Exploitdb Exploits

31,346 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-112610 EXPLOITDB text VERIFIED
Text Exchange Pro - Cross-Site Request Forgery (Add Admin)
by bi0
EIP-2026-112594 EXPLOITDB text VERIFIED
TenderSystem 0.9.5 - 'main.php' Multiple Local File Inclusions
by Packetdeath
EIP-2026-112593 EXPLOITDB text VERIFIED
Tender System 0.9.5b - Local File Inclusion
by Packetdeath
CVE-2007-0518 EXPLOITDB text VERIFIED
Scriptsez Smart PHP Subscriber - Info Disclosure
Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain encoded passwords via a direct request for pwd.txt.
by Milos Zivanovic
CVE-2009-4382 EXPLOITDB text VERIFIED
phpfaber Content Management System - Cross-Site Scripting via mod Parameter
Cross-site scripting (XSS) vulnerability in module.php in PHPFABER CMS, possibly 1.3.36, allows remote attackers to inject arbitrary web script or HTML via the mod parameter.
by bi0
CVE-2009-4826 EXPLOITDB text
ScriptsEz Mini Hosting Panel - Cross-Site Request Forgery via Admin Panel Action
Cross-site request forgery (CSRF) vulnerability in hosting/admin_ac.php in ScriptsEz Mini Hosting Panel allows remote attackers to hijack the authentication of administrators for requests that alter administrative settings via a cp action.
by Milos Zivanovic
CVE-2009-4381 EXPLOITDB text VERIFIED
texmedia Million Pixel Script 3 - Cross-Site Scripting via pa Parameter
Cross-site scripting (XSS) vulnerability in index.php in texmedia Million Pixel Script 3 allows remote attackers to inject arbitrary web script or HTML via the pa parameter. NOTE: some of these details are obtained from third party information.
by bi0
CVE-2009-4349 EXPLOITDB text VERIFIED
Link Up Gold 5.0 - Cross-Site Request Forgery in Administrative Account Creation
Cross-site request forgery (CSRF) vulnerability in administration/administrators.php in Link Up Gold 5.0 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.
by bi0
EIP-2026-106999 EXPLOITDB text VERIFIED
Ez Poll Hoster - Multiple Cross-Site Scripting Vulnerabilities
by Milos Zivanovic
CVE-2009-4385 EXPLOITDB text VERIFIED
Scriptsez.net Ez Poll Hoster - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Scriptsez.net Ez Poll Hoster (EPH) allow remote attackers to (1) hijack the authentication of arbitrary users for requests that delete polls via the delete_poll action to index.php; and hijack the authentication of administrators for requests that (2) delete users via the manage action to admin.php, or (3) send arbitrary email to arbitrary users in the email action to admin.php.
by Milos Zivanovic
EIP-2026-106997 EXPLOITDB text
Ez Guestbook 1.0 - Multiple Vulnerabilities
by Milos Zivanovic
EIP-2026-106995 EXPLOITDB text VERIFIED
Ez Cart - 'sid' Cross-Site Scripting
by anti-gov
EIP-2026-106994 EXPLOITDB text VERIFIED
Ez Cart - 'index.php' Cross-Site Scripting
by anti-gov
CVE-2009-4319 EXPLOITDB text VERIFIED
eocms < 0.9.03 - Remote Code Execution via BBCODE_path Parameter
PHP remote file inclusion vulnerability in js/bbcodepress/bbcode-form.php in eoCMS 0.9.03 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BBCODE_path parameter.
by 1nd0n3s14n l4m3r
EIP-2026-106689 EXPLOITDB text VERIFIED
Easy Banner Pro - Cross-Site Request Forgery (Add Admin)
by bi0
EIP-2026-105319 EXPLOITDB text
Automne.ws CMS 4.0.0rc2 - Multiple Remote File Inclusions
by 1nd0n3s14n l4m3r
CVE-2009-4828 EXPLOITDB text VERIFIED
Ad Manager Pro 3.0 - Cross-Site Request Forgery in Admin User Creation
Cross-site request forgery (CSRF) vulnerability in administration/admins.php in Ad Manager Pro (aka AdManagerPro) 3.0 allows remote attackers to hijack the authentication of administrators for requests that create new administrative users via an admin_created action. NOTE: some of these details are obtained from third party information.
by bi0
CVE-2009-4501 EXPLOITDB text VERIFIED
Zabbix < 1.6.8 - Denial of Service via Missing Separators in Request
The zbx_get_next_field function in libs/zbxcommon/str.c in Zabbix Server before 1.6.8 allows remote attackers to cause a denial of service (crash) via a request that lacks expected separators, which triggers a NULL pointer dereference, as demonstrated using the Command keyword.
by Nicob
CVE-2009-4502 EXPLOITDB text VERIFIED
Zabbix Agent <1.6.7 - Command Injection
The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses.
by Nicob
EIP-2026-104412 EXPLOITDB text
Redmine 0.8.6 - Cross-Site Request Forgery (Add Admin)
by p0deje
EIP-2026-104376 EXPLOITDB text VERIFIED
Oracle E-Business Suite - Multiple Vulnerabilities
by Hacktics
EIP-2026-104031 EXPLOITDB text VERIFIED
Oracle E-Business Suite 11i - Multiple Remote Vulnerabilities
by Hacktics
EIP-2026-103347 EXPLOITDB text VERIFIED
[WS] upload - Arbitrary File Upload
by ViRuSMaN
EIP-2026-103301 EXPLOITDB text VERIFIED
NAS Uploader 1.0/1.5 - Arbitrary File Upload
by ViRuSMaN
EIP-2026-103299 EXPLOITDB text VERIFIED
myPHPupload 0.5.1 - Arbitrary File Upload
by ViRuSMaN
By Source
All 31,346 Writeup 60,504 Exploitdb 50,014 Nomisec 21,956 Metasploit 3,232 Github 2,974 Vulncheck_xdb 909 Inthewild 514 Gitlab 443 Gitee 415 Patchapalooza 312
By Language
text 31,346 python 6,224 ruby 5,922 c 3,592 perl 2,849 html 2,056 php 1,327 bash 460 java 364 c++ 252 javascript 220 shell 101 go 64 postscript 25 xml 24