Exploitdb Exploits

31,346 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-4375 EXPLOITDB text VERIFIED
AlienVault OSSIM <2.1.5.4 - SQL Injection
SQL injection vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary SQL commands via the id_document parameter.
by Nahuel Grisolia
CVE-2009-4372 EXPLOITDB text VERIFIED
AlienVault OSSIM < 2.1.5-4 - Remote Command Execution via UniqueID Parameter
AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary commands via shell metacharacters in the uniqueid parameter to (1) wcl.php, (2) storage_graphs.php, (3) storage_graphs2.php, (4) storage_graphs3.php, and (5) storage_graphs4.php in sem/.
by Nahuel Grisolia
EIP-2026-110397 EXPLOITDB text VERIFIED
OSSIM 2.1.5 - Arbitrary File Upload
by Nahuel Grisolia
EIP-2026-110029 EXPLOITDB text VERIFIED
Omnistar Affiliate - Authentication Bypass
by R3d-D3V!L
CVE-2009-4434 EXPLOITDB text VERIFIED
IDevSpot iSupport <1.8 - Path Traversal
Directory traversal vulnerability in index.php in IDevSpot iSupport 1.8 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter.
by Stink & Essandre
CVE-2009-4433 EXPLOITDB text VERIFIED
iSupport < 1.8 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (a) 5 or (b) 9 field in a post action to ticket_function.php, reachable through ticket_submit.php and index.php; (c) the which parameter to function.php, or (d) the which parameter to index.php, related to knowledgebase_list.php. NOTE: some of these details are obtained from third party information.
by Stink & Essandre
CVE-2009-4433 EXPLOITDB text VERIFIED
iSupport < 1.8 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (a) 5 or (b) 9 field in a post action to ticket_function.php, reachable through ticket_submit.php and index.php; (c) the which parameter to function.php, or (d) the which parameter to index.php, related to knowledgebase_list.php. NOTE: some of these details are obtained from third party information.
by Stink & Essandre
EIP-2026-107085 EXPLOITDB text
File Share 1.0 - SQL Injection
by TOP SAT 13
EIP-2026-107039 EXPLOITDB text VERIFIED
family connections 2.1.3 - Multiple Vulnerabilities
by Salvatore Fresta
EIP-2026-106924 EXPLOITDB text VERIFIED
eUploader PRO 3.1.1 - Cross-Site Request Forgery / Cross-Site Scripting
by Milos Zivanovic
CVE-2009-4429 EXPLOITDB text VERIFIED
Sections module 5.x < 5.x-1.3 and 6.x < 6.x-1.3 - Authenticated Cross-Site Scripting via Section Name Field
Cross-site scripting (XSS) vulnerability in the Sections module 5.x before 5.x-1.3 and 6.x before 6.x-1.3 for Drupal allows remote authenticated users with "administer sections" privileges to inject arbitrary web script or HTML via a section name (aka the Name field).
by Justin C. Klein Keane
CVE-2009-4429 EXPLOITDB text VERIFIED
Sections module 5.x < 5.x-1.3 and 6.x < 6.x-1.3 - Authenticated Cross-Site Scripting via Section Name Field
Cross-site scripting (XSS) vulnerability in the Sections module 5.x before 5.x-1.3 and 6.x before 6.x-1.3 for Drupal allows remote authenticated users with "administer sections" privileges to inject arbitrary web script or HTML via a section name (aka the Name field).
by Justin C. Klein Keane
EIP-2026-106330 EXPLOITDB text VERIFIED
D-Tendencia Bt 2008 - SQL Injection
by Dr.0rYX & Cr3W-DZ
EIP-2026-105237 EXPLOITDB text VERIFIED
Article Directory - SQL Injection
by R3d-D3V!L
EIP-2026-105236 EXPLOITDB text VERIFIED
Article Directory - 'login.php' SQL Injection
by R3d D3v!L
CVE-2009-4454 EXPLOITDB text
VideoCache 1.9.2 - Local Privilege Escalation
vccleaner in VideoCache 1.9.2 allows local users with Squid proxy user privileges to overwrite arbitrary files via a symlink attack on /var/log/videocache/vccleaner.log.
by Dominick LaTrappe
CVE-2009-2619 EXPLOITDB text
DataCheck Solutions V-SpacePal - SQL Injection
SQL injection vulnerability in login.asp in DataCheck Solutions V-SpacePal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by R3d-D3V!L
EIP-2026-100587 EXPLOITDB text VERIFIED
Texas Rankem - 'player_id' SQL Injection
by R3d-D3V!L
EIP-2026-100558 EXPLOITDB text VERIFIED
Smart ASPad - 'campaignEdit.asp?CCam' Blind SQL Injection
by R3d-D3V!L
EIP-2026-100523 EXPLOITDB text
RecipePal 1.0 - SQL Injection
by R3d-D3V!L
EIP-2026-100494 EXPLOITDB text VERIFIED
Pre Hotels&Resorts Management System - Authentication Bypass
by R3d-D3V!L
EIP-2026-100380 EXPLOITDB text VERIFIED
JM CMS 1.0 - Authentication Bypass
by Red-D3v1L
EIP-2026-100344 EXPLOITDB text VERIFIED
GuestBookPro Script - Remote Database Disclosure
by ViRuSMaN
CVE-2006-4524 EXPLOITDB text VERIFIED
Digiappz Freekot 1.01 - SQL Injection via Login or Password Parameters
Multiple SQL injection vulnerabilities in login_verif.asp in Digiappz Freekot 1.01 allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) password parameters. NOTE: some of these details are obtained from third party information.
by R3d-D3V!L
EIP-2026-100215 EXPLOITDB text VERIFIED
Codefixer Membership - Remote Database Disclosure
by ViRuSMaN
By Source
All 31,346 Writeup 60,504 Exploitdb 50,014 Nomisec 21,956 Metasploit 3,232 Github 2,974 Vulncheck_xdb 909 Inthewild 514 Gitlab 443 Gitee 415 Patchapalooza 312
By Language
text 31,346 python 6,224 ruby 5,922 c 3,592 perl 2,849 html 2,056 php 1,327 bash 460 java 364 c++ 252 javascript 220 shell 101 go 64 postscript 25 xml 24