Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-104803 EXPLOITDB text VERIFIED
1024 CMS 1.1.0 Beta - Multiple Input Validation Vulnerabilities
by QSecure & Demetris Papapetrou
EIP-2026-101272 EXPLOITDB text VERIFIED
FiberHome HG-110 - Cross-Site Scripting / Directory Traversal
by Zerial
CVE-2011-10009 EXPLOITDB HIGH text VERIFIED
S40 CMS 0.4.2 - Unauthenticated Path Traversal via Index.php p Parameter
S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and access arbitrary files outside the web root. This can be exploited remotely without authentication by appending traversal sequences and a null byte to bypass file extension checks.
by Osirys
EIP-2026-113158 EXPLOITDB text VERIFIED
vTiger CRM 5.2.1 - 'vtigerservice.php' Cross-Site Scripting
by AutoSec Tools
EIP-2026-106807 EXPLOITDB text VERIFIED
eGroupWare 1.8.1 - 'test.php' Cross-Site Scripting
by AutoSec Tools
EIP-2026-100464 EXPLOITDB text VERIFIED
Omer Portal 3.220060425 - 'arama_islem.asp' Cross-Site Scripting
by kurdish hackers team
CVE-2011-1714 EXPLOITDB text
qooxdoo 1.3 - Cross-Site Scripting via Callback Parameter
Cross-site scripting (XSS) vulnerability in framework/source/resource/qx/test/jsonp_primitive.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web script or HTML via the callback parameter.
by AutoSec Tools
EIP-2026-117645 EXPLOITDB perl VERIFIED
MPlayer (r33064 Lite) - Local Buffer Overflow (ROP)
by Nate_M
EIP-2026-112612 EXPLOITDB text VERIFIED
TextPattern 4.2 - 'index.php' Cross-Site Scripting
by kurdish hackers team
CVE-2011-1723 EXPLOITDB text VERIFIED
Redmine 1.0.1-1.1.1 - Cross-Site Scripting via PATH_INFO
Cross-site scripting (XSS) vulnerability in app/views/layouts/base.rhtml in Redmine 1.0.1 through 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to projects/hg-helloworld/news/. NOTE: some of these details are obtained from third party information.
by Mesut Timur
EIP-2026-107494 EXPLOITDB text VERIFIED
greenpants 0.1.7 - Multiple Vulnerabilities
by Ptrace Security
EIP-2026-107481 EXPLOITDB html
Graugon Forum 1.3 - SQL Injection
by AutoSec Tools
CVE-2011-1715 EXPLOITDB text
qooxdoo 1.3 - Path Traversal via Delay.php File Parameter
Directory traversal vulnerability in framework/source/resource/qx/test/part/delay.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to read arbitrary files via ..%2f (encoded dot dot) sequences in the file parameter.
by AutoSec Tools
EIP-2026-106567 EXPLOITDB text VERIFIED
Dream Vision Technologies Web Portal - SQL Injection
by eXeSoul
CVE-2011-1669 EXPLOITDB text
WP Custom Pages <0.5.0.1 - Path Traversal
Directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter.
by AutoSec Tools
EIP-2026-112921 EXPLOITDB text VERIFIED
UseBB 1.0.11 - 'admin.php' Local File Inclusion
by High-Tech Bridge SA
EIP-2026-112813 EXPLOITDB text
Tutorialms 1.4 - 'show' SQL Injection
by LiquidWorm
CVE-2011-5160 EXPLOITDB text
OpenEMR 4 - Cross-Site Scripting via Site Parameter
Cross-site scripting (XSS) vulnerability in setup.php in OpenEMR 4 allows remote attackers to inject arbitrary web script or HTML via the site parameter.
by AutoSec Tools
EIP-2026-106820 EXPLOITDB text VERIFIED
Eleanor CMS - Cross-Site Scripting / Multiple SQL Injections
by High-Tech Bridge SA
EIP-2026-104141 EXPLOITDB ruby VERIFIED
Zend Server Java Bridge - Arbitrary Java Code Execution (Metasploit)
by Metasploit
CVE-2009-5065 EXPLOITDB text VERIFIED
feedparser < 5.0 - Cross-Site Scripting via Nested CDATA Stanzas
Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas.
by fazalmajid
CVE-2010-3407 EXPLOITDB ruby VERIFIED
IBM Lotus Domino <8.0.2 FP5-8.5.1 FP2 - RCE
Stack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2 allows remote attackers to execute arbitrary code via a long e-mail address in an ORGANIZER:mailto header in an iCalendar calendar-invitation e-mail message, aka SPR NRBY7ZPJ9V.
by Metasploit
EIP-2026-114513 EXPLOITDB text VERIFIED
Yaws-Wiki 1.88-1 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
by Michael Brooks
EIP-2026-114462 EXPLOITDB text VERIFIED
XOOPS 2.5 - 'banners.php' Multiple Local File Inclusions
by KedAns-Dz
EIP-2026-114281 EXPLOITDB text VERIFIED
WordPress Plugin WPwizz AdWizz Plugin 1.0 - 'link' Cross-Site Scripting
by John Leitch