Exploitdb Exploits

31,369 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-104937 EXPLOITDB text VERIFIED
adaptbb 1.0b - Multiple Vulnerabilities
by Salvatore Fresta
EIP-2026-104892 EXPLOITDB text VERIFIED
Absolute Form Processor XE-V 1.5 - Authentication Bypass
by ThE g0bL!N
CVE-2009-1288 EXPLOITDB text VERIFIED
IBM Advanced Management Module - Cross-Site Scripting via Username or File Manager PATH Parameter
Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via (1) the username in a login action or (2) the PATH parameter to private/file_management.ssi in the File manager.
by Henri Lindberg
CVE-2009-1288 EXPLOITDB text VERIFIED
IBM Advanced Management Module - Cross-Site Scripting via Username or File Manager PATH Parameter
Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via (1) the username in a login action or (2) the PATH parameter to private/file_management.ssi in the File manager.
by Henri Lindberg
EIP-2026-103176 EXPLOITDB text VERIFIED
net2ftp 0.97 - Cross-Site Scripting / Request Forgery
by cicatriz
CVE-2009-1287 EXPLOITDB text VERIFIED
Cisco Subscriber Edge Services Manager - Cross-Site Scripting via URI
Cross-site scripting (XSS) vulnerability in Cisco Subscriber Edge Services Manager (SESM) allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: some of these details are obtained from third party information.
by Usman Saeed
EIP-2026-100158 EXPLOITDB text VERIFIED
Back-End CMS 5.0 - 'main.asp?id' SQL Injection
by AnGeL25dZ
EIP-2026-100087 EXPLOITDB text VERIFIED
Absolute Form Processor XE 1.5 - 'login.asp' SQL Injection
by ThE g0bL!N
EIP-2026-119032 EXPLOITDB text VERIFIED
peterConnects Web Server - Traversal Arbitrary File Access
by Bugs NotHugs
EIP-2026-114483 EXPLOITDB text VERIFIED
Xplode CMS - 'wrap_script' SQL Injection
by PLATEN
CVE-2009-1495 EXPLOITDB text VERIFIED
Web File Explorer 3.1 - Unauthenticated Sensitive Information Exposure via Direct Database Download
Web File Explorer 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/db.mdb.
by ByALBAYX
EIP-2026-111898 EXPLOITDB text VERIFIED
saspcms 0.9 - Multiple Vulnerabilities
by BugReport.IR
EIP-2026-110610 EXPLOITDB text VERIFIED
photo graffix 3.4 - Multiple Vulnerabilities
by ahmadbady
CVE-2009-1499 EXPLOITDB text VERIFIED
Joomla! - SQL Injection via MailTo Component Article Parameter
SQL injection vulnerability in the MailTo (aka com_mailto) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in index.php. NOTE: SecurityFocus states that this issue has been disputed by the vendor.
by H!tm@N
EIP-2026-108779 EXPLOITDB text VERIFIED
Joomla! Component Maian Music 1.2.1 - 'category' SQL Injection
by H!tm@N
CVE-2009-1496 EXPLOITDB text VERIFIED
Ijobid Com Cmimarketplace - Path Traversal
Directory traversal vulnerability in the Cmi Marketplace (com_cmimarketplace) component 0.1 for Joomla! allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php.
by H!tm@N
EIP-2026-107042 EXPLOITDB text VERIFIED
Family Connections CMS 1.8.2 - Blind SQL Injection
by Salvatore Fresta
EIP-2026-115867 EXPLOITDB text VERIFIED
Mozilla Firefox XSL - Parsing Remote Memory Corruption (PoC) (2)
by DATA_SNIPER
EIP-2026-114896 EXPLOITDB text VERIFIED
Amaya 11.1 - XHTML Parser Remote Buffer Overflow (PoC)
by cicatriz
CVE-2009-1263 EXPLOITDB text VERIFIED
com_bookjoomlas 0.1 - SQL Injection via gbid Parameter
SQL injection vulnerability in sub_commententry.php in the BookJoomlas (com_bookjoomlas) component 0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a comment action to index.php.
by Salvatore Fresta
CVE-2009-1256 EXPLOITDB text VERIFIED
FlexCMS 2.5 - SQL Injection via ItemId Parameter
SQL injection vulnerability in FlexCMS 2.5 allows remote attackers to execute arbitrary SQL commands via the ItemId parameter. NOTE: some of these details are obtained from third party information.
by Lanti-Net
CVE-2009-1277 EXPLOITDB text VERIFIED
Gravity Board X 2.0 BETA - SQL Injection via member_id Parameter
SQL injection vulnerability in index.php in Gravity Board X (GBX) 2.0 BETA allows remote attackers to execute arbitrary SQL commands via the member_id parameter in a viewprofile action. NOTE: the board_id issue is already covered by CVE-2008-2996.2.
by brain[pillow]
CVE-2009-1278 EXPLOITDB text VERIFIED
Gravity Board X 2.0 BETA - Remote Code Injection via Configure Action
Static code injection vulnerability in forms/ajax/configure.php in Gravity Board X (GBX) 2.0 BETA allows remote attackers to inject arbitrary PHP code into config.php via the configure action to index.php.
by brain[pillow]
EIP-2026-107190 EXPLOITDB text VERIFIED
form2list - 'page.php?id' SQL Injection
by Cyber-Zone
CVE-2009-4957 EXPLOITDB text VERIFIED
Interspire ActiveKB - Path Traversal via Panel Parameter
Directory traversal vulnerability in loadpanel.php in Interspire ActiveKB allows remote attackers to read arbitrary files and possibly have unspecified other impact via directory traversal sequences in the Panel parameter.
by Angela Chang
By Source
All 31,369 Writeup 60,656 Exploitdb 50,056 Nomisec 21,999 Metasploit 3,233 Github 3,028 Vulncheck_xdb 909 Inthewild 514 Gitlab 461 Gitee 415 Patchapalooza 312
By Language
text 31,369 python 6,263 ruby 5,923 c 3,600 perl 2,850 html 2,059 php 1,327 bash 460 java 364 c++ 253 javascript 221 shell 105 go 65 postscript 25 xml 24