Exploitdb Exploits

49,996 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-17589 EXPLOITDB CRITICAL text VERIFIED
Thumbtack Clone - SQL Injection
FS Thumbtack Clone 1.0 has SQL Injection via the browse-category.php cat parameter or the browse-scategory.php sc parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17590 EXPLOITDB CRITICAL text VERIFIED
Stackoverflow-clone - SQL Injection
FS Stackoverflow Clone 1.0 has SQL Injection via the /question keywords parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17583 EXPLOITDB CRITICAL text VERIFIED
Shutterstock Clone - SQL Injection
FS Shutterstock Clone 1.0 has SQL Injection via the /Category keywords parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17581 EXPLOITDB CRITICAL text VERIFIED
Quibids Clone - SQL Injection
FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17586 EXPLOITDB CRITICAL text VERIFIED
Olx Clone - SQL Injection
FS Olx Clone 1.0 has SQL Injection via the subpage.php scat parameter or the message.php pid parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17585 EXPLOITDB CRITICAL text VERIFIED
Monster Clone - SQL Injection
FS Monster Clone 1.0 has SQL Injection via the Employer_Details.php id parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17584 EXPLOITDB CRITICAL text VERIFIED
Makemytrip Clone - SQL Injection
FS Makemytrip Clone 1.0 has SQL Injection via the show-flight-result.php fl_orig or fl_dest parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17616 EXPLOITDB CRITICAL text
Event Calendar Category Script - SQL Injection
Event Search Script 1.0 has SQL Injection via the /event-list city parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17596 EXPLOITDB CRITICAL text
Entrepreneur Job Portal Script - SQL Injection
Entrepreneur Job Portal Script 2.0.6 has SQL Injection via the jobsearch_all.php rid1 parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17648 EXPLOITDB CRITICAL text
Entrepreneur Dating Script - SQL Injection
Entrepreneur Dating Script 2.0.1 has SQL Injection via the search_result.php marital, gender, country, or profileid parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17610 EXPLOITDB CRITICAL text
E-commerce Mlm Software - SQL Injection
E-commerce MLM Software 1.0 has SQL Injection via the service_detail.php pid parameter, event_detail.php eventid parameter, or news_detail.php newid parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17594 EXPLOITDB CRITICAL text VERIFIED
Domainsale Php Script - SQL Injection
DomainSale PHP Script 1.0 has SQL Injection via the domain.php id parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17611 EXPLOITDB CRITICAL text
Doctor Search Script - SQL Injection
Doctor Search Script 1.0 has SQL Injection via the /list city parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17605 EXPLOITDB CRITICAL text
Consumer Complaints Clone Script - SQL Injection
Consumer Complaints Clone Script 1.0 has SQL Injection via the other-user-profile.php id parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17606 EXPLOITDB CRITICAL text
Co-work Space Search Script - SQL Injection
Co-work Space Search Script 1.0 has SQL Injection via the /list city parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17607 EXPLOITDB CRITICAL text
Cms Auditor Website - SQL Injection
CMS Auditor Website 1.0 has SQL Injection via the PATH_INFO to /news-detail.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17608 EXPLOITDB CRITICAL text
Kindergarten - Elementary School Listing Script - SQL Injection
Child Care Script 1.0 has SQL Injection via the /list city parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17609 EXPLOITDB CRITICAL text
Chartered Accountant Booking Script - SQL Injection
Chartered Accountant Booking Script 1.0 has SQL Injection via the /service-list city parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17601 EXPLOITDB CRITICAL text
Cab Booking Script - SQL Injection
Cab Booking Script 1.0 has SQL Injection via the /service-list city parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-16929 EXPLOITDB HIGH python
Claymore Dual GPU miner 10.1 - Path Traversal
The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a remote attacker to read/write arbitrary files. This can be exploited via ../ sequences in the pathname to miner_file or miner_getfile.
by tintinweb
CVSS 8.1
CVE-2017-16930 EXPLOITDB CRITICAL python
Claymore Dual GPU miner 10.1 - RCE
The remote management interface on the Claymore Dual GPU miner 10.1 allows an unauthenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the request handler. This can be exploited via a long API request that is mishandled during logging.
by tintinweb
CVSS 9.8
EIP-2026-115792 EXPLOITDB VERIFIED
Microsoft Windows Defender - Controlled Folder Bypass Through UNC Path
by Google Security Research
EIP-2026-114801 EXPLOITDB ruby VERIFIED
Polycom Shell HDX Series - Traceroute Command Execution (Metasploit)
by Metasploit
EIP-2026-110292 EXPLOITDB text
OpenEMR 5.0.0 - OS Command Injection / Cross-Site Scripting
by SEC Consult
EIP-2026-110291 EXPLOITDB text
OpenEMR 5.0.0 - OS Command Injection / Cross-Site Scripting
by SEC Consult
By Source
All 49,996 Writeup 60,186 Exploitdb 49,996 Nomisec 21,730 Metasploit 3,219 Github 2,577 Vulncheck_xdb 905 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,337 python 5,951 ruby 5,908 c 3,567 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 91 go 55 postscript 25 xml 24