter
Cross-site scripting (XSS) vulnerability in the Marketplace (com_marketplace) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the catid parameter in a show_category action to index.php.
by ViRuSMaN
CVE-2010-0372 EXPLOITDB text VERIFIED
com_articlemanager - SQL Injection via artid Parameter
SQL injection vulnerability in the Articlemanager (com_articlemanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the artid parameter in a display action to index.php.
by FL0RiX
CVE-2010-0287 EXPLOITDB text VERIFIED
DokuWiki < 2009-12-25b - Directory Traversal via ACL Manager ns Parameter
Directory traversal vulnerability in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. (dot dot) in the ns parameter.
by IHTeam
EIP-2026-104797 EXPLOITDB text VERIFIED
Zend Framework 1.9.6 - Multiple Input Validation Vulnerabilities / Security Bypass
by draic Brady
CVE-2010-0712 EXPLOITDB text VERIFIED
Zenoss < 2.5 - Authenticated SQL Injection via Events API Parameters
Multiple SQL injection vulnerabilities in zport/dmd/Events/getJSONEventsInfo in Zenoss 2.3.3, and other versions before 2.5, allow remote authenticated users to execute arbitrary SQL commands via the (1) severity, (2) state, (3) filter, (4) offset, and (5) count parameters.
by nGenuity Information Services
EIP-2026-102709 EXPLOITDB text VERIFIED
OpenOffice 3.1 - '.csv' Remote Denial of Service
by Hellcode Research
EIP-2026-112792 EXPLOITDB text VERIFIED
Tribisur - 'cat' Cross-Site Scripting
by ViRuSMaN
EIP-2026-112431 EXPLOITDB text VERIFIED
StivaSoft Stiva SHOPPING CART 1.0 - 'demo.php' Cross-Site Scripting
by PaL-D3v1L
By Source
All 31,346 Writeup 60,488 Exploitdb 50,014 Nomisec 21,943 Metasploit 3,232 Github 2,951 Vulncheck_xdb 909 Inthewild 514 Gitlab 443 Gitee 415 Patchapalooza 312
By Language
text 31,346 python 6,204 ruby 5,922 c 3,592 perl 2,849 html 2,056 php 1,327 bash 460 java 364 c++ 252 javascript 220 shell 100 go 64 postscript 25 xml 24