Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-105474 EXPLOITDB python VERIFIED
Bigware Shop 2.1x - 'main_bigware_54.php' SQL Injection
by rwenzel
CVE-2012-0391 EXPLOITDB CRITICAL ruby VERIFIED
Apache Struts < 2.2.3.1 - Remote Code Execution via ExceptionDelegator OGNL Expression Injection
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
by Metasploit
CVSS 9.8
EIP-2026-119376 EXPLOITDB text VERIFIED
Hexamail Server 4.4.5 - Persistent Cross-Site Scripting
by modpr0be
EIP-2026-117985 EXPLOITDB text VERIFIED
Sysax 5.60 - Create SSL Certificate Buffer Overflow
by Craig Freyman
EIP-2026-109520 EXPLOITDB php VERIFIED
Mnews 1.1 - 'view.php' SQL Injection
by WhiteCollarGroup
EIP-2026-113964 EXPLOITDB php VERIFIED
WordPress Plugin Picturesurf Gallery - 'upload.php' Arbitrary File Upload
by Sammy FORGIT
EIP-2026-112963 EXPLOITDB text VERIFIED
vanilla forums poll plugin 0.9 - Persistent Cross-Site Scripting
by Henry Hoggard
EIP-2026-112961 EXPLOITDB text VERIFIED
Vanilla Forums 2.0.18.4 - Tagging Persistent Cross-Site Scripting
by Henry Hoggard
EIP-2026-112708 EXPLOITDB html VERIFIED
TinyCMS 1.3 - Arbitrary File Upload / Cross-Site Request Forgery
by KedAns-Dz
EIP-2026-112707 EXPLOITDB text VERIFIED
TinyCMS 1.3 - 'index.php?page' Traversal Local File Inclusion
by KedAns-Dz
EIP-2026-112706 EXPLOITDB text VERIFIED
TinyCMS 1.3 - '/admin/admin.php?do' Traversal Local File Inclusion
by KedAns-Dz
CVE-2011-4825 EXPLOITDB ruby VERIFIED
Ajax File and Image Manager < 1.1 - Remote Code Execution via PHP Code Injection in data.php
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
by Metasploit
EIP-2026-107773 EXPLOITDB text VERIFIED
Ignite Solutions CMS - 'car-details.php' SQL Injection
by Am!r
EIP-2026-104941 EXPLOITDB text VERIFIED
AdaptCMS 2.0.2 TinyURL Plugin - 'index.php?id' SQL Injection
by KedAns-Dz
EIP-2026-104940 EXPLOITDB text VERIFIED
AdaptCMS 2.0.2 TinyURL Plugin - 'admin.php' Multiple SQL Injections
by KedAns-Dz
EIP-2026-104659 EXPLOITDB php
PHP 5.3.10 - 'spl_autoload_register()' Local Denial of Service
by Yakir Wizman
EIP-2026-104658 EXPLOITDB php
PHP 5.3.10 - 'spl_autoload_call()' Local Denial of Service
by Yakir Wizman
EIP-2026-104657 EXPLOITDB php
PHP 5.3.10 - 'spl_autoload()' Local Denial of Service
by Yakir Wizman
CVE-2012-2763 EXPLOITDB ruby VERIFIED
GIMP < 2.6.13 - Remote Code Execution via Long String in Script-Fu Server Command
Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long string in a command to the script-fu server.
by Metasploit
EIP-2026-115468 EXPLOITDB text VERIFIED
IrfanView 4.33 - Format PlugIn '.TTF' File Parsing Stack Overflow
by Francis Provencher
EIP-2026-112958 EXPLOITDB text VERIFIED
Vanilla Forum Tagging Plugin Enchanced 1.0.1 - Persistent Cross-Site Scripting
by Henry Hoggard
EIP-2026-118366 EXPLOITDB ruby VERIFIED
Citrix Provisioning Services 5.6 SP1 - Streamprocess Opcode 0x40020006 Buffer Overflow (Metasploit)
by Metasploit
EIP-2026-118365 EXPLOITDB ruby VERIFIED
Citrix Provisioning Services 5.6 SP1 - Streamprocess Opcode 0x40020004 Buffer Overflow (Metasploit)
by Metasploit
EIP-2026-118364 EXPLOITDB ruby VERIFIED
Citrix Provisioning Services 5.6 SP1 - Streamprocess Opcode 0x40020002 Buffer Overflow (Metasploit)
by Metasploit
EIP-2026-115469 EXPLOITDB text VERIFIED
IrfanView 4.33 - Format PlugIn ECW Decompression Heap Overflow
by Francis Provencher