Exploitdb Exploits

31,357 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-101141 EXPLOITDB text VERIFIED
2WIRE Gateway - Authentication Bypass / Password Reset (1)
by hkm
CVE-2009-3020 EXPLOITDB text VERIFIED
Windows Server 2003 SP2 - Denial of Service via Crafted EOT Font File
win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information.
by webDEViL
CVE-2009-2762 EXPLOITDB text VERIFIED
WordPress < 2.8.3 - Unauthenticated Password Reset via Array Parameter Bypass
wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to force a password reset for the first user in the database, possibly the administrator, via a key[] array variable in a resetpass (aka rp) action, which bypasses a check that assumes that $key is not an array.
by laurent gaffié
CVE-2009-3042 EXPLOITDB text VERIFIED
ocs_inventory_ng 1.02.1 - SQL Injection via machine.php systemid Parameter
SQL injection vulnerability in machine.php in Open Computer and Software (OCS) Inventory NG 1.02.1 allows remote attackers to execute arbitrary SQL commands via the systemid parameter, a different vector than CVE-2009-3040.
by Guilherme Marinheiro
CVE-2009-3417 EXPLOITDB text VERIFIED
IDoBlog 1.1 build 30 - SQL Injection via Userid Parameter
SQL injection vulnerability in the IDoBlog (com_idoblog) component 1.1 build 30 for Joomla! allows remote attackers to execute arbitrary SQL commands via the userid parameter in a profile action to index.php, a different vector than CVE-2008-2627.
by kkr
CVE-2009-2195 EXPLOITDB text VERIFIED
Apple Safari < 4.0.3 - Remote Code Execution via Crafted Floating-Point Numbers
Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers.
by Apple
CVE-2009-4548 EXPLOITDB text VERIFIED
ViArt Helpdesk 3.x - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ViArt Helpdesk 3.x allow remote attackers to inject arbitrary web script or HTML via the category_id parameter to (1) products.php, (2) article.php, (3) product_details.php, or (4) reviews.php; the (5) forum_id parameter to forum.php; or the (6) search_category_id parameter to products_search.php.
by Moudi
CVE-2009-4548 EXPLOITDB text VERIFIED
ViArt Helpdesk 3.x - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ViArt Helpdesk 3.x allow remote attackers to inject arbitrary web script or HTML via the category_id parameter to (1) products.php, (2) article.php, (3) product_details.php, or (4) reviews.php; the (5) forum_id parameter to forum.php; or the (6) search_category_id parameter to products_search.php.
by Moudi
CVE-2009-4548 EXPLOITDB text VERIFIED
ViArt Helpdesk 3.x - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ViArt Helpdesk 3.x allow remote attackers to inject arbitrary web script or HTML via the category_id parameter to (1) products.php, (2) article.php, (3) product_details.php, or (4) reviews.php; the (5) forum_id parameter to forum.php; or the (6) search_category_id parameter to products_search.php.
by Moudi
CVE-2009-4548 EXPLOITDB text VERIFIED
ViArt Helpdesk 3.x - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ViArt Helpdesk 3.x allow remote attackers to inject arbitrary web script or HTML via the category_id parameter to (1) products.php, (2) article.php, (3) product_details.php, or (4) reviews.php; the (5) forum_id parameter to forum.php; or the (6) search_category_id parameter to products_search.php.
by Moudi
CVE-2009-4548 EXPLOITDB text VERIFIED
ViArt Helpdesk 3.x - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ViArt Helpdesk 3.x allow remote attackers to inject arbitrary web script or HTML via the category_id parameter to (1) products.php, (2) article.php, (3) product_details.php, or (4) reviews.php; the (5) forum_id parameter to forum.php; or the (6) search_category_id parameter to products_search.php.
by Moudi
CVE-2009-4548 EXPLOITDB text VERIFIED
ViArt Helpdesk 3.x - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ViArt Helpdesk 3.x allow remote attackers to inject arbitrary web script or HTML via the category_id parameter to (1) products.php, (2) article.php, (3) product_details.php, or (4) reviews.php; the (5) forum_id parameter to forum.php; or the (6) search_category_id parameter to products_search.php.
by Moudi
CVE-2009-4547 EXPLOITDB text VERIFIED
ViArt CMS 3.x - Cross-Site Scripting via category_id or forum_id Parameter
Multiple cross-site scripting (XSS) vulnerabilities in ViArt CMS 3.x allow remote attackers to inject arbitrary web script or HTML via the (1) category_id parameter to forums.php, or the forum_id parameter to (2) forum.php or (3) forum_topic_new.php.
by Moudi
CVE-2009-4547 EXPLOITDB text VERIFIED
ViArt CMS 3.x - Cross-Site Scripting via category_id or forum_id Parameter
Multiple cross-site scripting (XSS) vulnerabilities in ViArt CMS 3.x allow remote attackers to inject arbitrary web script or HTML via the (1) category_id parameter to forums.php, or the forum_id parameter to (2) forum.php or (3) forum_topic_new.php.
by Moudi
CVE-2009-4547 EXPLOITDB text VERIFIED
ViArt CMS 3.x - Cross-Site Scripting via category_id or forum_id Parameter
Multiple cross-site scripting (XSS) vulnerabilities in ViArt CMS 3.x allow remote attackers to inject arbitrary web script or HTML via the (1) category_id parameter to forums.php, or the forum_id parameter to (2) forum.php or (3) forum_topic_new.php.
by Moudi
CVE-2009-4858 EXPLOITDB text VERIFIED
Yahoo Answers Clone - Cross-Site Scripting via questionid Parameter
Cross-site scripting (XSS) vulnerability in questiondetail.php in Yahoo Answers Clone allows remote attackers to inject arbitrary web script or HTML via the questionid parameter.
by Moudi
EIP-2026-112498 EXPLOITDB text VERIFIED
SupportPRO SupportDesk 3.0 - 'shownews.php' Cross-Site Scripting
by Moudi
CVE-2007-1231 EXPLOITDB text VERIFIED
SQLiteManager 1.2.0 - Cross-Site Scripting via Database and Table Name Fields
Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) database name, (2) table name, (3) ViewName, (4) view, (5) trigger, and (6) function fields in main.php and certain other files.
by Hadi Kiamarsi
EIP-2026-112255 EXPLOITDB text VERIFIED
SmilieScript 1.0 - Authentication Bypass
by Mr.tro0oqy
EIP-2026-110472 EXPLOITDB text VERIFIED
Papoo CMS 3.7.3 - (Authenticated) Arbitrary Code Execution
by RedTeam Pentesting
EIP-2026-110470 EXPLOITDB text VERIFIED
Papoo 3.x - Upload Images Arbitrary File Upload
by RedTeam Pentesting GmbH
CVE-2009-4540 EXPLOITDB text VERIFIED
Mini CMS 1.0.1 - SQL Injection via Page ID Parameter
SQL injection vulnerability in page.php in Mini CMS 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Ins3t
CVE-2009-4868 EXPLOITDB text VERIFIED
Hitron Soft Answer Me 1.0 - Cross-Site Scripting via q_id Parameter
Cross-site scripting (XSS) vulnerability in Hitron Soft Answer Me 1.0 allows remote attackers to inject arbitrary web script or HTML via the q_id parameter to the answers script (aka answers.php). NOTE: some of these details are obtained from third party information.
by Moudi
EIP-2026-105980 EXPLOITDB text VERIFIED
CMS Made Simple 1.6.2 - Local File Disclosure
by IHTeam
EIP-2026-100468 EXPLOITDB text VERIFIED
Online Work Order Suite Lite Edition - Multiple Cross-Site Scripting Vulnerabilities
by Moudi
By Source
All 31,357 Writeup 60,534 Exploitdb 50,033 Nomisec 21,981 Metasploit 3,232 Github 2,997 Vulncheck_xdb 909 Inthewild 514 Gitlab 451 Gitee 415 Patchapalooza 312
By Language
text 31,357 python 6,238 ruby 5,922 c 3,594 perl 2,850 html 2,059 php 1,327 bash 460 java 364 c++ 253 javascript 220 shell 101 go 65 postscript 25 xml 24