Exploitdb Exploits

31,346 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-105259 EXPLOITDB text
asaher pro 1.0 - Remote File Inclusion
by indoushka
EIP-2026-105196 EXPLOITDB text VERIFIED
APHP ImgList 1.2.2 - Cross-Site Scripting
by indoushka
EIP-2026-105063 EXPLOITDB text VERIFIED
AL-Caricatier 2.5 - 'comment.php' Cross-Site Scripting
by indoushka
EIP-2026-104963 EXPLOITDB text
Ads Electronic Al-System - Cross-Site Scripting
by indoushka
EIP-2026-113090 EXPLOITDB text VERIFIED
VideoIsland - Arbitrary File Upload
by RENO
EIP-2026-112771 EXPLOITDB text VERIFIED
Traidnt Gallery - Arbitrary Add Admin
by wlhaan-hacker
EIP-2026-111465 EXPLOITDB text
Pragyan CMS 2.6.4 - 'search.php' Remote File Inclusion
by Mr.SeCreT
CVE-2009-4458 EXPLOITDB text VERIFIED
FreePBX 2.5.2 and 2.6.0rc2 - Cross-Site Scripting via Tech Parameter and Description Parameter
Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.2 and 2.6.0rc2, and possibly other versions, allow remote attackers to inject arbitrary web script or HTML via the (1) tech parameter to admin/admin/config.php during a trunks display action, the (2) description parameter during an Add Zap Channel action, and (3) unspecified vectors during an Add Recordings action.
by Global-Evolution
CVE-2009-4813 EXPLOITDB text VERIFIED
MyBB 1.4.10 - Cross-Site Scripting via Username Parameter in Donate Action
Cross-site scripting (XSS) vulnerability in myps.php in MyBB (aka MyBulletinBoard) 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a donate action.
by Steven Abbagnaro
EIP-2026-108527 EXPLOITDB text VERIFIED
Joomla! Component com_schools - SQL Injection
by Mr.tro0oqy
EIP-2026-108391 EXPLOITDB text VERIFIED
Joomla! Component com_jeemaarticlecollection - SQL Injection
by FL0RiX
EIP-2026-108299 EXPLOITDB text VERIFIED
Joomla! Component com_carman - Cross-Site Scripting
by FL0RiX
CVE-2009-4447 EXPLOITDB text VERIFIED
Jax Guestbook 3.5.0 - Unauthenticated Authentication Bypass via Direct Admin Endpoint Access
Jax Guestbook 3.5.0 allows remote attackers to bypass authentication and modify administrator settings via a direct request to admin/guestbook.admin.php.
by Sora
EIP-2026-104281 EXPLOITDB text VERIFIED
ImageVue 2.0 - Remote Admin Login
by Sora
EIP-2026-102714 EXPLOITDB text
Picpuz 2.1.1 - Buffer Overflow (Denial of Service) (PoC)
by $andman
CVE-2009-5019 EXPLOITDB text VERIFIED
Web Wiz NewsPad - Unauthenticated Sensitive Information Exposure via Direct Database Request
Web Wiz NewsPad stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/NewsPad.mdb.
by ViRuSMaN
EIP-2026-100623 EXPLOITDB text VERIFIED
Web Wiz Forums 9.64 - Database Disclosure
by ViRuSMaN
CVE-2008-0135 EXPLOITDB text VERIFIED
Snitz Forums 2000 <= 3.4.06 - Unauthenticated Sensitive Information Exposure via Direct Database Download
Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb.
by ViRuSMaN
EIP-2026-114482 EXPLOITDB text VERIFIED
XP Book 3.0 - login Admin
by wlhaan hacker
CVE-2007-1034 EXPLOITDB text
Emporium Module < 2.3.0 - SQL Injection via category_id Parameter
SQL injection vulnerability in the category file in modules.php in the Emporium 2.3.0 and earlier module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
by Hussin X
EIP-2026-104947 EXPLOITDB text
Add An Ad Script - Arbitrary File Upload
by MR.Z
EIP-2026-104833 EXPLOITDB text VERIFIED
35mm Slide Gallery - Directory Traversal
by Mr.tro0oqy
EIP-2026-104832 EXPLOITDB text VERIFIED
35mm Slide Gallery - Cross-Site Scripting
by indoushka
CVE-2009-4814 EXPLOITDB text VERIFIED
Wolfram webMathematica - Cross-Site Scripting via URI to MSP Script
Cross-site scripting (XSS) vulnerability in Wolfram Research webMathematica allows remote attackers to inject arbitrary web script or HTML via the URI to the MSP script.
by Floyd Fuh
EIP-2026-102718 EXPLOITDB text VERIFIED
Printoxx - Local Buffer Overflow (PoC)
by $andman
By Source
All 31,346 Writeup 60,504 Exploitdb 50,014 Nomisec 21,952 Metasploit 3,232 Github 2,971 Vulncheck_xdb 909 Inthewild 514 Gitlab 443 Gitee 415 Patchapalooza 312
By Language
text 31,346 python 6,222 ruby 5,922 c 3,592 perl 2,849 html 2,056 php 1,327 bash 460 java 364 c++ 252 javascript 220 shell 101 go 64 postscript 25 xml 24