Exploitdb Exploits

31,357 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-3970 EXPLOITDB text VERIFIED
PHP Dir Submit - Authenticated SQL Injection via aid Parameter
SQL injection vulnerability in index.php in PHP Dir Submit (aka WebsiteSubmitter or Submitter Script) allows remote authenticated users to execute arbitrary SQL commands via the aid parameter in a showarticle action.
by Mr.tro0oqy
CVE-2009-3965 EXPLOITDB text VERIFIED
New 5 Star Rating 1.0 - SQL Injection
SQL injection vulnerability in rating.php in New 5 star Rating 1.0 allows remote attackers to execute arbitrary SQL commands via the det parameter.
by Bgh7
CVE-2009-3975 EXPLOITDB text VERIFIED
Moa Gallery 1.1.0 and 1.2.0 - SQL Injection via gallery_id Parameter
SQL injection vulnerability in index.php in Moa Gallery 1.1.0 and 1.2.0 allows remote attackers to execute arbitrary SQL commands via the gallery_id parameter in a gallery_view action.
by Mr.tro0oqy
CVE-2009-4961 EXPLOITDB text VERIFIED
lanai-core 0.6 - Exposure of Sensitive Information via info.php
Lanai Core 0.6 allows remote attackers to obtain configuration information via a direct request to info.php, which calls the phpinfo function.
by Khashayar Fereidani
CVE-2009-3964 EXPLOITDB text VERIFIED
com_ninjamonials 1.1.0 - SQL Injection via testimID Parameter
SQL injection vulnerability in the NinjaMonials (com_ninjacentral) component 1.1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the testimID parameter in a display action to index.php.
by Chip d3 bi0s
CVE-2009-3971 EXPLOITDB text VERIFIED
jtips com_jtips - SQL Injection via Season Parameter
SQL injection vulnerability in the jTips (com_jtips) component 1.0.7 and 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the season parameter in a ladder action to index.php.
by Chip d3 bi0s
EIP-2026-107679 EXPLOITDB text VERIFIED
humanCMS - Authentication Bypass
by next
EIP-2026-107370 EXPLOITDB text VERIFIED
Geeklog 1.6.0sr1 - Arbitrary File Upload
by JaL0h
CVE-2009-2960 EXPLOITDB text VERIFIED
CuteFlow 2.10.3 and 2.11.0_c - Unauthenticated User Account Modification via Direct Request
CuteFlow 2.10.3 and 2.11.0_c does not properly restrict access to pages/edituser.php, which allows remote attackers to modify usernames and passwords via a direct request.
by Hever Costa Rocha
CVE-2009-3966 EXPLOITDB text VERIFIED
Arcade Trade Script 1.0 - Auth Bypass
Arcade Trade Script 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLoggedIn cookie to true.
by Mr.tro0oqy
EIP-2026-103766 EXPLOITDB text VERIFIED
BSD (Multiple Distributions) - 'setusercontext()' Multiple Vulnerabilities
by kingcope
EIP-2026-101383 EXPLOITDB text VERIFIED
Netgear WNR2000 FW 1.2.0.8 - Information Disclosure
by Jean Trolleur
EIP-2026-101312 EXPLOITDB text VERIFIED
Huawei SmartAX MT880 - Multiple Cross-Site Request Forgery Vulnerabilities
by Jerome Athias
EIP-2026-103536 EXPLOITDB text VERIFIED
Live For Speed S2 - Duplicate Join Packet Remote Denial of Service
by Luigi Auriemma
CVE-2009-4689 EXPLOITDB text VERIFIED
PHP Shopping Cart Selling Website Script - SQL Injection
SQL injection vulnerability in index.php in PHP Shopping Cart Selling Website Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by 599eme Man
CVE-2009-4688 EXPLOITDB text VERIFIED
PHP Shopping Cart Selling Website Script - XSS
Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Shopping Cart Selling Website Script allow remote attackers to inject arbitrary web script or HTML via the (1) txtkeywords and (2) cid parameters.
by 599eme Man
CVE-2009-2588 EXPLOITDB text VERIFIED
Hotscripts Type PHP Clone Script - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Hotscripts Type PHP Clone Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) feedback.php, (2) index.php, and (3) lostpassword.php.
by Moudi
CVE-2009-2588 EXPLOITDB text VERIFIED
Hotscripts Type PHP Clone Script - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Hotscripts Type PHP Clone Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) feedback.php, (2) index.php, and (3) lostpassword.php.
by Moudi
CVE-2009-2588 EXPLOITDB text VERIFIED
Hotscripts Type PHP Clone Script - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Hotscripts Type PHP Clone Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) feedback.php, (2) index.php, and (3) lostpassword.php.
by Moudi
CVE-2009-2890 EXPLOITDB text VERIFIED
PHP Scripts Now Riddles - Cross-Site Scripting via Search Query Parameter
Cross-site scripting (XSS) vulnerability in results.php in PHP Scripts Now Riddles allows remote attackers to inject arbitrary web script or HTML via the searchquery parameter.
by Moudi
CVE-2009-2891 EXPLOITDB text VERIFIED
PHP Scripts Now Riddles - SQL Injection via list.php catid Parameter
SQL injection vulnerability in list.php in PHP Scripts Now Riddles allows remote attackers to execute arbitrary SQL commands via the catid parameter.
by Moudi
CVE-2009-2586 EXPLOITDB text VERIFIED
EDGEPHP EZArticles - Cross-Site Scripting via Title Parameter
Cross-site scripting (XSS) vulnerability in articles.php in EDGEPHP EZArticles allows remote attackers to inject arbitrary web script or HTML via the title parameter.
by Moudi
CVE-2009-3202 EXPLOITDB text VERIFIED
uloki_php_forum 2.1 - Cross-Site Scripting via Search Term Parameter
Cross-site scripting (XSS) vulnerability in search.php in ULoKI PHP Forum 2.1 allows remote attackers to inject arbitrary web script or HTML via the term parameter.
by Moudi
CVE-2009-1879 EXPLOITDB text VERIFIED
Adobe Flex SDK < 3.4 - Cross-Site Scripting via Query String in index.template.html
Cross-site scripting (XSS) vulnerability in index.template.html in the express-install templates in the SDK in Adobe Flex before 3.4, when the installed Flash version is older than a specified requiredMajorVersion value, allows remote attackers to inject arbitrary web script or HTML via the query string.
by Adam Bixby
CVE-2009-0445 EXPLOITDB text VERIFIED
Dreampics Gallery Builder - SQL Injection
SQL injection vulnerability in index.php in Dreampics Gallery Builder allows remote attackers to execute arbitrary SQL commands via the exhibition_id parameter in a gallery.viewPhotos action.
by Mr.SQL
By Source
All 31,357 Writeup 60,527 Exploitdb 50,033 Nomisec 21,980 Metasploit 3,232 Github 2,994 Vulncheck_xdb 909 Inthewild 514 Gitlab 451 Gitee 415 Patchapalooza 312
By Language
text 31,357 python 6,238 ruby 5,922 c 3,593 perl 2,850 html 2,059 php 1,327 bash 460 java 364 c++ 253 javascript 220 shell 101 go 65 postscript 25 xml 24