Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-108373 EXPLOITDB text VERIFIED
Joomla! Component com_idoblog - SQL Injection
by NOCKAR1111
EIP-2026-115400 EXPLOITDB python VERIFIED
HttpBlitz Web Server - Denial of Service
by otoy
EIP-2026-112403 EXPLOITDB text VERIFIED
SquareCMS 0.3.1 - 'post.php' SQL Injection
by cOndemned
EIP-2026-108604 EXPLOITDB text VERIFIED
Joomla! Component com_xmovie 1.0 - Local File Inclusion
by KelvinX
EIP-2026-107757 EXPLOITDB text
iDevSpot iDevCart 1.10 - Multiple Local File Inclusions
by v3n0m
EIP-2026-106271 EXPLOITDB html VERIFIED
CubeCart 3.0.6 - Cross-Site Request Forgery (Add Admin)
by P0C T34M
EIP-2026-103143 EXPLOITDB text VERIFIED
IBM Tivoli Access Manager 6.1.1 for E-Business - Directory Traversal
by anonymous
EIP-2026-114554 EXPLOITDB text VERIFIED
Ypninc Realty Classifieds - SQL Injection
by Br0ly
EIP-2026-112298 EXPLOITDB text VERIFIED
Social Share - 'search' Cross-Site Scripting
by Aliaksandr Hartsuyeu
CVE-2010-5096 EXPLOITDB text VERIFIED
MyBB < 1.6.1 - SQL Injection via Search or Private Keywords Parameter
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a (1) do_search action to search.php or (2) do_stuff action to private.php. NOTE: the vendor disputes this issue, saying "Although this doesn't lead to an SQL injection, it does provide a general MyBB SQL error.
by Aung Khant
CVE-2010-5096 EXPLOITDB text VERIFIED
MyBB < 1.6.1 - SQL Injection via Search or Private Keywords Parameter
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a (1) do_search action to search.php or (2) do_stuff action to private.php. NOTE: the vendor disputes this issue, saying "Although this doesn't lead to an SQL injection, it does provide a general MyBB SQL error.
by Aung Khant
EIP-2026-108486 EXPLOITDB text
Joomla! Component com_ponygallery - Remote File Inclusion
by AtT4CKxT3rR0r1ST
EIP-2026-108256 EXPLOITDB text
Joomla! Component com_adsmanager - Remote File Inclusion
by AtT4CKxT3rR0r1ST
EIP-2026-107948 EXPLOITDB text VERIFIED
IPN Development Handler 2.0 - Multiple Vulnerabilities
by AtT4CKxT3rR0r1ST
EIP-2026-106270 EXPLOITDB text
CubeCart 3.0.4 - SQL Injection
by Dr.NeT
EIP-2026-105647 EXPLOITDB text VERIFIED
Built2Go PHP Shopping - SQL Injection
by Br0ly
EIP-2026-103860 EXPLOITDB text VERIFIED
Appweb Web Server 3.2.2-1 - Cross-Site Scripting
by Gjoko Krstic
EIP-2026-101657 EXPLOITDB text
D-Link WBR-1310 - Authentication Bypass
by Craig Heffner
CVE-2010-3973 EXPLOITDB html VERIFIED
WMI Administrative Tools < 1.1 - Remote Code Execution via WBEMSingleView.ocx AddContextRef Method
The WMITools ActiveX control in WBEMSingleView.ocx 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted argument to the AddContextRef method, possibly an untrusted pointer dereference, aka "Microsoft WMITools ActiveX Control Vulnerability."
by WooYun
CVE-2010-4588 EXPLOITDB html VERIFIED
WMI Administrative Tools < 1.1 - Remote Code Execution via WBEMSingleView.ocx ReleaseContext Method
The WBEMSingleView.ocx ActiveX control 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier allows remote attackers to execute arbitrary code via a crafted argument to the ReleaseContext method, a different vector than CVE-2010-3973, possibly an untrusted pointer dereference.
by WooYun
EIP-2026-113524 EXPLOITDB text VERIFIED
WordPress Plugin Accept Signups 0.1 - Cross-Site Scripting
by clshack
EIP-2026-113523 EXPLOITDB text VERIFIED
WordPress Plugin Accept Signups 0.1 - 'email' Cross-Site Scripting
by clshack
EIP-2026-108243 EXPLOITDB text VERIFIED
Joomla! Component Classified - SQL Injection
by R4dc0re
CVE-2010-4566 EXPLOITDB text VERIFIED
Citrix Access Gateway <5.0 - Command Injection
The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field.
by George D. Gal
EIP-2026-100984 EXPLOITDB php
Apple iOS Safari - 'JS .' Remote Crash
by Yakir Wizman