Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-111722 EXPLOITDB text VERIFIED
ReCMS - 'users_lang' Directory Traversal
by Locu
EIP-2026-110436 EXPLOITDB perl
Oxygen2PHP 1.1.3 - 'post.php' Blind SQL Injection
by Dante90
EIP-2026-110434 EXPLOITDB perl
Oxygen2PHP 1.1.3 - 'forumdisplay.php' Blind SQL Injection
by Dante90
EIP-2026-109940 EXPLOITDB text VERIFIED
NinkoBB - Cross-Site Request Forgery
by ADEO Security
EIP-2026-108325 EXPLOITDB text
Joomla! Component com_dateconverter 0.1 - SQL Injection
by RoAd_KiLlEr
CVE-2010-4980 EXPLOITDB text VERIFIED
iScripts ReserveLogic 1.0 - SQL Injection
SQL injection vulnerability in packagedetails.php in iScripts ReserveLogic 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
by Salvatore Fresta
CVE-2010-2624 EXPLOITDB text VERIFIED
iScripts EasySnaps 2.0 - SQL Injection via Comment Parameter
Multiple SQL injection vulnerabilities in iScripts EasySnaps 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) comment parameter to add_comments.php, (2) values parameter to tags_details.php, or (3) begin parameter to greetings.php.
by Salvatore Fresta
EIP-2026-107885 EXPLOITDB text
Interscan Web Security 5.0 - Persistent Cross-Site Scripting
by Ivan Huertas
EIP-2026-107135 EXPLOITDB text VERIFIED
Flatnux 2010-06.09 - 'find' Cross-Site Scripting
by ITSecTeam
EIP-2026-106562 EXPLOITDB text VERIFIED
DPScms - 'q' SQL Injection / Cross-Site Scripting
by Ariko-Security
CVE-2005-3757 EXPLOITDB ruby VERIFIED
Google Mini Search Appliance - Remote Code Execution via XSLT Style Sheet Select Attribute
The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to obtain sensitive information and execute arbitrary code via dangerous Java class methods in select attribute of xsl:value-of tags in XSLT style sheets, such as (1) system-property, (2) sys:getProperty, and (3) run:exec.
by Metasploit
EIP-2026-100546 EXPLOITDB text VERIFIED
SIDA University System - SQL Injection
by K053
EIP-2026-100543 EXPLOITDB text
Setiran CMS - Blind SQL Injection
by Th3 RDX
CVE-2010-5330 EXPLOITDB CRITICAL text VERIFIED
Ubiquiti AirOS < 4.0.1 - Command Injection via stainfo.cgi ifname Parameter
On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. For example, Nanostation5 (Air OS) is affected.
by emgent
CVSS 9.8
EIP-2026-113269 EXPLOITDB html
webERP 3.11.4 - Multiple Vulnerabilities
by ADEO Security
EIP-2026-112537 EXPLOITDB text VERIFIED
System CMS Contentia - 'news.php' SQL Injection
by GlaDiaT0R
CVE-2010-2623 EXPLOITDB text
Internet DM Specialist Bed and Breakfast - SQL Injection via pp_id Parameter
SQL injection vulnerability in pages.php in Internet DM Specialist Bed and Breakfast allows remote attackers to execute arbitrary SQL commands via the pp_id parameter.
by JaMbA
EIP-2026-112024 EXPLOITDB perl VERIFIED
ShopCartDx 4.30 - 'products.php' Blind SQL Injection
by Dante90
EIP-2026-110867 EXPLOITDB perl
PHP-Nuke 8.0 - SQL Injection
by Dante90
EIP-2026-110435 EXPLOITDB perl
Oxygen2PHP 1.1.3 - 'member.php' SQL Injection
by Dante90
CVE-2010-2622 EXPLOITDB text VERIFIED
Joomanager - SQL Injection via catid Parameter
SQL injection vulnerability in the Joomanager component, possibly 1.1.1, for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
by Sid3^effects
CVE-2010-2690 EXPLOITDB text
JOOFORGE Gamesbox <1.0.2 - SQL Injection
SQL injection vulnerability in the JOOFORGE Gamesbox (com_gamesbox) component 1.0.2, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a consoles action to index.php.
by v3n0m
CVE-2010-4968 EXPLOITDB text
Joomla! com_wmtpic <1.0 - SQL Injection
SQL injection vulnerability in the webmaster-tips.net Flash Gallery (com_wmtpic) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
by RoAd_KiLlEr
EIP-2026-107455 EXPLOITDB text
Golf Club Site - SQL Injection
by JaMbA
EIP-2026-119372 EXPLOITDB text
Gekko CMS - SQL Injection
by []0iZy5