Exploitdb Exploits

31,346 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-100131 EXPLOITDB text VERIFIED
ASPGuest - 'edit.asp?ID' Blind SQL Injection
by R3d-D3V!L
EIP-2026-112195 EXPLOITDB text VERIFIED
SitioOnline - SQL Injection
by 4lG3r14n0-t3r0
EIP-2026-111957 EXPLOITDB text VERIFIED
Scriptsez Ez FAQ Maker 1.0 - Cross-Site Scripting / Cross-Site Request Forgery
by Milos Zivanovic
EIP-2026-109161 EXPLOITDB text VERIFIED
Linkster - PHP/MySQL SQL Injection
by Angela Zhang
EIP-2026-107767 EXPLOITDB text VERIFIED
iGaming CMS 1.5 - Cross-Site Request Forgery
by Nex
CVE-2009-3701 EXPLOITDB text VERIFIED
Horde Application Framework < 3.3.6 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable.
by Juan Galiana Lara
CVE-2009-3701 EXPLOITDB text VERIFIED
Horde Application Framework < 3.3.6 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable.
by Juan Galiana Lara
CVE-2009-3701 EXPLOITDB text VERIFIED
Horde Application Framework < 3.3.6 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable.
by Juan Galiana Lara
EIP-2026-106998 EXPLOITDB text VERIFIED
Ez News Manager / Pro - Cross-Site Request Forgery (Change Admin Password)
by Milos Zivanovic
EIP-2026-106996 EXPLOITDB text VERIFIED
Ez Faq Maker - Multiple Vulnerabilities
by Milos Zivanovic
CVE-2009-4366 EXPLOITDB text VERIFIED
ScriptsEz Ez Blog 1.0 - Cross-Site Scripting via yr Parameter in bmonth Action
Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the yr parameter in a bmonth action.
by Milos Zivanovic
CVE-2009-4366 EXPLOITDB text VERIFIED
ScriptsEz Ez Blog 1.0 - Cross-Site Scripting via yr Parameter in bmonth Action
Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the yr parameter in a bmonth action.
by Milos Zivanovic
EIP-2026-106600 EXPLOITDB text VERIFIED
DubSite CMS 1.0 - Cross-Site Request Forgery
by Connection
CVE-2009-1798 EXPLOITDB text VERIFIED
APC Network Management Card - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the login_username vector for Forms/login1 is already covered by CVE-2009-4406.
by Jamal Pecou
EIP-2026-100552 EXPLOITDB text
SitePal 1.1 - Authentication Bypass
by R3d-D3V!L
CVE-2009-2614 EXPLOITDB text VERIFIED
DataCheck Solutions LinkPal <1 - SQL Injection
SQL injection vulnerability in z_admin_login.asp in DataCheck Solutions LinkPal 1.x allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by R3d-D3V!L
CVE-2009-2365 EXPLOITDB text
DataCheck Solutions GalleryPal FE 1.5 - SQL Injection
SQL injection vulnerability in login.asp in DataCheck Solutions GalleryPal FE 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by R3d-D3V!L
EIP-2026-100300 EXPLOITDB text VERIFIED
EEGshop 1.2 - SQL Injection
by Securitylab.ir
EIP-2026-100240 EXPLOITDB text VERIFIED
DesigNsbyjm CMS 1.0 - 'PageId' SQL Injection
by Red-D3v1L
EIP-2026-100208 EXPLOITDB text VERIFIED
ClickTrackerASP - 'sitedetails.asp?siteid' SQL Injection
by R3d-D3V!L
CVE-2009-4384 EXPLOITDB text VERIFIED
Scriptsez Ez Poll Hoster - Cross-Site Scripting via pid or uid Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net Ez Poll Hoster (EPH) allow remote attackers to inject arbitrary web script or HTML via the (1) pid parameter in a code action to index.php and the (2) uid parameter in a view action to profile.php.
by Milos Zivanovic
EIP-2026-119400 EXPLOITDB text VERIFIED
Maxs AJAX File Uploader - Arbitrary File Upload
by ViRuSMaN
CVE-2009-4351 EXPLOITDB text VERIFIED
WSCreator 1.1 - SQL Injection via Email Parameter
SQL injection vulnerability in ADMIN/loginaction.php in WSCreator 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the Email (aka username) parameter.
by Salvatore Fresta
EIP-2026-112770 EXPLOITDB text
Traidnt Discovery - Cross-Site Request Forgery (Create Staff Account)
by G0D-F4Th3r
EIP-2026-112634 EXPLOITDB text VERIFIED
The Next Generation of Genealogy Sitebuilding - 'searchform.php' Cross-Site Scripting
by bi0
By Source
All 31,346 Writeup 60,504 Exploitdb 50,014 Nomisec 21,956 Metasploit 3,232 Github 2,974 Vulncheck_xdb 909 Inthewild 514 Gitlab 443 Gitee 415 Patchapalooza 312
By Language
text 31,346 python 6,224 ruby 5,922 c 3,592 perl 2,849 html 2,056 php 1,327 bash 460 java 364 c++ 252 javascript 220 shell 101 go 64 postscript 25 xml 24