Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-5473 EXPLOITDB HIGH text
ntopng < 2.4 - Cross-Site Request Forgery via User Management Endpoints
Cross-site request forgery (CSRF) vulnerability in ntopng through 2.4 allows remote attackers to hijack the authentication of arbitrary users, as demonstrated by admin/add_user.lua, admin/change_user_prefs.lua, admin/delete_user.lua, and admin/password_reset.lua.
by hyp3rlinx
CVSS 8.8
EIP-2026-117505 EXPLOITDB text
Microsoft Power Point 2016 - Java Code Execution
by Fady Mohammed Osman
CVE-2017-5594 EXPLOITDB HIGH ruby VERIFIED
Pagekit < 1.0.11 - Unauthenticated Password Reset via Debug Toolbar
An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7_PGKT_01.
by Saurabh Banawar
CVSS 7.5
EIP-2026-109704 EXPLOITDB
MyBB < 1.8.3 (with PHP 5.6 < 5.6.11) - Remote Code Execution
by Taoguang Chen
EIP-2026-109649 EXPLOITDB text
Music Site Script 1.2 - Authentication Bypass
by Ihsan Sencan
EIP-2026-109478 EXPLOITDB text
Mini CMS 1.1 - Authentication Bypass
by Ihsan Sencan
EIP-2026-109476 EXPLOITDB text
Mini Blog 1.1 - Authentication Bypass
by Ihsan Sencan
CVE-2016-9838 EXPLOITDB HIGH python
Joomla! < 3.6.4 - Improper Access Control via Registration Form Session Data
An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a user to gain access to a registered user's account and reset the user's group mappings, username, and password, as demonstrated by submitting a form that targets the `registration.register` task.
by Charles Fol
CVSS 7.5
CVE-2012-1563 EXPLOITDB HIGH python
Joomla! < 2.5.3 - Unauthenticated Admin Account Creation
Joomla! before 2.5.3 allows Admin Account Creation.
by Charles Fol
CVSS 7.5
EIP-2026-108105 EXPLOITDB text
Job Site PHP Script 1.1 - Authentication Bypass
by Ihsan Sencan
EIP-2026-107750 EXPLOITDB text
ICTutors Tutoring Site Script 1.1 - Authentication Bypass
by Ihsan Sencan
EIP-2026-107734 EXPLOITDB text
ICGames-Games Site Script 1.2 - Authentication Bypass
by Ihsan Sencan
EIP-2026-106538 EXPLOITDB text
Domains Marketplace Script 1.1 - Authentication Bypass
by Ihsan Sencan
EIP-2026-106102 EXPLOITDB text VERIFIED
Complain Management System - SQL injection
by Sibusiso Sishi
EIP-2026-105353 EXPLOITDB text
B2B Alibaba Clone Script - 'IndustryID' SQL Injection
by Ihsan Sencan
EIP-2026-105015 EXPLOITDB text
Affiliate Tracking Script 1.1 - Authentication Bypass
by Ihsan Sencan
EIP-2026-113105 EXPLOITDB text
Viral Image Sharing Script - SQL Injection
by Ihsan Sencan
EIP-2026-113104 EXPLOITDB text
Viral Image & Video Sharing GagZone Script - SQL Injection
by Ihsan Sencan
EIP-2026-113102 EXPLOITDB text
Vine VideoSite Creator Script - SQL Injection
by Ihsan Sencan
EIP-2026-113084 EXPLOITDB text
Video Site Creator Script - SQL Injection
by Ihsan Sencan
EIP-2026-112295 EXPLOITDB text
Social News and Bookmarking Script - SQL Injection
by Ihsan Sencan
EIP-2026-108106 EXPLOITDB text
Job Vacancy Script - SQL Injection
by Ihsan Sencan
EIP-2026-107789 EXPLOITDB text
Image and Video Script - SQL Injection
by Ihsan Sencan
EIP-2026-107605 EXPLOITDB text
Home of Viral Images_ Videos and Articles Script - SQL Injection
by Ihsan Sencan
EIP-2026-105894 EXPLOITDB text
Classifieds Script - 'term' SQL Injection
by Ihsan Sencan
By Source
All 50,076 Writeup 62,507 Exploitdb 50,076 Nomisec 22,463 Github 3,681 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,602 ruby 6,006 c 3,631 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 133 go 73 postscript 25 typescript 25