Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-112768 EXPLOITDB text VERIFIED
Tradingeye E-Commerce Shopping Cart - Multiple Vulnerabilities
by $#4d0\/\/[r007k17]
EIP-2026-112380 EXPLOITDB text VERIFIED
Sphider 1.3.x - Admin Panel Multiple SQL Injections
by Karthik R
EIP-2026-110453 EXPLOITDB html VERIFIED
Pandora Fms 3.2.1 - Cross-Site Request Forgery
by mehdi boukazoula
EIP-2026-108603 EXPLOITDB text VERIFIED
Joomla! Component com_xmap 1.2.11 - Blind SQL Injection
by jdc
EIP-2026-107105 EXPLOITDB text
Fire Soft Board 2.0.1 - Persistent Cross-Site Scripting (Admin Panel)
by _jill for A-S
CVE-2011-3642 EXPLOITDB CRITICAL text VERIFIED
Flowplayer Flash 3.2.7-3.2.16 - Cross-Site Scripting via Plugin Configuration Directive
Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system (news) extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script or HTML via the plugin configuration directive in a reference to an external domain plugin.
by Szymon Gruszecki
CVSS 9.6
EIP-2026-100980 EXPLOITDB text VERIFIED
Alice Modem 1111 - 'rulename' Cross-Site Scripting / Denial of Service
by Moritz Naumann
EIP-2026-113607 EXPLOITDB text VERIFIED
WordPress Plugin bSuite 4.0.7 - Multiple HTML Injection Vulnerabilities
by IHTeam
EIP-2026-111549 EXPLOITDB text VERIFIED
Prontus CMS - 'page' Cross-Site Scripting
by Zerial
EIP-2026-107742 EXPLOITDB text VERIFIED
ICMusic 1.2 - 'music_id' SQL Injection
by kaMtiEz
EIP-2026-107413 EXPLOITDB text VERIFIED
Gilnet News - 'read_more.php' SQL Injection
by Err0R
CVE-2011-0073 EXPLOITDB ruby VERIFIED
Mozilla Firefox <3.5.19 & <3.6.17, SeaMonkey <2.0.14 - RCE
Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."
by Metasploit
EIP-2026-118559 EXPLOITDB python VERIFIED
Freefloat FTP Server - 'LIST' Remote Buffer Overflow
by Zer0 Thunder
EIP-2026-112807 EXPLOITDB text
Tugux CMS 1.2 - 'pid' Arbitrary File Deletion
by LiquidWorm
CVE-2011-2505 EXPLOITDB php VERIFIED
phpMyAdmin 3.x < 3.3.10.2 and 3.4.x < 3.4.3.1 - Remote Variable Manipulation via Swekey Authentication Query String
libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted request, related to a "remote variable manipulation vulnerability."
by Mango
CVE-2011-0546 EXPLOITDB text VERIFIED
Symantec Backup Exec 11.0-13.0 R2 - Unauthenticated NDMP Command Execution via Man-in-the-Middle
Symantec Backup Exec 11.0, 12.0, 12.5, 13.0, and 13.0 R2 does not validate identity information sent between the media server and the remote agent, which allows man-in-the-middle attackers to execute NDMP commands via unspecified vectors.
by Nibin
CVE-2011-5124 EXPLOITDB ruby VERIFIED
Blue Coat ProxyOne and ProxySG - Stack-Based Buffer Overflow via Large Packet to Synchronization Port
Stack-based buffer overflow in the BCAAA component before build 60258, as used by Blue Coat ProxySG 4.2.3 through 6.1 and ProxyOne, allows remote attackers to execute arbitrary code via a large packet to the synchronization port (16102/tcp).
by Metasploit
EIP-2026-111416 EXPLOITDB text VERIFIED
Portix-CMS 1.5.0. rc5 - Local File Inclusion
by Or4nG.M4N
CVE-2011-2506 EXPLOITDB php VERIFIED
phpMyAdmin 3.x < 3.3.10.2 and 3.4.x < 3.4.3.1 - Remote Code Injection via SESSION Superglobal
setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array.
by Mango
EIP-2026-118201 EXPLOITDB perl VERIFIED
ZipGenius 6.3.2.3000 - '.zip' Local Buffer Overflow
by C4SS!0 G0M3S
EIP-2026-116650 EXPLOITDB perl VERIFIED
ZipWiz 2005 5.0 - '.zip' Buffer Corruption
by C4SS!0 G0M3S
EIP-2026-116649 EXPLOITDB perl VERIFIED
ZipItFast 3.0 - '.zip' Heap Overflow
by C4SS!0 G0M3S
CVE-2011-2506 EXPLOITDB python VERIFIED
phpMyAdmin 3.x < 3.3.10.2 and 3.4.x < 3.4.3.1 - Remote Code Injection via SESSION Superglobal
setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array.
by wofeiwo
EIP-2026-108588 EXPLOITDB text VERIFIED
Joomla! Component com_voj - SQL Injection
by CoBRa_21
EIP-2026-105209 EXPLOITDB text
appRain Quick Start Edition Core Edition Multiple 0.1.4-Alpha - Cross-Site Scripting
by SecPod Research