Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-113134 EXPLOITDB text
Vivvo CMS - Local File Inclusion
by JaBrOtxHaCkEr
CVE-2011-5169 EXPLOITDB text VERIFIED
SonicWall ViewPoint 6.0 SP2 - SQL Injection via scheduleID Parameter
SQL injection vulnerability in sgms/reports/scheduledreports/configure/scheduleProps.jsp in SonicWall ViewPoint 6.0 SP2 allows remote attackers to execute arbitrary SQL commands via the scheduleID parameter.
by Rem0ve
CVE-2011-4335 EXPLOITDB text VERIFIED
Contao < 2.10.2 - Cross-Site Scripting via PATH_INFO to index.php
Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) teachers/ action.
by Stefan Schurtz
CVE-2011-5168 EXPLOITDB text VERIFIED
banana_dance < 0.9 - SQL Injection via user.php id Parameter
SQL injection vulnerability in user.php in Banana Dance before B.1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Aodrulez
CVE-2011-3597 EXPLOITDB text VERIFIED
Digest < 1.17 - Eval Injection via new Constructor
Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor.
by anonymous
CVE-2011-1653 EXPLOITDB ruby VERIFIED
CA Total Defense UNC Server r12 - SQL Injection
Multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 allow remote attackers to execute arbitrary SQL commands via vectors involving the (1) UnAssignFunctionalRoles, (2) UnassignAdminRoles, (3) DeleteFilter, (4) NonAssignedUserList, (5) DeleteReportLayout, (6) DeleteReports, and (7) RegenerateReport stored procedures.
by Metasploit
EIP-2026-107009 EXPLOITDB text
ezCourses - 'admin.asp' Security Bypass
by J.O
CVE-2011-3596 EXPLOITDB HIGH perl VERIFIED
Polipo < 1.0.4.1 - Denial of Service via HTTP POST/PUT Request
Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-crafted HTTP POST / PUT request.
by Usman Saeed
CVSS 7.5
CVE-2011-3863 EXPLOITDB text VERIFIED
RedLine < 1.66 - Cross-Site Scripting via s Parameter
Cross-site scripting (XSS) vulnerability in the RedLine theme before 1.66 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
by SiteWatch
CVE-2011-3862 EXPLOITDB text VERIFIED
Morning Coffee < 3.6 - Cross-Site Scripting via PATH_INFO
Cross-site scripting (XSS) vulnerability in the Morning Coffee theme before 3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
by SiteWatch
CVE-2011-3865 EXPLOITDB text VERIFIED
Black-LetterHead < 1.6 - Cross-Site Scripting via PATH_INFO to index.php
Cross-site scripting (XSS) vulnerability in the Black-LetterHead theme before 1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
by SiteWatch
EIP-2026-114208 EXPLOITDB text VERIFIED
WordPress Plugin WP Bannerize 2.8.7 - 'ajax_sorter.php' SQL Injection
by Miroslav Stampar
EIP-2026-113588 EXPLOITDB text VERIFIED
WordPress Plugin Bannerize 2.8.7 - SQL Injection
by Miroslav Stampar
EIP-2026-111534 EXPLOITDB text VERIFIED
ProjectForum 7.0.1 3038 - 'more' Object HTML Injection
by Paul Davis
EIP-2026-109326 EXPLOITDB text
Marinet CMS - 'room.php' Blind SQL Injection
by BHG Security Center
EIP-2026-107066 EXPLOITDB php
Feed on Feeds 0.5 - Remote PHP Code Injection
by EgiX
CVE-2011-4062 EXPLOITDB bash VERIFIED
FreeBSD 7.3-9.0-RC1 - Buffer Overflow via Long UNIX Socket Pathname in bind System Call
Buffer overflow in the kernel in FreeBSD 7.3 through 9.0-RC1 allows local users to cause a denial of service (panic) or possibly gain privileges via a bind system call with a long pathname for a UNIX socket.
by Shaun Colley
CVE-2011-3976 EXPLOITDB ruby
AmmSoft ScriptFTP 3.3 - Buffer Overflow
Stack-based buffer overflow in AmmSoft ScriptFTP 3.3 allows remote FTP servers to execute arbitrary code via a long filename in a response to a LIST command, as demonstrated using (1) GETLIST or (2) GETFILE in a ScriptFTP script.
by otoy
EIP-2026-115908 EXPLOITDB text VERIFIED
NCSS 07.1.21 - Array Overflow with Write2
by Luigi Auriemma
CVE-2011-3858 EXPLOITDB text VERIFIED
zespia/pixiv_custom < 2.1.6 - Cross-Site Scripting via s Parameter
Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
by SiteWatch
CVE-2011-3852 EXPLOITDB text VERIFIED
EvoLve < 1.2.6 - Cross-Site Scripting via s Parameter
Cross-site scripting (XSS) vulnerability in the EvoLve theme before 1.2.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
by SiteWatch
CVE-2011-3856 EXPLOITDB text VERIFIED
WordPress Elegant Grunge <1.0.4 - XSS
Cross-site scripting (XSS) vulnerability in the Elegant Grunge theme before 1.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
by SiteWatch
CVE-2011-3850 EXPLOITDB text VERIFIED
Atahualpa < 3.6.8 - Cross-Site Scripting via s Parameter
Cross-site scripting (XSS) vulnerability in the Atahualpa theme before 3.6.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
by SiteWatch
EIP-2026-112831 EXPLOITDB text VERIFIED
Typo3 - File Disclosure
by Number 7
EIP-2026-108188 EXPLOITDB text VERIFIED
Joomla! < 1.7.0 - Multiple Cross-Site Scripting Vulnerabilities
by Aung Khant