Exploitdb Exploits

31,357 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-2361 EXPLOITDB text VERIFIED
osTicket < 1.6 - SQL Injection via Staff Username Parameter
SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter.
by Adam Baldwin
EIP-2026-109492 EXPLOITDB text VERIFIED
Miniweb 2.0 Site Builder Module - Multiple Cross-Site Scripting Vulnerabilities
by Moudi
CVE-2009-2394 EXPLOITDB text VERIFIED
SMSPages 1.0 - SQL Injection via CatID Parameter
SQL injection vulnerability in cat.php in SMSPages 1.0 in Mr.Saphp Arabic Script Mobile (aka Messages Library) 2.0 allows remote attackers to execute arbitrary SQL commands via the CatID parameter.
by SecurityRules
CVE-2009-2400 EXPLOITDB text VERIFIED
com_php - SQL Injection via id Parameter
SQL injection vulnerability in the PHP (com_php) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by Chip d3 bi0s
CVE-2009-2395 EXPLOITDB text VERIFIED
com_k2 < 1.0.1 - SQL Injection via Category Parameter
SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in an itemlist action to index.php.
by Chip d3 bi0s
CVE-2009-2399 EXPLOITDB text VERIFIED
DM FileManager 3.9.4 - Remote Code Execution via SECURITY_FILE Parameter
PHP remote file inclusion vulnerability in dm-albums/template/album.php in DM FileManager 3.9.4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITY_FILE parameter.
by Septemb0x
CVE-2009-2325 EXPLOITDB text VERIFIED
Clicknet CMS 2.1 - Path Traversal via Side Parameter
Directory traversal vulnerability in index.php in Clicknet CMS 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the side parameter.
by ThE g0bL!N
CVE-2009-2595 EXPLOITDB text
Censura 2.0.4 and 2.1.0 - Cross-Site Scripting via ProductSearch q Parameter
Cross-site scripting (XSS) vulnerability in productSearch.html in Censura 2.0.4 and 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a ProductSearch action.
by mark99
CVE-2009-2397 EXPLOITDB text VERIFIED
Audio Article Directory - Path Traversal
Directory traversal vulnerability in download.php in Audio Article Directory allows remote attackers to read arbitrary files via directory traversal sequences in the file parameter.
by ThE g0bL!N
CVE-2009-2275 EXPLOITDB text VERIFIED
cPanel - Path Traversal via Domain Parameter in Last Visit Stats Page
Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attackers to read arbitrary files via a .. (dot dot) in the domain parameter.
by SecurityRules
EIP-2026-109348 EXPLOITDB text VERIFIED
Matterdaddy Market 1.x - 'index.php' Cross-Site Scripting
by Moudi
EIP-2026-108827 EXPLOITDB text VERIFIED
Joomla! Component Permis 1.0 (com_groups) - 'id' SQL Injection
by Prince_Pwn3r
EIP-2026-103910 EXPLOITDB text VERIFIED
Google Chrome 2.0.172 - 'chrome://history/' URI Cross-Site Scripting
by Karn Ganeshen
CVE-2009-2772 EXPLOITDB text VERIFIED
PG Roommate Finder Solution - Cross-Site Scripting via Part Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PG Roommate Finder Solution allow remote attackers to inject arbitrary web script or HTML via the part parameter to (1) quick_search.php and (2) viewprofile.php.
by Moudi
CVE-2009-2772 EXPLOITDB text VERIFIED
PG Roommate Finder Solution - Cross-Site Scripting via Part Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PG Roommate Finder Solution allow remote attackers to inject arbitrary web script or HTML via the part parameter to (1) quick_search.php and (2) viewprofile.php.
by Moudi
EIP-2026-108575 EXPLOITDB text VERIFIED
Joomla! Component com_user - 'view' Open Redirection
by 599eme Man
EIP-2026-108200 EXPLOITDB text VERIFIED
Joomla! Component Almond Classifieds 7.5 - Cross-Site Scripting / SQL Injection
by Moudi
CVE-2009-3226 EXPLOITDB text VERIFIED
Almond Classifieds Ads Enterprise and Almond Affiliate Network Classifieds - SQL Injection via replid Parameter
SQL injection vulnerability in index.php in AlmondSoft Almond Classifieds Ads Enterprise and Almond Affiliate Network Classifieds allows remote attackers to execute arbitrary SQL commands via the replid parameter in a manw_repl add_form action. NOTE: some of these details are obtained from third party information.
by Moudi
CVE-2009-3225 EXPLOITDB text VERIFIED
Almond Classifieds - Cross-Site Scripting via Page or Address Parameter
Multiple cross-site scripting (XSS) vulnerabilities in AlmondSoft Almond Classifieds Wap and Pro, and possibly Almond Affiliate Network Classifieds, allow remote attackers to inject arbitrary web script or HTML via (1) the page parameter in a browse action to index.php or (2) the addr parameter to gmap.php. NOTE: some of these details are obtained from third party information.
by Moudi
CVE-2009-3225 EXPLOITDB text VERIFIED
Almond Classifieds - Cross-Site Scripting via Page or Address Parameter
Multiple cross-site scripting (XSS) vulnerabilities in AlmondSoft Almond Classifieds Wap and Pro, and possibly Almond Affiliate Network Classifieds, allow remote attackers to inject arbitrary web script or HTML via (1) the page parameter in a browse action to index.php or (2) the addr parameter to gmap.php. NOTE: some of these details are obtained from third party information.
by Moudi
CVE-2009-3220 EXPLOITDB text VERIFIED
Tecnick Aiocp - Code Injection
PHP remote file inclusion vulnerability in cp_html2txt.php in All In One Control Panel (AIOCP) 1.4.001 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
by Hadi Kiamarsi
EIP-2026-103681 EXPLOITDB text VERIFIED
TrackMania 2.11.11 - Multiple Remote Vulnerabilities
by Luigi Auriemma
CVE-2009-2392 EXPLOITDB text VERIFIED
Virtuenetz Virtue Online Test Generator - SQL Injection
SQL injection vulnerability in text.php in Virtuenetz Virtue Online Test Generator allows remote attackers to execute arbitrary SQL commands via the tid parameter.
by HxH
CVE-2009-2391 EXPLOITDB text VERIFIED
Virtuenetz Virtue Online Test Generator - XSS
Cross-site scripting (XSS) vulnerability in text.php in Virtuenetz Virtue Online Test Generator allows remote attackers to inject arbitrary web script or HTML via the tid parameter.
by HxH
CVE-2008-2565 EXPLOITDB text VERIFIED
php-address_book < 4.0 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected.
by YEnH4ckEr
By Source
All 31,357 Writeup 60,559 Exploitdb 50,033 Nomisec 21,988 Metasploit 3,232 Github 3,002 Vulncheck_xdb 909 Inthewild 514 Gitlab 455 Gitee 415 Patchapalooza 312
By Language
text 31,357 python 6,239 ruby 5,922 c 3,595 perl 2,850 html 2,059 php 1,327 bash 460 java 364 c++ 253 javascript 220 shell 102 go 65 postscript 25 xml 24