Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-106688 EXPLOITDB text VERIFIED
Easy Banner Pro - 'index.php' Local File Inclusion
by Yakir Wizman
EIP-2026-105661 EXPLOITDB python
businesswiki 2.5rc3 - Persistent Cross-Site Scripting / Arbitrary file upload
by Shai rod
EIP-2026-104930 EXPLOITDB text
Ad Manager Pro - Multiple Vulnerabilities
by Yakir Wizman
EIP-2026-104883 EXPLOITDB text VERIFIED
AB Banner Exchange - 'index.php' Local File Inclusion
by Yakir Wizman
EIP-2026-119245 EXPLOITDB c
Vice City Multiplayer Server 0.3z R2 - Remote Code Execution
by Sasuke78200
EIP-2026-118239 EXPLOITDB c VERIFIED
Adobe Pixel Bender Toolkit2 - 'tbbmalloc.dll' Multiple DLL Loading Code Execution Vulnerabilities
by coolkaveh
EIP-2026-112168 EXPLOITDB html VERIFIED
SiNG cms - 'Password.php' Cross-Site Scripting
by LiquidWorm
EIP-2026-110786 EXPLOITDB text VERIFIED
PHP Web Scripts Ad Manager Pro - 'page' Local File Inclusion
by Corrado Liotta
EIP-2026-110216 EXPLOITDB text VERIFIED
op5 Monitoring 5.4.2 - VM Applicance Multiple Vulnerabilities
by loneferret
EIP-2026-109567 EXPLOITDB html VERIFIED
Monstra CMS 1.2.1 - Multiple HTML Injection Vulnerabilities
by LiquidWorm
CVE-2012-4385 EXPLOITDB MEDIUM text
LetoDMS 3.3.6 - Cross-Site Request Forgery via Change Password
letodms 3.3.6 has CSRF via change password
by Shai rod
CVSS 6.5
EIP-2026-109010 EXPLOITDB text VERIFIED
KindEditor - 'name' Cross-Site Scripting
by LiquidWorm
EIP-2026-104931 EXPLOITDB text VERIFIED
Ad Manager Pro 4 - Local File Inclusion
by CorryL
CVE-2012-2984 EXPLOITDB text VERIFIED
Websense Content Gateway <7.7.3 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in monitor/m_overview.ink in Websense Content Gateway before 7.7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) menu or (2) item parameter.
by Steven Sim Kok Leong
EIP-2026-103848 EXPLOITDB text VERIFIED
Apache Struts 2 - Skill Name Remote Code Execution
by kxlzx
CVE-2012-10046 EXPLOITDB CRITICAL ruby VERIFIED
E-Mail Security Virtual Appliance ESVA_2057 - Unauthenticated OS Command Injection via learn-msg.cgi id Parameter
The E-Mail Security Virtual Appliance (ESVA) (tested on version ESVA_2057) contains an unauthenticated command injection vulnerability in the learn-msg.cgi script. The CGI handler fails to sanitize user-supplied input passed via the id parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no authentication and results in full command execution on the underlying system.
by Metasploit
CVE-2012-10045 EXPLOITDB CRITICAL ruby VERIFIED
XODA 0.4.5 - Unauthenticated Arbitrary PHP File Upload via Multipart Form Data
XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw resides in the upload functionality, which fails to properly validate or restrict uploaded file types. By crafting a multipart/form-data POST request, an attacker can upload a .php file directly into the web-accessible files/ directory and trigger its execution via a subsequent GET request.
by Metasploit
EIP-2026-114010 EXPLOITDB text VERIFIED
WordPress Plugin Rich Widget - Arbitrary File Upload
by Crim3R
EIP-2026-113904 EXPLOITDB text VERIFIED
WordPress Plugin Monsters Editor for WP Super Edit - Arbitrary File Upload
by Crim3R
EIP-2026-112951 EXPLOITDB html
VamCart 0.9 - Cross-Site Request Forgery
by DaOne
EIP-2026-110342 EXPLOITDB text VERIFIED
OrderSys 1.6.4 - Multiple SQL Injections / Multiple Cross-Site Scripting Vulnerabilities
by Canberk BOLAT
EIP-2026-110282 EXPLOITDB html
OpenDocMan 1.2.6.1 - Cross-Site Request Forgery (Password Change)
by Shai rod
EIP-2026-108242 EXPLOITDB text VERIFIED
Joomla! Component CiviCRM - Multiple Arbitrary File Upload Vulnerabilities
by Crim3R
EIP-2026-108042 EXPLOITDB text VERIFIED
Jara 1.6 - Multiple SQL Injections / Multiple Cross-Site Scripting Vulnerabilities
by Canberk BOLAT
EIP-2026-105384 EXPLOITDB text VERIFIED
Banana Dance - Cross-Site Scripting / SQL Injection
by Canberk BOLAT