Exploitdb Exploits

31,369 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-110370 EXPLOITDB text VERIFIED
osCommerce 2.2/3.0 - 'oscid' Session Fixation
by laurent.desaulniers
EIP-2026-104838 EXPLOITDB text VERIFIED
4CMS - SQL Injection / Local File Inclusion
by k1ll3r_null
EIP-2026-100533 EXPLOITDB text VERIFIED
SAP Business Objects Crystal Reports 7-10 - 'viewreport.asp' Cross-Site Scripting
by Bugs NotHugs
EIP-2026-100112 EXPLOITDB text VERIFIED
Asbru Web Content Management 6.5/6.6.9 - SQL Injection / Cross-Site Scripting
by Patrick Webster
EIP-2026-112717 EXPLOITDB text VERIFIED
TinyPHPForum 3.61 - File Disclosure / Code Execution
by brain[pillow]
CVE-2009-1509 EXPLOITDB text VERIFIED
MyioSoft AjaxPortal 3.0 - SQL Injection via Page Parameter
SQL injection vulnerability in ajaxp_backend.php in MyioSoft AjaxPortal 3.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
by cOndemned
CVE-2009-1510 EXPLOITDB text VERIFIED
KoschtIT Image Gallery 1.82 - Path Traversal via File Parameter
Multiple directory traversal vulnerabilities in KoschtIT Image Gallery 1.82 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the file parameter to (1) ki_makepic.php and (2) ki_nojsdisplayimage.php in ki_base/.
by ahmadbady
EIP-2026-103477 EXPLOITDB text
Ghostscript 'CCITTFax' Decoding Filter - Denial of Service
by Red Hat
CVE-2008-6476 EXPLOITDB text VERIFIED
BlogEngine.NET - Cross-Site Scripting via Search q Parameter
Cross-site scripting (XSS) vulnerability in blog/search.aspx in BlogEngine.NET allows remote attackers to inject arbitrary web script or HTML via the q parameter.
by sk
CVE-2009-1212 EXPLOITDB text VERIFIED
PrecisionID Datamatrix - Buffer Overflow
Multiple insecure method vulnerabilities in PRECIS~2.DLL in the PrecisionID Datamatrix ActiveX control (DMATRIXLib.Datamatrix) allow remote attackers to overwrite arbitrary files via the (1) SaveBarCode and (2) SaveEnhWMF methods.
by DSecRG
CVE-2009-1222 EXPLOITDB text VERIFIED
webEdition <= 6.0.0.4 - Remote File Inclusion via WE_LANGUAGE Parameter
Directory traversal vulnerability in index.php in webEdition 6.0.0.4 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the WE_LANGUAGE parameter.
by Salvatore Fresta
CVE-2009-1224 EXPLOITDB text VERIFIED
vsp_stats_processor 0.45 - SQL Injection via gameID Parameter
SQL injection vulnerability in vsp-core/pub/themes/bismarck/gamestat.php in vsp stats processor 0.45 allows remote attackers to execute arbitrary SQL commands via the gameID parameter.
by Dimi4
EIP-2026-113116 EXPLOITDB text VERIFIED
virtuemart 1.1.2 - Multiple Vulnerabilities
by waraxe
CVE-2009-1225 EXPLOITDB text VERIFIED
Turnkey Ebook Store 1.1 - Cross-Site Scripting via Keywords Parameter
Cross-site scripting (XSS) vulnerability in index.php in Turnkey Ebook Store 1.1 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action.
by TEAMELITE
CVE-2009-4883 EXPLOITDB text VERIFIED
PHPRecipeBook 2.24 and 2.39 - SQL Injection via base_id or course_id Parameter
SQL injection vulnerability in index.php in PHPRecipeBook 2.24 and 2.39 allows remote attackers to execute arbitrary SQL commands via the (1) base_id or (2) course_id parameter in a search action.
by DarKdewiL
EIP-2026-108115 EXPLOITDB text VERIFIED
JobHut 1.2 - Remote Password Change/Delete/Activate User
by ThE g0bL!N
CVE-2009-4794 EXPLOITDB text VERIFIED
Community CMS 0.5 - SQL Injection via article_id Parameter or Calendar Event Action
Multiple SQL injection vulnerabilities in Community CMS 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to view.php and the (2) a parameter in an event action to calendar.php, reachable through index.php.
by Salvatore Fresta
EIP-2026-103664 EXPLOITDB text VERIFIED
Sun Calendar Express Web Server - Denial of Service / Cross-Site Scripting
by Core Security
CVE-2009-1218 EXPLOITDB text VERIFIED
Sun Java System Calendar Server 6 2004Q2-6.3-7.01 - Cross-Site Scripting via login.wcap fmt-out Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via (1) the fmt-out parameter to login.wcap or (2) the date parameter to command.shtml.
by SCS team
CVE-2009-1219 EXPLOITDB text VERIFIED
Sun Java System Calendar Server 6 2004Q2-6.3-7.01 - Denial of Service via tzid Parameter
Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allows remote attackers to cause a denial of service (daemon crash) via multiple requests to the default URI with alphabetic characters in the tzid parameter.
by SCS team
CVE-2009-1220 EXPLOITDB text VERIFIED
Cisco ASA 7.2(4.30)/8.0(4.28) and earlier - XSS via Host HTTP Header
Cross-site scripting (XSS) vulnerability in +webvpn+/index.html in WebVPN on the Cisco Adaptive Security Appliances (ASA) 5520 with software 7.2(4)30 and earlier 7.2 versions including 7.2(2)22, and 8.0(4)28 and earlier 8.0 versions, when clientless mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the Host HTTP header.
by Bugs NotHugs
CVE-2009-4798 EXPLOITDB text VERIFIED
Diskos CMS 6.x - SQL Injection via side.asp kat Parameter and Admin Login Fields
Multiple SQL injection vulnerabilities in Diskos CMS 6.x allow remote attackers to execute arbitrary SQL commands via the (1) kat parameter to side.asp, and the (2) brugerid and (3) password fields to the administration login feature.
by AnGeL25dZ
CVE-2009-4792 EXPLOITDB text VERIFIED
BandSite CMS 1.1.4 - SQL Injection via memid Parameter
SQL injection vulnerability in includes/content/member_content.php in BandSite CMS 1.1.4 allows remote attackers to execute arbitrary SQL commands via the memid parameter to members.php.
by SirGod
CVE-2009-0686 EXPLOITDB text VERIFIED
TrendMicro Activity Monitor Module <2.52.0.1002 - Privilege Escalation
The TrendMicro Activity Monitor Module (tmactmon.sys) 2.52.0.1002 in Trend Micro Internet Pro 2008 and 2009, and Security Pro 2008 and 2009, allows local users to gain privileges via a crafted IRP in a METHOD_NEITHER IOCTL request to \Device\tmactmon that overwrites memory.
by b1@ckeYe
CVE-2009-1232 EXPLOITDB text VERIFIED
Firefox <= 3.0.10 - Denial of Service via Malformed XML Document
Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 3.0.10 and earlier are also affected.
by Wojciech Pawlikowski
By Source
All 31,369 Writeup 60,656 Exploitdb 50,056 Nomisec 21,999 Metasploit 3,233 Github 3,028 Vulncheck_xdb 909 Inthewild 514 Gitlab 461 Gitee 415 Patchapalooza 312
By Language
text 31,369 python 6,263 ruby 5,923 c 3,600 perl 2,850 html 2,059 php 1,327 bash 460 java 364 c++ 253 javascript 221 shell 105 go 65 postscript 25 xml 24