Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2011-1062 EXPLOITDB text VERIFIED
TaskFreak! 0.6.4 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in include/html/header.php in TaskFreak! 0.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sContext, (2) sort, (3) dir, and (4) show parameters in a save action to index.php; the (5) dir and (6) show parameters to print_list.php; and the (7) HTTP referer header to rss.php. NOTE: some of these details are obtained from third party information.
by LiquidWorm
CVE-2011-1062 EXPLOITDB text VERIFIED
TaskFreak! 0.6.4 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in include/html/header.php in TaskFreak! 0.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sContext, (2) sort, (3) dir, and (4) show parameters in a save action to index.php; the (5) dir and (6) show parameters to print_list.php; and the (7) HTTP referer header to rss.php. NOTE: some of these details are obtained from third party information.
by LiquidWorm
CVE-2011-1100 EXPLOITDB text
Pixelpost 1.7.3 - Authenticated SQL Injection via findfid, id, selectfcat, selectfmon, or selectftag Parameter
Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost 1.7.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) findfid, (2) id, (3) selectfcat, (4) selectfmon, or (5) selectftag parameter in an images action.
by LiquidWorm
EIP-2026-106905 EXPLOITDB text VERIFIED
Escort Agency CMS - Blind SQL Injection
by NoNameMT
EIP-2026-106505 EXPLOITDB text VERIFIED
Dokeos 1.8.6 2 - 'style' Cross-Site Scripting
by AutoSec Tools
EIP-2026-117633 EXPLOITDB python VERIFIED
MoviePlay 4.82 - '.lst' Local Buffer Overflow
by sickness
EIP-2026-109053 EXPLOITDB text VERIFIED
Kunena < 1.5.13 / < 1.6.3 - SQL Injection
by Red Matter
CVE-2009-0932 EXPLOITDB text VERIFIED
Horde < 3.2.4 and 3.3.3 and Horde Groupware < 1.1.5 - Remote Code Execution via Image Driver Path Traversal
Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.
by skysbsb
EIP-2026-107384 EXPLOITDB text VERIFIED
Geomi CMS 1.2/3.0 - SQL Injection
by ThunDEr HeaD
EIP-2026-106589 EXPLOITDB html VERIFIED
Drupal Module CAPTCHA - Security Bypass
by anonymous
EIP-2026-102516 EXPLOITDB python VERIFIED
Openedit 5.1294 - Remote Code Execution
by mr_me
EIP-2026-116612 EXPLOITDB python VERIFIED
XM Easy Personal FTP Server 5.8.0 - 'TYPE' Denial of Service
by Houssam Sahli
EIP-2026-113270 EXPLOITDB python VERIFIED
webERP 4.0.1 - 'InputSerialItemsFile.php' Arbitrary File Upload
by AutoSec Tools
EIP-2026-111835 EXPLOITDB text VERIFIED
RunCMS 2.2.2 - 'register.php' SQL Injection
by High-Tech Bridge SA
CVE-2010-3272 EXPLOITDB text VERIFIED
ZOHO ManageEngine ADSelfService Plus <4.5 Build 4500 - RCE
accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 makes it easier for remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1) Hide_Captcha or (2) quesList parameter in a validateAll action.
by Core Security
CVE-2010-3274 EXPLOITDB text VERIFIED
ZOHO ManageEngine ADSelfService Plus <4.5.4500 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action.
by Core Security
EIP-2026-106529 EXPLOITDB text VERIFIED
Dolphin 7.0.4 - Multiple Cross-Site Scripting Vulnerabilities
by AutoSec Tools
EIP-2026-104309 EXPLOITDB python
LocatePC 1.05 (Ligatt Version + Others) - SQL Injection
by anonymous
EIP-2026-101349 EXPLOITDB text
Linksys WAP610N - Root Access Security
by Matteo Ignaccolo
EIP-2026-119237 EXPLOITDB perl
Unreal Tournament - Remote Buffer Overflow (SEH)
by Fulcrum
EIP-2026-118189 EXPLOITDB python VERIFIED
xRadio 0.95b - '.xrl' Local Buffer Overflow (SEH)
by b0telh0
EIP-2026-117029 EXPLOITDB c
DESlock+ < 4.1.10 - 'vdlptokn.sys' Local Kernel Ring0 SYSTEM
by mu-b
EIP-2026-113720 EXPLOITDB text
WordPress Plugin Enable Media Replace - Multiple Vulnerabilities
by Ulf Harnhammar
EIP-2026-113202 EXPLOITDB text VERIFIED
Web 2.0 Social Network Freunde Community - SQL Injection
by NoNameMT
EIP-2026-112354 EXPLOITDB text
SourceBans 1.4.7 - Cross-Site Scripting
by Sw1tCh