Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2011-1546 EXPLOITDB text VERIFIED
Andy's PHP Knowledgebase <0.95.3 - SQL Injection
Multiple SQL injection vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.3 allow remote attackers to execute arbitrary SQL commands via the s parameter to (1) a_viewusers.php or (2) keysearch.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (3) id or (4) start parameter to pending.php, or the (5) aid parameter to a_authordetails.php. NOTE: some of these details are obtained from third party information.
by Mark Stanislav
EIP-2026-104140 EXPLOITDB java VERIFIED
Zend Java Bridge - Remote Code Execution
by ikki
CVE-2011-1487 EXPLOITDB text VERIFIED
Perl 5.10.x-5.12.3 and 5.13.x-5.13.11 - Taint Protection Bypass via lc, lcfirst, uc, and ucfirst Functions
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
by mmartinec
EIP-2026-102869 EXPLOITDB perl VERIFIED
HT Editor 2.0.18 - File Opening Stack Overflow
by ZadYree
EIP-2026-100232 EXPLOITDB text VERIFIED
CosmoQuest - Authentication Bypass
by Net.Edit0r
EIP-2026-118462 EXPLOITDB text VERIFIED
Easy File Sharing Web Server 5.8 - Multiple Vulnerabilities
by AutoSec Tools
EIP-2026-117307 EXPLOITDB python VERIFIED
IDEAL Administration 2011 11.4 - Local Buffer Overflow (SEH)
by Dr_IDE
EIP-2026-116544 EXPLOITDB python VERIFIED
Winamp 5.61 - AVI Denial of Service (PoC)
by BraniX
EIP-2026-116202 EXPLOITDB python
Rumble 0.25.2232 - Denial of Service
by AutoSec Tools
EIP-2026-115795 EXPLOITDB python VERIFIED
Microsoft Windows Explorer 6.0.2900.5512 - 'Shmedia.dll 6.0.2900.5512' AVI Preview Denial of Service (PoC)
by BraniX
EIP-2026-115342 EXPLOITDB python VERIFIED
GOM Player 2.1.28.5039 - AVI Denial of Service (PoC)
by BraniX
EIP-2026-114453 EXPLOITDB text VERIFIED
XOOPS - 'view_photos.php' Cross-Site Scripting
by KedAns-Dz
CVE-2011-1671 EXPLOITDB text VERIFIED
Tracks 1.7.2, 2.0RC2, and 2.0devel - Cross-Site Scripting via PATH_INFO to todos/tag/
Cross-site scripting (XSS) vulnerability in app/controllers/todos_controller.rb in Tracks 1.7.2, 2.0RC2, and 2.0devel allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to todos/tag/. NOTE: some of these details are obtained from third party information.
by Mesut Timur
EIP-2026-112393 EXPLOITDB text VERIFIED
Spitfire 1.0.3x - 'cms_username' Cross-Site Scripting
by High-Tech Bridge SA
EIP-2026-110392 EXPLOITDB text VERIFIED
oscss2 2.1.0 rc12 - Multiple Vulnerabilities
by AutoSec Tools
EIP-2026-110391 EXPLOITDB text VERIFIED
osCSS 2.1 - Multiple Cross-Site Scripting / Local File Inclusions
by AutoSec Tools
EIP-2026-105882 EXPLOITDB text VERIFIED
Claroline 1.10 - Persistent Cross-Site Scripting
by AutoSec Tools
CVE-2011-1556 EXPLOITDB text VERIFIED
Andy's PHP Knowledgebase 0.95.4 - SQL Injection
SQL injection vulnerability in plugins/pdfClasses/pdfgen.php in Andy's PHP Knowledgebase (Aphpkb) 0.95.4 allows remote attackers to execute arbitrary SQL commands via the pdfa parameter.
by AutoSec Tools
EIP-2026-103955 EXPLOITDB python
jHTTPd 0.1a - Directory Traversal
by AutoSec Tools
CVE-2011-4342 EXPLOITDB text
BackWPup < 1.7.1 - Remote Code Execution via wpabs Parameter
PHP remote file inclusion vulnerability in wp_xml_export.php in the BackWPup plugin before 1.7.2 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpabs parameter.
by Sense of Security
EIP-2026-113264 EXPLOITDB text VERIFIED
webEdition CMS 6.1.0.2 - 'DOCUMENT_ROOT' Local File Inclusion
by eidelweiss
EIP-2026-113263 EXPLOITDB text
webEdition CMS - Local File Inclusion
by eidelweiss
EIP-2026-107613 EXPLOITDB text VERIFIED
Honey Soft Web Solution - Multiple Vulnerabilities
by **RoAd_KiLlEr**
EIP-2026-105881 EXPLOITDB text VERIFIED
Claroline 1.10 - Multiple HTML Injection Vulnerabilities
by AutoSec Tools
EIP-2026-105097 EXPLOITDB text VERIFIED
Alkacon OpenCMS 7.5.x - Multiple Cross-Site Scripting Vulnerabilities
by antisnatchor