Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-110671 EXPLOITDB text
PHP Classifieds Rental Script 3.6.0 - 'scatid' SQL Injection
by Ihsan Sencan
EIP-2026-110654 EXPLOITDB text
PHP B2B Script 3.05 - SQL Injection
by Ihsan Sencan
EIP-2026-110068 EXPLOITDB text
Online Cinema and Event Booking Script 2.01 - 'newsid' SQL Injection
by Ihsan Sencan
EIP-2026-109895 EXPLOITDB text
Network Community Script 3.0.2 - SQL Injection
by Ihsan Sencan
EIP-2026-109839 EXPLOITDB text
Naukri Clone Script 3.02 - 'type' SQL Injection
by Ihsan Sencan
EIP-2026-109644 EXPLOITDB text
Multireligion Responsive Matrimonial Script 4.7.1 - SQL Injection
by Ihsan Sencan
EIP-2026-109513 EXPLOITDB text
MLM Membership Plan Script 2.0.5 - SQL Injection
by Ihsan Sencan
EIP-2026-109512 EXPLOITDB text
MLM Forex Market Plan Script 2.0.1 - SQL Injection
by Ihsan Sencan
EIP-2026-109511 EXPLOITDB text
MLM Forced Matrix 2.0.7 - SQL Injection
by Ihsan Sencan
EIP-2026-109510 EXPLOITDB text
MLM Binary Plan Script 2.0.5 - SQL Injection
by Ihsan Sencan
EIP-2026-107511 EXPLOITDB text
Groupon Clone Script 3.01 - 'catid' SQL Injection
by Ihsan Sencan
EIP-2026-106889 EXPLOITDB text
Entrepreneur Bus Booking Script 3.03 - 'hid_Busid' SQL Injection
by Ihsan Sencan
EIP-2026-106888 EXPLOITDB text
Entrepreneur B2B Script 2.0.4 - 'id' SQL Injection
by Ihsan Sencan
EIP-2026-104993 EXPLOITDB text
Advanced Real Estate Script 4.0.6 - SQL Injection
by Ihsan Sencan
EIP-2026-104989 EXPLOITDB text
Advanced Matrimonial Script 2.0.3 - SQL Injection
by Ihsan Sencan
EIP-2026-104973 EXPLOITDB text
Advanced Bus Booking Script 2.04 - SQL Injection
by Ihsan Sencan
CVE-2017-7178 EXPLOITDB HIGH html
Deluge < 1.3.14 - Cross-Site Request Forgery via Crafted Plugin Installation
CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plugin.
by Kyle Neideck
CVSS 8.8
CVE-2017-6444 EXPLOITDB HIGH c
MikroTik RouterOS 6.25 - Denial of Service via Unsolicited TCP ACK Packets
The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many ACK packets. After the attacker stops the exploit, the CPU usage is 100% and the router requires a reboot for normal operation.
by FarazPajohan
CVSS 7.5
CVE-2017-6465 EXPLOITDB CRITICAL python VERIFIED
FTPShell Client 6.53 - Remote Code Execution via PWD Response Buffer Overflow
Remote Code Execution was discovered in FTPShell Client 6.53. By default, the client sends a PWD command to the FTP server it is connecting to; however, it doesn't check the response's length, leading to a buffer overflow situation.
by Peter Baris
CVSS 9.8
EIP-2026-108796 EXPLOITDB text
Joomla! Component Monthly Archive 3.6.4 - 'author_form' SQL Injection
by Ihsan Sencan
EIP-2026-108767 EXPLOITDB text
Joomla! Component JUX EventOn 1.0.1 - 'id' SQL Injection
by Ihsan Sencan
EIP-2026-108614 EXPLOITDB text
Joomla! Component Content ConstructionKit 1.1 - SQL Injection
by Ihsan Sencan
EIP-2026-108218 EXPLOITDB text
Joomla! Component AYS Quiz 1.0 - 'id' SQL Injection
by Ihsan Sencan
EIP-2026-108202 EXPLOITDB text
Joomla! Component AltaUserPoints 1.1 - 'userid' SQL Injection
by Ihsan Sencan
CVE-2017-6104 EXPLOITDB HIGH python
Wordpress Plugin Mobile App Native 3.0 - Remote File Upload
Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0.
by The Martian
CVSS 7.5
By Source
All 50,076 Writeup 62,478 Exploitdb 50,076 Nomisec 22,448 Github 3,670 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,594 ruby 6,006 c 3,631 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 133 go 73 postscript 25 typescript 25