Exploitdb Exploits

31,357 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-3901 EXPLOITDB text VERIFIED
e-Courier CMS - Cross-Site Scripting via UserGUID Parameter
Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to home/index.asp and other unspecified vectors.
by BugsNotHugs
CVE-2009-3709 EXPLOITDB text VERIFIED
Konae Alleycode HTML Editor 2.21 - Stack-Based Buffer Overflow via TITLE Tag
Stack-based buffer overflow in the Meta Content Optimizer in Konae Technologies Alleycode HTML Editor 2.21 allows user-assisted remote attackers to execute arbitrary code via a long value in a TITLE tag.
by Rafael Sousa
CVE-2009-3644 EXPLOITDB text VERIFIED
Soundset (com_soundset) 1.0 - SQL Injection via cat_id Parameter
SQL injection vulnerability in the Soundset (com_soundset) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to index.php.
by kaMtiEz
CVE-2009-3645 EXPLOITDB text VERIFIED
JoomlaCache CB Resume Builder - SQL Injection via group_id Parameter
SQL injection vulnerability in the JoomlaCache CB Resume Builder (com_cbresumebuilder) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the group_id parameter in a group_members action to index.php.
by kaMtiEz
EIP-2026-108232 EXPLOITDB text VERIFIED
Joomla! Component CB Resume Builder - 'group_id' SQL Injection
by kaMtiEz
EIP-2026-101405 EXPLOITDB text VERIFIED
Palm Pre WebOS 1.1 - Remote File Access
by Townsend Ladd Harris
CVE-2009-4743 EXPLOITDB text VERIFIED
AfterLogic WebMail Pro <4.7.10 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in history-storage.aspx in AfterLogic WebMail Pro 4.7.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) HistoryStorageObjectName and (2) HistoryKey parameters.
by Sébastien Duquette
EIP-2026-110909 EXPLOITDB text VERIFIED
PHP168 Template Editor - 'Filename' Directory Traversal
by esnra
EIP-2026-107371 EXPLOITDB text VERIFIED
Geeklog 1.6.0sr2 - Arbitrary File Upload
by JaL0h
EIP-2026-111732 EXPLOITDB text VERIFIED
redcat media - SQL Injection
by s4va
CVE-2009-2898 EXPLOITDB text VERIFIED
SpringSource Hyperic HQ 3.2.x-4.2-beta1 - Authenticated Cross-Site Scripting via Alerts List Description Field
Cross-site scripting (XSS) vulnerability in the Alerts list feature in the web interface in SpringSource Hyperic HQ 3.2.x before 3.2.6.1, 4.0.x before 4.0.3.1, 4.1.x before 4.1.2.1, and 4.2-beta1; Application Management Suite (AMS) 2.0.0.SR3; and tc Server 6.0.20.B allows remote authenticated users to inject arbitrary web script or HTML via the Description field. NOTE: some of these details are obtained from third party information.
by CoreLabs
EIP-2026-118614 EXPLOITDB text VERIFIED
Google Apps - mailto URI handler cross-browser Remote command Execution
by pyrokinesis
CVE-2009-3658 EXPLOITDB HIGH text VERIFIED
AOL SuperBuddy ActiveX Control - Use-After-Free via SetSuperBuddy Method
Use-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control (sb.dll) in America Online (AOL) 9.5.0.1 allows remote attackers to trigger memory corruption or possibly execute arbitrary code via a malformed argument to the SetSuperBuddy method.
by Trotzkista
CVSS 8.8
EIP-2026-104538 EXPLOITDB text VERIFIED
Novell eDirectory 8.8 SP5 - 'dconserv.dlm' Cross-Site Scripting
by Francis Provencher
EIP-2026-115030 EXPLOITDB text VERIFIED
Cerberus FTP server 3.0.6 - Denial of Service
by Francis Provencher
CVE-2009-3489 EXPLOITDB HIGH text VERIFIED
Adobe Photoshop Elements 8.0 - Incorrect Permission Assignment for Critical Resource in Active File Monitor Service
Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 service with an insecure security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command.
by pyrokinesis
CVSS 7.8
CVE-2009-4192 EXPLOITDB text VERIFIED
Interspire Knowledge Manager 5 - Path Traversal
Directory traversal vulnerability in dialog/file_manager.php in Interspire Knowledge Manager 5 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Infected Web
EIP-2026-107139 EXPLOITDB text VERIFIED
Flatpress 0.804 < 0.812.1 - Local File Inclusion
by Giuseppe Fuggiano
EIP-2026-118519 EXPLOITDB text VERIFIED
EnjoySAP 6.4/7.1 - File Overwrite
by sh2kerr
EIP-2026-108677 EXPLOITDB text VERIFIED
Joomla! Component IRCm Basic - SQL Injection
by kaMtiEz
EIP-2026-106659 EXPLOITDB text VERIFIED
e107 0.7.x - CAPTCHA Security Bypass / Cross-Site Scripting
by MustLive
CVE-2009-3642 EXPLOITDB text VERIFIED
FrontRange HEAT 8.01 - SQL Injection via Call Logging Username and Password Parameters
Multiple SQL injection vulnerabilities in the Call Logging feature in FrontRange HEAT 8.01 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
by 0 0
EIP-2026-104756 EXPLOITDB text VERIFIED
PHP 5.3 - 'preg_match()' Full Path Disclosure
by David Vieira-Kurz
EIP-2026-118775 EXPLOITDB text VERIFIED
Mereo Web Server 1.8 - Source Code Disclosure
by Dr_IDE
EIP-2026-109023 EXPLOITDB text VERIFIED
Klonet E-Commerce - 'products.php' SQL Injection
by S3T4N
By Source
All 31,357 Writeup 60,510 Exploitdb 50,033 Nomisec 21,972 Metasploit 3,232 Github 2,984 Vulncheck_xdb 909 Inthewild 514 Gitlab 451 Gitee 415 Patchapalooza 312
By Language
text 31,357 python 6,234 ruby 5,922 c 3,592 perl 2,850 html 2,058 php 1,327 bash 460 java 364 c++ 253 javascript 220 shell 101 go 64 postscript 25 xml 24