Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-107563 EXPLOITDB text VERIFIED
HB eCommerce - SQL Injection
by takeshix
EIP-2026-106219 EXPLOITDB html
cPanel < 11.25 - Cross-Site Request Forgery (Add User PHP Script)
by ninjashell
EIP-2026-105932 EXPLOITDB python VERIFIED
Clipbucket 2.4 RC2 645 - SQL Injection
by AutoSec Tools
EIP-2026-103067 EXPLOITDB text VERIFIED
Asterisk 1.8.4.1 - SIP 'REGISTER' Request User Enumeration
by Francesco Tornieri
EIP-2026-112673 EXPLOITDB text
Tickets 2.13 - SQL Injection
by AutoSec Tools
EIP-2026-109463 EXPLOITDB text VERIFIED
MidiCMS Website Builder - Local File Inclusion / Arbitrary File Upload
by KedAns-Dz
EIP-2026-109044 EXPLOITDB text VERIFIED
Kryn.cms 0.9 - '_kurl' Cross-Site Scripting
by AutoSec Tools
EIP-2026-108539 EXPLOITDB text VERIFIED
Joomla! Component com_shop - SQL Injection
by ThunDEr HeaD
EIP-2026-107692 EXPLOITDB text
i-doIT 0.9.9-4 - Local File Inclusion
by AutoSec Tools
EIP-2026-106975 EXPLOITDB text
Extcalendar 2.0b2 - 'cal_search.php' SQL Injection
by High-Tech Bridge SA
EIP-2026-106806 EXPLOITDB text
eGroupWare 1.8.001.20110421 - Multiple Vulnerabilities
by AutoSec Tools
CVE-2008-3922 EXPLOITDB ruby VERIFIED
AWStats Totals 1.0-1.14 - Remote Code Execution via Sort Parameter
awstatstotals.php in AWStats Totals 1.0 through 1.14 allows remote attackers to execute arbitrary code via PHP sequences in the sort parameter, which is used by the multisort function when dynamically creating an anonymous PHP function.
by Metasploit
CVE-2011-1938 EXPLOITDB php VERIFIED
PHP 5.3.3-5.3.6 - Stack-Based Buffer Overflow in socket_connect
Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket.
by Marek Kroemeke
EIP-2026-103240 EXPLOITDB text VERIFIED
Vordel Gateway 6.0.3 - Directory Traversal
by Brian W. Gary
EIP-2026-101426 EXPLOITDB text VERIFIED
RXS-3211 IP Camera - UDP Packet Password Information Disclosure
by Spare Clock Cycles
EIP-2026-100760 EXPLOITDB text VERIFIED
BlackBoard Learn 8.0 - 'keywordraw' Cross-Site Scripting
by Matt Jezorek
EIP-2026-111193 EXPLOITDB text VERIFIED
phpScheduleIt 1.2.12 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
EIP-2026-105052 EXPLOITDB text VERIFIED
Ajax Chat 1.0 - 'ajax-chat.php' Cross-Site Scripting
by High-Tech Bridge SA
EIP-2026-103973 EXPLOITDB python VERIFIED
Lumension Security Lumension Device Control 4.x - Memory Corruption
by Andy Davis
EIP-2026-103907 EXPLOITDB text VERIFIED
Gadu-Gadu Instant Messenger 6.0 - File Transfer Cross-Site Scripting
by Kacper Szczesniak
CVE-2011-2386 EXPLOITDB ruby VERIFIED
VisiWave Site Survey < 2.1.9 - Remote Code Execution via Invalid Type Property in VWS/VWR Files
VisiWaveReport.exe in AZO Technologies, Inc. VisiWave Site Survey before 2.1.9 allows user-assisted remote attackers to execute arbitrary code via a (1) vws and (2) vwr file with an invalid Type property, which triggers an untrusted pointer dereference.
by Metasploit
EIP-2026-113002 EXPLOITDB text VERIFIED
vBulletin 4.0.x 4.1.2 - 'search.php' SQL Injection
by D4rkB1t
EIP-2026-111179 EXPLOITDB text
PHPortfolio - SQL Injection
by lionaneesh
EIP-2026-108781 EXPLOITDB text VERIFIED
Joomla! Component Map Locator - 'cid' SQL Injection
by FL0RiX
CVE-2011-10021 EXPLOITDB HIGH ruby VERIFIED
Magix Musik Maker 16 - Buffer Overflow
Magix Musik Maker 16 is vulnerable to a stack-based buffer overflow due to improper handling of .mmm arrangement files. The vulnerability arises from an unsafe strcpy() operation that fails to validate input length, allowing attackers to overwrite the Structured Exception Handler (SEH). By crafting a malicious .mmm file, an attacker can trigger the overflow when the file is opened, potentially leading to arbitrary code execution. This vulnerability was remediated in version 17.
by Metasploit