Exploitdb Exploits

31,337 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-102239 EXPLOITDB text
FreeDisk 1.01 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2014-2595 EXPLOITDB CRITICAL text VERIFIED
Barracuda WAF 7.8.1.013 - Auth Bypass
Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.
by Nick Hayes
CVSS 9.8
EIP-2026-111666 EXPLOITDB text VERIFIED
RaidenTunes - 'music_out.php' Cross-Site Scripting
by LiquidWorm
EIP-2026-102073 EXPLOITDB text
TP-Link TL-WR740N v4 Router (FW-Ver. 3.16.6 Build 130529 Rel.47286n) - Command Execution
by Christoph Kuhl
CVE-2014-5091 EXPLOITDB CRITICAL text
Status2k - Improper Input Validation
A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code.
by Shayan S
CVSS 9.8
CVE-2014-5081 EXPLOITDB CRITICAL text
Sphider < 1.3.6 - Authentication Bypass
sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus prior to 3.2 allow authentication bypass
by Shayan S
CVSS 9.8
CVE-2014-5094 EXPLOITDB text
Status2k - Information Disclosure
Status2k allows remote attackers to obtain configuration information via a phpinfo action in a request to status/index.php, which calls the phpinfo function.
by Shayan S
CVE-2014-5087 EXPLOITDB CRITICAL text
Sphider < 1.3.6 - Improper Input Validation
A vulnerability exists in Sphider Search Engine prior to 1.3.6 due to exec calls in admin/spiderfuncs.php, which could let a remote malicious user execute arbitrary code.
by Shayan S
CVSS 9.8
CVE-2014-4170 EXPLOITDB CRITICAL text
ArticleFR 11.06.2014 - Privilege Escalation
A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which could let a remote malicious user obtain access or modify or delete database information.
by High-Tech Bridge SA
CVSS 9.8
EIP-2026-103286 EXPLOITDB text
ISPConfig 3.0.54p1 - (Authenticated) Admin Privilege Escalation
by mra
EIP-2026-102300 EXPLOITDB text
TigerCom iFolder+ 1.2 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-102278 EXPLOITDB text
Photo WiFi Transfer 1.01 - Directory Traversal
by Vulnerability-Lab
EIP-2026-101615 EXPLOITDB text
D-Link AP 3200 - Multiple Vulnerabilities
by pws
CVE-2014-3136 EXPLOITDB HIGH text
Dlink Dwr-113 Firmware < 2.03b02 - CSRF
Cross-site request forgery (CSRF) vulnerability in D-Link DWR-113 (Rev. Ax) with firmware before 2.03b02 allows remote attackers to hijack the authentication of administrators for requests that change the admin password via unspecified vectors.
by Blessen Thomas
CVSS 8.8
EIP-2026-102312 EXPLOITDB text
WiFi HD 7.3.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2014-5193 EXPLOITDB text VERIFIED
Sphider - XSS
Cross-site scripting (XSS) vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the category parameter. NOTE: the url parameter vector is already covered by CVE-2014-5082.
by Mike Manzotti
CVE-2014-5192 EXPLOITDB text VERIFIED
Sphider - SQL Injection
SQL injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to execute arbitrary SQL commands via the filter parameter.
by Mike Manzotti
CVE-2014-5082 EXPLOITDB text VERIFIED
Sphider < 1.3.6 - SQL Injection
Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the (1) site_id or (2) url parameter.
by Mike Manzotti
CVE-2014-9099 EXPLOITDB text VERIFIED
WhyDoWork AdSense <1.2 - CSRF
Cross-site request forgery (CSRF) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via a request to the whydowork_adsense page in wp-admin/options-general.php.
by Dylan Irzi
CVE-2014-5189 EXPLOITDB text VERIFIED
Leadoctopus Lead Octopus - SQL Injection
SQL injection vulnerability in lib/optin/optin_page.php in the Lead Octopus plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Amirh03in
CVE-2014-5200 EXPLOITDB text VERIFIED
FB Gorilla - SQL Injection
SQL injection vulnerability in game_play.php in the FB Gorilla plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Amirh03in
CVE-2014-5194 EXPLOITDB text VERIFIED
Sphider - Code Injection
Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the _word_upper_bound parameter.
by Mike Manzotti
CVE-2014-9101 EXPLOITDB text
Oxwall 1.7.0- SkaDate Lite 2.0 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall 1.7.0 (build 7907 and 7906) and SkaDate Lite 2.0 (build 7651) allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks or possibly have other unspecified impact via the (1) label parameter to admin/users/roles/, (2) lang[1][base][questions_account_type_5615100a931845eca8da20cfdf7327e0] in an AddAccountType action or (3) qst_name parameter in an addQuestion action to admin/questions/ajax-responder/, or (4) form_name or (5) restrictedUsername parameter to admin/restricted-usernames.
by LiquidWorm
EIP-2026-106017 EXPLOITDB text VERIFIED
CMSimple 4.4.4 - Remote File Inclusion
by Govind Singh
EIP-2026-106016 EXPLOITDB text VERIFIED
CMSimple 4.4.4 - 'color' Remote Code Execution
by Govind Singh
By Source
All 31,337 Writeup 60,146 Exploitdb 49,996 Nomisec 21,657 Metasploit 3,219 Github 2,561 Vulncheck_xdb 905 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,337 python 5,938 ruby 5,908 c 3,565 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 90 go 55 postscript 25 xml 24