Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-112994 EXPLOITDB text
vBulletin 3.8.4/3.8.5 - Registration Bypass
by Immortal Boy
CVE-2010-3212 EXPLOITDB text VERIFIED
Seagull <= 0.6.7 - SQL Injection via frmQuestion Parameter
SQL injection vulnerability in index.php in Seagull 0.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via the frmQuestion parameter in a retrieve action, in conjunction with a user/password PATH_INFO.
by Sweet
CVE-2010-3210 EXPLOITDB text
Multi-lingual E-Commerce System 0.2 - RCE
Multiple PHP remote file inclusion vulnerabilities in Multi-lingual E-Commerce System 0.2 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) checkout2-CYM.php, (2) checkout2-EN.php, (3) checkout2-FR.php, (4) cat-FR.php, (5) cat-EN.php, (6) cat-CYM.php, (7) checkout1-CYM.php, (8) checkout1-EN.php, (9) checkout1-FR.php, (10) prod-CYM.php, (11) prod-EN.php, and (12) prod-FR.php in inc/.
by JosS
EIP-2026-109352 EXPLOITDB text VERIFIED
Max's Guestbook - HTML Injection / Cross-Site Scripting
by MiND C0re
EIP-2026-107522 EXPLOITDB text VERIFIED
GuestBookPlus - HTML Injection / Bypass Comments Limit
by MiND C0re
EIP-2026-105797 EXPLOITDB text
CF Image Hosting Script 1.3.8 - Remote File Inclusion
by FoX HaCkEr
CVE-2009-2629 EXPLOITDB python VERIFIED
nginx <0.5.37, <0.6.39, <0.7.62, <0.8.15 - RCE
Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
by Aaron Conole
EIP-2026-115550 EXPLOITDB text VERIFIED
LeadTools ActiveX Raster Twain 16.5 - 'LtocxTwainu.dll' Buffer Overflow (PoC)
by LiquidWorm
CVE-2008-2094 EXPLOITDB text VERIFIED
XOOPS Article Module - SQL Injection via id Parameter
SQL injection vulnerability in article.php in the Article module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter.
by []0iZy5
CVE-2010-3205 EXPLOITDB text
Textpattern CMS 4.2.0 - Remote Code Execution via index.php inc Parameter
PHP remote file inclusion vulnerability in index.php in Textpattern CMS 4.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter.
by Sn!pEr.S!Te
CVE-2010-3207 EXPLOITDB text VERIFIED
galeriashqip 1.0 - SQL Injection via album_id Parameter
SQL injection vulnerability in index.php in GaleriaSHQIP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the album_id parameter. NOTE: some of these details are obtained from third party information.
by Valentin
CVE-2010-3206 EXPLOITDB text
diy-cms 1.0 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in DiY-CMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang parameter to modules/guestbook/blocks/control.block.php, (2) main_module parameter to index.php, and (3) getFile parameter to includes/general.functions.php.
by LoSt.HaCkEr
EIP-2026-105796 EXPLOITDB text VERIFIED
CF Image Hosting Script 1.3 - 'settings.cdb' Information Disclosure
by Dr.$audi
EIP-2026-105530 EXPLOITDB python VERIFIED
Blogman 0.7.1 - 'profile.php' SQL Injection
by Ptrace Security
CVE-2010-3204 EXPLOITDB text
Pecio CMS 2.0.5 - Remote Code Execution via Template Parameter File Inclusion
Multiple PHP remote file inclusion vulnerabilities in Pecio CMS 2.0.5 allow remote attackers to execute arbitrary PHP code via a URL in the template parameter to (1) post.php, (2) article.php, (3) blog.php, or (4) home.php in pec_templates/nova-blue/.
by eidelweiss
EIP-2026-110524 EXPLOITDB html
Pc4Uploader 9.0 - Cross-Site Request Forgery
by RENO
CVE-2008-5841 EXPLOITDB text VERIFIED
iGaming CMS < 1.5 - SQL Injection via browse Parameter
Multiple SQL injection vulnerabilities in iGaming 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the browse parameter to (1) previews.php and (2) reviews.php, and the (3) id parameter to index.php in a viewarticle action.
by Sweet
EIP-2026-106915 EXPLOITDB text
Esvon Classifieds 4.0 - Multiple Vulnerabilities
by Sn!pEr.S!Te
EIP-2026-103296 EXPLOITDB perl
McAfee LinuxShield 1.5.1 - Local/Remote File Inclusion / Remote Code Execution
by Nikolas Sotiriu
CVE-2010-2959 EXPLOITDB c VERIFIED
Linux kernel <2.6.27.53-2.6.35.4 - RCE/DoS
Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service (system crash) via crafted CAN traffic.
by Jon Oberheide
EIP-2026-100544 EXPLOITDB text VERIFIED
Shop Creator 4.0 - SQL Injection
by Pouya_Server
EIP-2026-112947 EXPLOITDB text VERIFIED
Valarsoft WebMatic 3.0.5 - Multiple HTML Injection Vulnerabilities
by High-Tech Bridge SA
EIP-2026-112571 EXPLOITDB text VERIFIED
TCMS - Multiple Input Validation Vulnerabilities
by High-Tech Bridge SA
EIP-2026-111547 EXPLOITDB text VERIFIED
Prometeo 1.0.65 - SQL Injection
by Lord Tittis3000
EIP-2026-110383 EXPLOITDB text
osCommerce Online Merchant - Remote File Inclusion
by LoSt.HaCkEr