Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-113408 EXPLOITDB text
WHMCompleteSolution (WHMCS) 3.x < 4.0.x - 'cart.php' Local File Disclosure
by Lagripe-Dz & Mca-Crb
EIP-2026-110301 EXPLOITDB text VERIFIED
Openemr-4.1.0 - SQL Injection
by I2sec-dae jin Oh
EIP-2026-105596 EXPLOITDB text VERIFIED
Boonex Dolphin 6.1 - 'get_list.php' SQL Injection
by Yuri Goltsev
EIP-2026-104802 EXPLOITDB text
1024 CMS 1.1.0 Beta - 'force_download.php' Local File Inclusion
by Sangyun YOO
CVE-2011-1774 EXPLOITDB ruby VERIFIED
Cross Platform Webkit File Dropper
WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted web site. NOTE: this may overlap CVE-2011-1425.
by Metasploit
EIP-2026-112181 EXPLOITDB text VERIFIED
Site@School 2.4.10 - '/index.php' Cross-Site Scripting / SQL Injection
by Stefan Schurtz
EIP-2026-108916 EXPLOITDB text
Joomla! Plugin NoNumber Framework - Multiple Vulnerabilities
by jdc
EIP-2026-106530 EXPLOITDB php
Dolphin 7.0.7 - 'member_menu_queries.php' Remote PHP Code Injection
by EgiX
EIP-2026-101190 EXPLOITDB text VERIFIED
Check Point UTM-1 Edge and Safe 8.2.43 - Multiple Vulnerabilities
by Richard Brain
EIP-2026-113585 EXPLOITDB text VERIFIED
WordPress Plugin BackWPUp 2.1.4 - Code Execution
by Sense of Security
CVE-2011-4066 EXPLOITDB text
Gnuboard < 4.33.02 - SQL Injection via PATH_INFO
SQL injection vulnerability in bbs/tb.php in Gnuboard 4.33.02 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO.
by flyh4t
EIP-2026-106539 EXPLOITDB text
Dominant Creature BBG/RPG Browser Game - Persistent Cross-Site Scripting
by M.Jock3R
EIP-2026-105263 EXPLOITDB text VERIFIED
asgbookPHP 1.9 - 'index.php' Cross-Site Scripting
by indoushka
CVE-2011-3230 EXPLOITDB ruby VERIFIED
Apple Safari - Remote Code Execution via File URL Policy Bypass
Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site.
by Metasploit
CVE-2012-1239 EXPLOITDB text VERIFIED
TOSHIBA TEC e-Studio MFP - Unauthenticated Authentication Bypass
The TopAccess web-based management interface on TOSHIBA TEC e-Studio multi-function peripheral (MFP) devices with firmware 30x through 302, 35x through 354, and 4xx through 421 allows remote attackers to bypass authentication and obtain administrative privileges via unspecified vectors.
by Deral Heiland PercX
CVE-2011-10016 EXPLOITDB CRITICAL ruby VERIFIED
Real Networks Netzip Classic 7.5.1.86 - Buffer Overflow
Real Networks Netzip Classic version 7.5.1.86 is vulnerable to a stack-based buffer overflow when parsing a specially crafted ZIP archive. The vulnerability is triggered when the application attempts to process a file name within the archive that exceeds the expected buffer size. Exploitation allows arbitrary code execution under the context of the victim user when the ZIP file is opened.
by Metasploit
EIP-2026-111845 EXPLOITDB text
Ruubikcms 1.1.0 - '/extra/image.php' Local File Inclusion
by Sangyun YOO
CVE-2011-1965 EXPLOITDB python
Microsoft Windows 7 Gold & SP1/Windows Server 2008 R2 & R2 SP1 - DoS
Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability."
by Byoungyoung Lee
EIP-2026-115000 EXPLOITDB perl
BlueZone Desktop - '.zap' file Local Denial of Service
by Silent_Dream
EIP-2026-113951 EXPLOITDB text
WordPress Plugin Photo Album Plus 4.1.1 - SQL Injection
by Skraps
CVE-2011-4559 EXPLOITDB text VERIFIED
vtiger CRM < 5.2.1 - SQL Injection via Calendar Module onlyforuser Parameter
SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php.
by Aung Khant
EIP-2026-119056 EXPLOITDB text VERIFIED
PROMOTIC 8.1.3 - Multiple Vulnerabilities
by Luigi Auriemma
EIP-2026-114422 EXPLOITDB text VERIFIED
Xenon - 'id' Multiple SQL Injections
by m3rciL3Ss
EIP-2026-113641 EXPLOITDB text
WordPress Plugin Contact Form 2.7.5 - SQL Injection
by Skraps
CVE-2011-2371 EXPLOITDB ruby VERIFIED
SeaMonkey through 2.0.14 - Remote Code Execution via Array.reduceRight Integer Overflow
Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object.
by Metasploit