Exploitdb Exploits

31,357 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-3246 EXPLOITDB text VERIFIED
MyBuxScript PTC-BUX - SQL Injection via spnews.php id Parameter
SQL injection vulnerability in spnews.php in MyBuxScript PTC-BUX allows remote attackers to execute arbitrary SQL commands via the id parameter in an spnews action to the default URI. NOTE: some of these details are obtained from third party information.
by HxH
EIP-2026-109541 EXPLOITDB text VERIFIED
Modern Script 5.0 - 'index.php?s' SQL Injection
by Red-D3v1L
EIP-2026-109507 EXPLOITDB text VERIFIED
MKPortal 1.x - Multiple BBCode HTML Injection Vulnerabilities
by Inj3ct0r
EIP-2026-109506 EXPLOITDB text VERIFIED
MKPortal 1.x (Multiple Modules) - Cross-Site Scripting
by Inj3ct0r
CVE-2009-3260 EXPLOITDB text VERIFIED
LiveStreet 0.2 - Cross-Site Scripting via Topic Header in Comment
Cross-site scripting (XSS) vulnerability in LiveStreet 0.2 allows remote attackers to inject arbitrary web script or HTML via the header of the topic in a comment.
by Inj3ct0r
CVE-2009-3256 EXPLOITDB text VERIFIED
LiveStreet 0.2 - Cross-Site Scripting via URI Parameter
Cross-site scripting (XSS) vulnerability in include/ajax/blogInfo.php in LiveStreet 0.2 allows remote attackers to inject arbitrary web script or HTML via the URI, as demonstrated by a SCRIPT element in an arbitrary parameter such as the asd parameter.
by Inj3ct0r
CVE-2009-3059 EXPLOITDB text VERIFIED
Allpublication Jboard < 2.0 - SQL Injection
Multiple SQL injection vulnerabilities in Joker Board (aka JBoard) 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) core/select.php or (2) the city parameter to top_add.inc.php, reachable through sboard.php.
by Inj3ct0r
EIP-2026-106647 EXPLOITDB text VERIFIED
e-Soft24 PTC Script 1.2 - 'login.php' Multiple Cross-Site Scripting Vulnerabilities
by 599eme Man
EIP-2026-106645 EXPLOITDB text VERIFIED
e-Soft24 Jokes Portal Script Seo 1.0 - Multiple Cross-Site Scripting Vulnerabilities
by 599eme Man
EIP-2026-106644 EXPLOITDB text VERIFIED
e-Soft24 Flash Games Script 1.0 - Cross-Site Scripting
by 599eme Man
EIP-2026-106643 EXPLOITDB text VERIFIED
e-soft24 Article Directory Script - 'q' Cross-Site Scripting
by 599eme Man
CVE-2009-3153 EXPLOITDB text VERIFIED
x10 MP3 Search Engine 1.6.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in x10 MP3 Search engine 1.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, id parameter to (3) templates/header1.php and (4) mp3/lyrics.php, key parameter to (5) video_listing.php and (6) adult/video_listing.php, and name parameter to (7) mp3/embed.php and (8) mp3/info.php.
by Moudi
CVE-2009-3153 EXPLOITDB text VERIFIED
x10 MP3 Search Engine 1.6.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in x10 MP3 Search engine 1.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, id parameter to (3) templates/header1.php and (4) mp3/lyrics.php, key parameter to (5) video_listing.php and (6) adult/video_listing.php, and name parameter to (7) mp3/embed.php and (8) mp3/info.php.
by Moudi
CVE-2009-3153 EXPLOITDB text VERIFIED
x10 MP3 Search Engine 1.6.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in x10 MP3 Search engine 1.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, id parameter to (3) templates/header1.php and (4) mp3/lyrics.php, key parameter to (5) video_listing.php and (6) adult/video_listing.php, and name parameter to (7) mp3/embed.php and (8) mp3/info.php.
by Moudi
CVE-2009-3153 EXPLOITDB text VERIFIED
x10 MP3 Search Engine 1.6.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in x10 MP3 Search engine 1.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, id parameter to (3) templates/header1.php and (4) mp3/lyrics.php, key parameter to (5) video_listing.php and (6) adult/video_listing.php, and name parameter to (7) mp3/embed.php and (8) mp3/info.php.
by Moudi
CVE-2009-3153 EXPLOITDB text VERIFIED
x10 MP3 Search Engine 1.6.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in x10 MP3 Search engine 1.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, id parameter to (3) templates/header1.php and (4) mp3/lyrics.php, key parameter to (5) video_listing.php and (6) adult/video_listing.php, and name parameter to (7) mp3/embed.php and (8) mp3/info.php.
by Moudi
CVE-2009-3153 EXPLOITDB text VERIFIED
x10 MP3 Search Engine 1.6.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in x10 MP3 Search engine 1.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, id parameter to (3) templates/header1.php and (4) mp3/lyrics.php, key parameter to (5) video_listing.php and (6) adult/video_listing.php, and name parameter to (7) mp3/embed.php and (8) mp3/info.php.
by Moudi
CVE-2009-3153 EXPLOITDB text VERIFIED
x10 MP3 Search Engine 1.6.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in x10 MP3 Search engine 1.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, id parameter to (3) templates/header1.php and (4) mp3/lyrics.php, key parameter to (5) video_listing.php and (6) adult/video_listing.php, and name parameter to (7) mp3/embed.php and (8) mp3/info.php.
by Moudi
CVE-2009-3153 EXPLOITDB text VERIFIED
x10 MP3 Search Engine 1.6.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in x10 MP3 Search engine 1.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, id parameter to (3) templates/header1.php and (4) mp3/lyrics.php, key parameter to (5) video_listing.php and (6) adult/video_listing.php, and name parameter to (7) mp3/embed.php and (8) mp3/info.php.
by Moudi
CVE-2009-4717 EXPLOITDB text VERIFIED
Gonafish WebStatCaffe - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Gonafish WebStatCaffe allow remote attackers to inject arbitrary web script or HTML via the (1) host parameter to stat/host.php, nodayshow parameter to (2) mostvisitpage.php and (3) visitorduration.php in stat/, (4) nopagesmost parameter to stat/mostvisitpagechart.php, and date parameter to (5) pageviewers.php, (6) pageviewerschart.php, and (7) referer.php in stat/.
by Moudi
CVE-2009-4717 EXPLOITDB text VERIFIED
Gonafish WebStatCaffe - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Gonafish WebStatCaffe allow remote attackers to inject arbitrary web script or HTML via the (1) host parameter to stat/host.php, nodayshow parameter to (2) mostvisitpage.php and (3) visitorduration.php in stat/, (4) nopagesmost parameter to stat/mostvisitpagechart.php, and date parameter to (5) pageviewers.php, (6) pageviewerschart.php, and (7) referer.php in stat/.
by Moudi
CVE-2009-4717 EXPLOITDB text VERIFIED
Gonafish WebStatCaffe - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Gonafish WebStatCaffe allow remote attackers to inject arbitrary web script or HTML via the (1) host parameter to stat/host.php, nodayshow parameter to (2) mostvisitpage.php and (3) visitorduration.php in stat/, (4) nopagesmost parameter to stat/mostvisitpagechart.php, and date parameter to (5) pageviewers.php, (6) pageviewerschart.php, and (7) referer.php in stat/.
by Moudi
CVE-2009-4717 EXPLOITDB text VERIFIED
Gonafish WebStatCaffe - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Gonafish WebStatCaffe allow remote attackers to inject arbitrary web script or HTML via the (1) host parameter to stat/host.php, nodayshow parameter to (2) mostvisitpage.php and (3) visitorduration.php in stat/, (4) nopagesmost parameter to stat/mostvisitpagechart.php, and date parameter to (5) pageviewers.php, (6) pageviewerschart.php, and (7) referer.php in stat/.
by Moudi
CVE-2009-4717 EXPLOITDB text VERIFIED
Gonafish WebStatCaffe - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Gonafish WebStatCaffe allow remote attackers to inject arbitrary web script or HTML via the (1) host parameter to stat/host.php, nodayshow parameter to (2) mostvisitpage.php and (3) visitorduration.php in stat/, (4) nopagesmost parameter to stat/mostvisitpagechart.php, and date parameter to (5) pageviewers.php, (6) pageviewerschart.php, and (7) referer.php in stat/.
by Moudi
CVE-2009-4717 EXPLOITDB text VERIFIED
Gonafish WebStatCaffe - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Gonafish WebStatCaffe allow remote attackers to inject arbitrary web script or HTML via the (1) host parameter to stat/host.php, nodayshow parameter to (2) mostvisitpage.php and (3) visitorduration.php in stat/, (4) nopagesmost parameter to stat/mostvisitpagechart.php, and date parameter to (5) pageviewers.php, (6) pageviewerschart.php, and (7) referer.php in stat/.
by Moudi
By Source
All 31,357 Writeup 60,527 Exploitdb 50,033 Nomisec 21,980 Metasploit 3,232 Github 2,994 Vulncheck_xdb 909 Inthewild 514 Gitlab 451 Gitee 415 Patchapalooza 312
By Language
text 31,357 python 6,238 ruby 5,922 c 3,593 perl 2,850 html 2,059 php 1,327 bash 460 java 364 c++ 253 javascript 220 shell 101 go 65 postscript 25 xml 24