Exploitdb Exploits

31,346 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-110530 EXPLOITDB text VERIFIED
PDQ Script 1.0 - 'listingid' SQL Injection
by SecurityRules
CVE-2009-4822 EXPLOITDB text VERIFIED
Kasseler CMS 1.3.4 - Cross-Site Scripting via do id or uname Parameters
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kasseler CMS 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) do, (2) id, and (3) uname parameters.
by Gamoscu
EIP-2026-108441 EXPLOITDB text
Joomla! Component com_mediaslide - Directory Traversal
by Mr.tro0oqy
EIP-2026-106579 EXPLOITDB text
Drumbeat CMS 1.0 - SQL Injection
by Sora
CVE-2009-4820 EXPLOITDB text VERIFIED
Angelo-Emlak 1.0 - Unauthenticated Database Download via Direct Request
Angelo-Emlak 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for veribaze/angelo.mdb.
by LionTurk
EIP-2026-100089 EXPLOITDB text VERIFIED
Absolute Shopping Cart - SQL Injection
by Gamoscu
CVE-2009-4818 EXPLOITDB text VERIFIED
PHPSimplicity Simplicity oF Upload 1.3.2 - Unrestricted File Upload via Double Extension Bypass
Unrestricted file upload vulnerability in upload.php in PHPSimplicity Simplicity oF Upload 1.3.2 allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, as demonstrated by .php.gif.
by Master Mind
CVE-2007-4527 EXPLOITDB text VERIFIED
phphq phUploader 1.2 - Unrestricted File Upload and Remote Code Execution
Unrestricted file upload vulnerability in phUploader.php in phphq.Net phUploader 1.2 allows remote attackers to upload and execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by wlhaan-hacker
EIP-2026-110464 EXPLOITDB text VERIFIED
Pandora FMS Monitoring Application 2.1.x /3.x - SQL Injection
by Global-Evolution
EIP-2026-110441 EXPLOITDB text VERIFIED
PacketFence Network Access Controller - Cross-Site Scripting
by K053
EIP-2026-108066 EXPLOITDB text VERIFIED
JBC Explorer 7.20 - 'arbre.php' Cross-Site Scripting
by Metropolis
CVE-2009-4426 EXPLOITDB text VERIFIED
Ignition 1.2 - Remote File Inclusion via Blog Parameter
Multiple directory traversal vulnerabilities in Ignition 1.2, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the blog parameter to (1) comment.php and (2) view.php.
by cOndemned
EIP-2026-106962 EXPLOITDB text VERIFIED
Explorer 7.20 - Cross-Site Scripting
by Metropolis
EIP-2026-104969 EXPLOITDB text VERIFIED
Advance Biz Limited 1.0 - Authentication Bypass
by PaL-D3v1L
CVE-2006-5236 EXPLOITDB text VERIFIED
4images 1.7.x - Authenticated SQL Injection via search_user Parameter
SQL injection vulnerability in search.php in 4images 1.7.x allows remote authenticated users to execute arbitrary SQL commands via the search_user parameter.
by Master Mind
CVE-2009-4825 EXPLOITDB text VERIFIED
8pixel simple_blog - Unauthenticated Database Download via Direct Request
8pixel.net Blog 4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for App_Data/sb.mdb.
by LionTurk
EIP-2026-111901 EXPLOITDB text
Saurus CMS 4.6.4 - Multiple Remote File Inclusions
by cr4wl3r
EIP-2026-111568 EXPLOITDB text
Ptag 4.0.0 - Multiple Remote File Inclusions
by cr4wl3r
CVE-2006-0087 EXPLOITDB text
Lizard Cart CMS 1.04 - SQL Injection via id Parameter
SQL injection vulnerability in (1) pages.php and (2) detail.php in Lizard Cart CMS 1.04 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by cr4wl3r
EIP-2026-107075 EXPLOITDB text
FestOs 2.2.1 - Multiple Remote File Inclusions
by cr4wl3r
CVE-2008-5781 EXPLOITDB text VERIFIED
Cant Find A Gaming CMS (CFAGCMS) 1.0 Beta 1 - SQL Injection
SQL injection vulnerability in right.php in Cant Find A Gaming CMS (CFAGCMS) 1.0 Beta 1 allows remote attackers to execute arbitrary SQL commands via the title parameter.
by cr4wl3r
EIP-2026-105399 EXPLOITDB text
Barracuda Web Firewall 660 Firmware 7.3.1.007 - Multiple Vulnerabilities
by Global-Evolution
EIP-2026-101177 EXPLOITDB text VERIFIED
Barracuda Web Application Firewall 660 - '/cgi-mod/index.cgi' Multiple HTML Injection Vulnerabilities
by Global-Evolution
EIP-2026-100592 EXPLOITDB text VERIFIED
Toast Forums 1.8 - Database Disclosure
by ViRuSMaN
CVE-2009-4424 EXPLOITDB text
Pyrmont plugin 2 for WordPress - SQL Injection via id Parameter
SQL injection vulnerability in results.php in the Pyrmont plugin 2 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Gamoscu
By Source
All 31,346 Writeup 60,504 Exploitdb 50,014 Nomisec 21,956 Metasploit 3,232 Github 2,974 Vulncheck_xdb 909 Inthewild 514 Gitlab 443 Gitee 415 Patchapalooza 312
By Language
text 31,346 python 6,224 ruby 5,922 c 3,592 perl 2,849 html 2,056 php 1,327 bash 460 java 364 c++ 252 javascript 220 shell 101 go 64 postscript 25 xml 24