Exploitdb Exploits

31,357 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-4983 EXPLOITDB text VERIFIED
Silurus Classifieds 1.0 - Cross-Site Scripting via ID and Keywords Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Silurus Classifieds 1.0 allow remote attackers to inject arbitrary web script or HTML via the ID parameter to (1) category.php and (2) wcategory.php, and the (3) keywords parameter to search.php.
by Moudi
CVE-2009-4983 EXPLOITDB text VERIFIED
Silurus Classifieds 1.0 - Cross-Site Scripting via ID and Keywords Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Silurus Classifieds 1.0 allow remote attackers to inject arbitrary web script or HTML via the ID parameter to (1) category.php and (2) wcategory.php, and the (3) keywords parameter to search.php.
by Moudi
EIP-2026-110755 EXPLOITDB text VERIFIED
PHP Script Forum Hoster - Topic Delete / Cross-Site Scripting
by int_main();
CVE-2009-3162 EXPLOITDB text VERIFIED
Multi Website 1.5 - Cross-Site Scripting via Search Parameter
Cross-site scripting (XSS) vulnerability in Multi Website 1.5 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action to the default URI.
by 599eme Man
CVE-2009-4993 EXPLOITDB text VERIFIED
LM Starmail Paidmail 2.0 - Remote Code Execution via home.php page Parameter
PHP remote file inclusion vulnerability in home.php in LM Starmail Paidmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
by int_main();
EIP-2026-105098 EXPLOITDB text VERIFIED
Alkacon OpenCMS 7.x - Multiple Input Validation Vulnerabilities
by Katie French
EIP-2026-105042 EXPLOITDB text VERIFIED
AJ Auction Pro OOPD 3.0 - 'txtkeyword' Cross-Site Scripting
by 599eme Man
CVE-2009-4984 EXPLOITDB text VERIFIED
Accessories Me PHP Affiliate Script 1.4 - Cross-Site Scripting via Keywords or SearchIndex Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Accessories Me PHP Affiliate Script 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Keywords parameter to search.php and (2) SearchIndex parameter to browse.php.
by Moudi
CVE-2009-4977 EXPLOITDB text VERIFIED
MyBackup 1.4.0 - Authenticated Remote Code Execution via main_content Parameter
PHP remote file inclusion vulnerability in index.php in MyBackup 1.4.0 allows remote authenticated users to execute arbitrary PHP code via a URL in the main_content parameter.
by SirGod
CVE-2009-2735 EXPLOITDB text VERIFIED
sun-jester OpenNews 1.0 - SQL Injection via Username Parameter
SQL injection vulnerability in admin.php in sun-jester OpenNews 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
by SirGod
CVE-2009-2511 EXPLOITDB text VERIFIED
Microsoft Windows <7 - Info Disclosure
Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability."
by Dan Kaminsky
EIP-2026-112597 EXPLOITDB text VERIFIED
tenrok 1.1.0 - File Disclosure / Remote Code Execution
by SirGod
EIP-2026-111413 EXPLOITDB text VERIFIED
Portel 2008 - 'decide.php?patron' Blind SQL Injection
by Chip d3 bi0s
CVE-2009-2736 EXPLOITDB text VERIFIED
sun-jester OpenNews 1.0 - Authenticated PHP Code Injection via Overall Width Field
Static code injection vulnerability in admin.php in sun-jester OpenNews 1.0 allows remote authenticated administrators to inject arbitrary PHP code into config.php via the "Overall Width" field in a setconfig action.
by SirGod
CVE-2009-4978 EXPLOITDB text VERIFIED
MyBackup 1.4.0 - Path Traversal via Filename Parameter
Directory traversal vulnerability in down.php in MyBackup 1.4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
by SirGod
CVE-2009-4982 EXPLOITDB text VERIFIED
Irokez CMS 0.7.1 - SQL Injection via PATH_INFO
SQL injection vulnerability in the select function in Irokez CMS 0.7.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to the default URI.
by Ins3t
CVE-2009-4989 EXPLOITDB text VERIFIED
aj_auction_pro-oopd 3.0 - Cross-Site Scripting via txtkeyword Parameter
Cross-site scripting (XSS) vulnerability in index.php in AJ Auction Pro OOPD 3.0 allows remote attackers to inject arbitrary web script or HTML via the txtkeyword parameter in a search action.
by 599eme Man
CVE-2009-4985 EXPLOITDB text VERIFIED
Accessories Me PHP Affiliate Script 1.4 - SQL Injection via Go Parameter
SQL injection vulnerability in browse.php in Accessories Me PHP Affiliate Script 1.4 allows remote attackers to execute arbitrary SQL commands via the Go parameter.
by Moudi
EIP-2026-112027 EXPLOITDB text VERIFIED
ShopMaker CMS 2.0 - Blind SQL Injection / Local File Inclusion
by PLATEN
CVE-2009-2921 EXPLOITDB text VERIFIED
MOC Designs PHP News 1.1 - SQL Injection via User or Password Field
Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP News 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) newsuser parameter (User field) and (2) newspassword parameter (Password field).
by SirGod
CVE-2009-4986 EXPLOITDB text VERIFIED
In-Portal 4.3.1 - Path Traversal via Env Parameter
Directory traversal vulnerability in index.php in In-Portal 4.3.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the env parameter.
by Angela Chang
CVE-2009-3149 EXPLOITDB text VERIFIED
Elgg 1.5 - Path Traversal via js Parameter
Directory traversal vulnerability in _css/js.php in Elgg 1.5, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the js parameter. NOTE: some of these details are obtained from third party information.
by eLwaux
CVE-2009-2579 EXPLOITDB text VERIFIED
CS-Cart < 2.0.6 - Authenticated SQL Injection via Reward Points sort_order Parameter
SQL injection vulnerability in reward_points.post.php in the Reward points addon in CS-Cart before 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sort_order parameter in a reward_points.userlog action to index.php, a different vulnerability than CVE-2005-4429.2.
by Ryan Dewhurst
EIP-2026-100873 EXPLOITDB text VERIFIED
Perl$hop E-Commerce Script - Trust Boundary Input Parameter Injection
by Shadow
CVE-2009-4551 EXPLOITDB text VERIFIED
Miniweb 2.0 - SQL Injection via Survey Pro Campaign ID Parameter
SQL injection vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the campaign_id parameter in a results action to index.php.
by Moudi
By Source
All 31,357 Writeup 60,534 Exploitdb 50,033 Nomisec 21,981 Metasploit 3,232 Github 2,997 Vulncheck_xdb 909 Inthewild 514 Gitlab 451 Gitee 415 Patchapalooza 312
By Language
text 31,357 python 6,238 ruby 5,922 c 3,594 perl 2,850 html 2,059 php 1,327 bash 460 java 364 c++ 253 javascript 220 shell 101 go 65 postscript 25 xml 24