Exploitdb Exploits

31,346 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-4827 EXPLOITDB text VERIFIED
Mail Manager Pro - Cross-Site Request Forgery via Admin Password Change
Cross-site request forgery (CSRF) vulnerability in admin.php in Mail Manager Pro allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a change action.
by Milos Zivanovic
CVE-2008-1985 EXPLOITDB text VERIFIED
DigitalHive 2.0 RC2 - Cross-Site Scripting via mt Parameter
Cross-site scripting (XSS) vulnerability in base.php in DigitalHive 2.0 RC2 allows remote attackers to inject arbitrary web script or HTML via the mt parameter, possibly related to membres.php.
by ViRuSMaN
CVE-2008-7248 EXPLOITDB text VERIFIED
Ruby on Rails <2.1.3 & <2.2.2 - CSRF
Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain.
by p0deje
CVE-2009-4462 EXPLOITDB text VERIFIED
NetBiterConfig <1.3.0 - Buffer Overflow
Stack-based buffer overflow in the NetBiterConfig utility (NetBiterConfig.exe) 1.3.0 for Intellicom NetBiter WebSCADA allows remote attackers to execute arbitrary code via a long hn (hostname) parameter in a crafted HICP-protocol UDP packet.
by Ruben Santamarta
EIP-2026-100508 EXPLOITDB text
Quartz Concept Content Manager 3.00 - Authentication Bypass
by Mr.aFiR
EIP-2026-114583 EXPLOITDB text VERIFIED
Zeecareers 2.0 - Cross-Site Scripting / Authentication Bypass
by bi0
EIP-2026-114386 EXPLOITDB text VERIFIED
WS Interactive Automne 4.0 - '228-recherche.php' Cross-Site Scripting
by loneferret
CVE-2006-6377 EXPLOITDB text VERIFIED
Uploadscript <1.2 - Info Disclosure
Uploadscript 1.2 and earlier stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain the admin password hash via a direct request for /password.txt.
by Mr.aFiR
EIP-2026-112391 EXPLOITDB text VERIFIED
SpireCMS 2.0 - SQL Injection
by Dr.0rYX & Cr3W-DZ
EIP-2026-111291 EXPLOITDB text VERIFIED
Piwigo 2.0.6 - Multiple Vulnerabilities
by mr_me
EIP-2026-109536 EXPLOITDB text VERIFIED
Model Agency Manager - 'search_process.php' Cross-Site Scripting
by bi0
EIP-2026-108582 EXPLOITDB text
Joomla! Component com_virtuemart 1.0 - 'Product_ID' SQL Injection
by SOA Crew
CVE-2009-4431 EXPLOITDB text
com_jcalpro 1.5.3.6 - Remote Code Execution via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in cal_popup.php in the Anything Digital Development JCal Pro (aka com_jcalpro or JCP) component 1.5.3.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
by kaMtiEz
EIP-2026-107891 EXPLOITDB text VERIFIED
Interspire Shopping Cart - Full Path Disclosure
by Mr.aFiR
EIP-2026-107258 EXPLOITDB text VERIFIED
Frog CMS 0.9.5 - Cross-Site Request Forgery
by Milos Zivanovic
EIP-2026-106819 EXPLOITDB text VERIFIED
Ele Medios CMS - SQL Injection
by Dr.0rYX & Cr3W-DZ
EIP-2026-105831 EXPLOITDB text VERIFIED
Chipmunk Board Script 1.x - Multiple Cross-Site Request Forgery Vulnerabilities
by Milos Zivanovic
CVE-2009-4905 EXPLOITDB text
Acc Statistics 1.1 - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Acc Statistics 1.1 allow remote attackers to hijack the authentication of administrators for requests that change (1) passwords, (2) usernames, and (3) e-mail addresses.
by Milos Zivanovic
CVE-2009-4906 EXPLOITDB text
Acc PHP eMail 1.1 - Cross-Site Request Forgery in Password Change
Cross-site request forgery (CSRF) vulnerability in index.php in Acc PHP eMail 1.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords.
by bi0
EIP-2026-104903 EXPLOITDB text VERIFIED
Acc Auto Dealer Script 5.0 - Persistent Cross-Site Scripting / SQL Backup
by bi0
EIP-2026-114584 EXPLOITDB text VERIFIED
ZeeCareers 2.x - PHP HR Manager Website (Cross-Site Scripting / Authentication Bypass)
by bi0
EIP-2026-109490 EXPLOITDB text VERIFIED
Miniweb 2.0 - Full Path Disclosure
by Salvatore Fresta
CVE-2009-5018 EXPLOITDB text VERIFIED
gif2png <= 2.5.3 - Stack-based Buffer Overflow via Long Command-line Argument
Stack-based buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to execute arbitrary code via a long command-line argument, as demonstrated by a CGI program that launches gif2png.
by Razuel Akaharnath
EIP-2026-119352 EXPLOITDB text VERIFIED
Billwerx RC 3.1 - Multiple Vulnerabilities
by mr_me
CVE-2008-6498 EXPLOITDB text VERIFIED
XAMPP 1.6.8 - Cross-Site Request Forgery via xampppasswd Parameter
Cross-site request forgery (CSRF) vulnerability in security/xamppsecurity.php in XAMPP 1.6.8 allows remote attackers to hijack the authentication of users for requests that change a certain .htaccess password via the xampppasswd parameter.
by bi0
By Source
All 31,346 Writeup 60,504 Exploitdb 50,014 Nomisec 21,956 Metasploit 3,232 Github 2,974 Vulncheck_xdb 909 Inthewild 514 Gitlab 443 Gitee 415 Patchapalooza 312
By Language
text 31,346 python 6,224 ruby 5,922 c 3,592 perl 2,849 html 2,056 php 1,327 bash 460 java 364 c++ 252 javascript 220 shell 101 go 64 postscript 25 xml 24