Exploitdb Exploits

31,346 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-0983 EXPLOITDB text VERIFIED
rezervi < 3.0.2 - Remote Code Execution via mail.inc.php root Parameter
PHP remote file inclusion vulnerability in include/mail.inc.php in Rezervi 3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the root parameter, a different vector than CVE-2007-2156.
by r00t.h4x0r
EIP-2026-111411 EXPLOITDB text VERIFIED
portal modulnet 1.0 - 'id' SQL Injection
by Red-D3v1L
EIP-2026-110698 EXPLOITDB text VERIFIED
PHP File Uploader - Arbitrary File Upload
by indoushka
EIP-2026-110655 EXPLOITDB text VERIFIED
PHP Banner Exchange 1.2 - 'signupconfirm.php' Cross-Site Scripting
by indoushka
EIP-2026-109181 EXPLOITDB text VERIFIED
Live TV Script - SQL Injection
by R3d-D3V!L
CVE-2010-0981 EXPLOITDB text VERIFIED
TPJobs for Joomla! - SQL Injection via id_c[] Parameter
SQL injection vulnerability in the TPJobs (com_tpjobs) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id_c[] parameter in a resadvsearch action to index.php.
by FL0RiX
EIP-2026-108469 EXPLOITDB text
Joomla! Component com_oziogallery2 / IMAGIN - Arbitrary File Write
by Ubik & er
EIP-2026-108467 EXPLOITDB text
Joomla! Component com_otzivi - Blind SQL Injection
by Cyber_945
CVE-2010-0945 EXPLOITDB text
Joomla! com_hotbrackets - SQL Injection
SQL injection vulnerability in the HotBrackets Tournament Brackets (com_hotbrackets) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by FL0RiX
EIP-2026-108334 EXPLOITDB text VERIFIED
Joomla! Component com_doqment - 'cid' SQL Injection
by Gamoscu
EIP-2026-108319 EXPLOITDB text VERIFIED
Joomla! Component com_countries - SQL Injection
by FL0RiX
CVE-2010-0982 EXPLOITDB text VERIFIED
CARTwebERP <1.56.75 - Path Traversal
Directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
by FL0RiX
CVE-2010-0157 EXPLOITDB text VERIFIED
JoomlaBibleStudy com_biblestudy 6.1 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php.
by FL0RiX
CVE-2010-2255 EXPLOITDB text VERIFIED
Tamlyncreative Com Bfsurvey Profree < 1.3.0 - SQL Injection
SQL injection vulnerability in the BF Survey Pro (com_bfsurvey_pro) component before 1.3.1, BF Survey Pro Free (com_bfsurvey_profree) component 1.2.6, and BF Survey Basic component before 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. NOTE: some of these details are obtained from third party information.
by FL0RiX
CVE-2010-2259 EXPLOITDB text VERIFIED
com_bfsurvey_profree - Path Traversal via Controller Parameter
Directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
by FL0RiX
EIP-2026-108262 EXPLOITDB text
Joomla! Component com_alfresco - SQL Injection
by FL0RiX
CVE-2010-0985 EXPLOITDB text VERIFIED
Joomla! com_abbrev 1.1 - Path Traversal
Directory traversal vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
by FL0RiX
CVE-2010-2254 EXPLOITDB text
Shape5 Bridge of Hope Template - SQL Injection via id Parameter
SQL injection vulnerability in the Shape5 Bridge of Hope template for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php.
by R3d-D3V!L
CVE-2010-0158 EXPLOITDB text
JoomlaBamboo JB Simpla Admin Template - SQL Injection via id Parameter
SQL injection vulnerability in the JoomlaBamboo (JB) Simpla Admin template for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to the com_content component, reachable through index.php. NOTE: the vendor disputes this report, saying: "JoomlaBamboo has investigated this report, and it is incorrect. There is no SQL injection vulnerability involving the id parameter in an article view, and there never was. JoomlaBamboo customers have no reason to be concerned about this report.
by R3d-D3V!L
CVE-2010-5017 EXPLOITDB text VERIFIED
Elite Gaming Ladders 3.0 - SQL Injection
SQL injection vulnerability in stats.php in Elite Gaming Ladders 3.0 allows remote attackers to execute arbitrary SQL commands via the account parameter.
by Sora
EIP-2026-106468 EXPLOITDB text VERIFIED
Discuz! 2.0 - Multiple Cross-Site Scripting Vulnerabilities
by indoushka
EIP-2026-101017 EXPLOITDB text VERIFIED
Facebook for iPhone - Persistent Cross-Site Scripting Denial of Service
by marco_
EIP-2026-100411 EXPLOITDB text VERIFIED
MasterWeb Script 1.0 - 'details&newsID' SQL Injection
by Red-D3v1L
EIP-2026-100328 EXPLOITDB text VERIFIED
Football Pool 3.1 - Database Disclosure
by LionTurk
CVE-2010-0984 EXPLOITDB text VERIFIED
Acidcat CMS <3.5.3 - Info Disclosure
Acidcat CMS 3.5.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for databases/acidcat_3.mdb.
by LionTurk
By Source
All 31,346 Writeup 60,502 Exploitdb 50,014 Nomisec 21,946 Metasploit 3,232 Github 2,965 Vulncheck_xdb 909 Inthewild 514 Gitlab 443 Gitee 415 Patchapalooza 312
By Language
text 31,346 python 6,217 ruby 5,922 c 3,592 perl 2,849 html 2,056 php 1,327 bash 460 java 364 c++ 252 javascript 220 shell 100 go 64 postscript 25 xml 24