Exploitdb Exploits

2,009 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-102489 EXPLOITDB html VERIFIED
JReport - 'dealSchedules.jsp' Cross-Site Request Forgery
by Poonam Singh
EIP-2026-118247 EXPLOITDB html
Aladdin Knowledge Systems Ltd. PrivAgent - ActiveX Control Overflow
by blake
CVE-2013-6826 EXPLOITDB html VERIFIED
FortiAnalyzer < 5.0.5 - Cross-Site Request Forgery via csrf_token Parameter
cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks.
by William Costa
EIP-2026-118684 EXPLOITDB html
Indusoft Thin Client 7.1 - ActiveX Buffer Overflow
by blake
EIP-2026-116269 EXPLOITDB html
SolarWinds Server and Application Monitor - ActiveX 'Pepco32c' Buffer Overflow
by blake
EIP-2026-118766 EXPLOITDB html
McKesson - ActiveX File/Environmental Variable Enumeration
by blake
CVE-2013-2817 EXPLOITDB html
Mitsubishi Electric Automation MC-WorX Suite 8.02 - RCE
An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs via a crafted HTML document in conjunction with a Login Client button click.
by blake
EIP-2026-113724 EXPLOITDB html VERIFIED
WordPress Plugin Event Easy Calendar - Multiple Cross-Site Request Forgery Vulnerabilities
by anonymous
CVE-2013-6127 EXPLOITDB html VERIFIED
WellinTech KingView < 6.53 - Arbitrary File Write via SUPERGRIDLib.SuperGrid ReplaceDBFile Method
The SUPERGRIDLib.SuperGrid ActiveX control in SuperGrid.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict ReplaceDBFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the two pathname arguments, as demonstrated by a directory traversal attack.
by blake
CVE-2013-6128 EXPLOITDB html VERIFIED
WellinTech KingView < 6.52 - Arbitrary File Write via KChartXY ActiveX SaveToFile Method
The KCHARTXYLib.KChartXY ActiveX control in KChartXY.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict SaveToFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the single pathname argument, as demonstrated by a directory traversal attack.
by blake
EIP-2026-115363 EXPLOITDB html
GreenBrowser 6.4.0515 - Heap Overflow
by Asesino04
CVE-2013-4889 EXPLOITDB html VERIFIED
Digital Signage Xibo 1.4.2 - Cross-Site Request Forgery in index.php
Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Digital Signage Xibo 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new administrator via the AddUser action or (2) conduct cross-site scripting (XSS) attacks, as demonstrated by CVE-2013-4888.
by Jacob Holcomb
EIP-2026-105467 EXPLOITDB html
BigACE 2.7.8 - Cross-Site Request Forgery (Add Admin)
by Yashar shahinzadeh
CVE-2013-3365 EXPLOITDB html
TRENDnet TEW-812DRU - Authenticated OS Command Injection via Multiple Parameters
TRENDnet TEW-812DRU router allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) wan network prefix to internet/ipv6.asp; (2) remote port to adm/management.asp; (3) pptp username, (4) pptp password, (5) ip, (6) gateway, (7) l2tp username, or (8) l2tp password to internet/wan.asp; (9) NtpDstStart, (10) NtpDstEnd, or (11) NtpDstOffset to adm/time.asp; or (12) device url to adm/management.asp. NOTE: vectors 9, 10, and 11 can be exploited by unauthenticated remote attackers by leveraging CVE-2013-3098.
by Jacob Holcomb
CVE-2013-1436 EXPLOITDB html VERIFIED
xmonad-contrib < 0.11.2 - Remote Code Execution via Web Page Title
The XMonad.Hooks.DynamicLog module in xmonad-contrib before 0.11.2 allows remote attackers to execute arbitrary commands via a web page title, which activates the commands when the user clicks on the xmobar window title, as demonstrated using an action tag.
by Joachim Breitner
CVE-2013-4759 EXPLOITDB html VERIFIED
Magnolia Form module <1.4.7-2.0.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the Magnolia Form module 1.x before 1.4.7 and 2.x before 2.0.2 for Magnolia CMS allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) fullname, or (3) email parameter to magnoliaPublic/demo-project/members-area/registration.html.
by High-Tech Bridge
EIP-2026-111495 EXPLOITDB html VERIFIED
PrestaShop - Multiple Cross-Site Request Forgery Vulnerabilities
by EntPro Cyber Security Research Group
EIP-2026-111230 EXPLOITDB html VERIFIED
phpVibe 3.1 - Information Disclosure / Remote File Inclusion
by indoushka
CVE-2013-3299 EXPLOITDB html VERIFIED
RealNetworks RealPlayer <16.0.2.32 - DoS
RealNetworks RealPlayer 16.0.2.32 and earlier allows remote attackers to cause a denial of service (resource consumption or application crash) via an HTML document containing JavaScript code that constructs a long string.
by Akshaysinh Vaghela
CVE-2013-3539 EXPLOITDB html VERIFIED
Ovislink Airlive Wl2600cam - CSRF
Cross-site request forgery (CSRF) vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users.
by Castillo
CVE-2013-3690 EXPLOITDB html VERIFIED
Brickcom 100Ap Device Firmware <= 3.1.0.8 - Cross-Site Request Forgery in User Management
Cross-site request forgery (CSRF) vulnerability in cgi-bin/users.cgi in Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.1.0.8 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add users.
by Castillo
CVE-2013-10057 EXPLOITDB HIGH html VERIFIED
Synactis PDF In-The-Box ActiveX - Buffer Overflow
A stack-based buffer overflow vulnerability exists in Synactis PDF In-The-Box ActiveX control (PDF_IN_1.ocx), specifically the ConnectToSynactis method. When a long string is passed to this method—intended to populate the ldCmdLine argument of a WinExec call—a strcpy operation overwrites a saved TRegistry class pointer on the stack. This allows remote attackers to execute arbitrary code in the context of the user by enticing them to visit a malicious webpage that instantiates the vulnerable ActiveX control. The vulnerability was discovered via its use in third-party software such as Logic Print 2013.
by h1ch4m
CVE-2013-2108 EXPLOITDB MEDIUM html VERIFIED
WordPress WP Cleanfix Plugin 2.4.4 - Cross-Site Request Forgery
WordPress WP Cleanfix Plugin 2.4.4 has CSRF
by Enigma Ideas
CVSS 5.4
CVE-2013-2107 EXPLOITDB html VERIFIED
Mail On Update < 5.1.0 - Cross-Site Request Forgery via mailonupdate_mailto Parameter
Cross-site request forgery (CSRF) vulnerability in the Mail On Update plugin before 5.2.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change the "List of alternative recipients" via the mailonupdate_mailto parameter in the mail-on-update page to wp-admin/options-general.php. NOTE: a third party claims that 5.2.1 and 5.2.2 are also vulnerable, but the issue might require a separate CVE identifier since this might reflect an incomplete fix.
by Henri Salo
EIP-2026-111228 EXPLOITDB html VERIFIED
PHPValley Micro Jobs Site Script - Spoofing
by Jason Whelan
By Source
All 2,009 Writeup 62,021 Exploitdb 50,076 Nomisec 22,325 Github 3,504 Metasploit 3,295 Vulncheck_xdb 926 Inthewild 514 Gitlab 470 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,507 ruby 5,985 c 3,621 perl 2,849 html 2,072 php 1,332 bash 462 java 370 c++ 257 javascript 228 shell 127 go 72 postscript 25 typescript 25