Exploitdb Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2014-1841 EXPLOITDB text
Titan FTP Server <10.40.1829 - Path Traversal
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. (dot dot) in the src parameter.
by Fara Rustein
CVE-2014-1843 EXPLOITDB text
Titan FTP Server <10.40.1829 - Path Traversal
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. (dot dot) in the src parameter.
by Fara Rustein
CVE-2014-1204 EXPLOITDB text VERIFIED
Tableau Server 8.0.x-8.0.6 and 8.1.x-8.1.1 - Authenticated SQL Injection
SQL injection vulnerability in Tableau Server 8.0.x before 8.0.7 and 8.1.x before 8.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be exploited by unauthenticated remote attackers if the guest user is enabled.
by Trustwave's SpiderLabs
EIP-2026-113774 EXPLOITDB text
WordPress Plugin Frontend Upload - Arbitrary File Upload
by Daniel Godoy
CVE-2014-1889 EXPLOITDB MEDIUM text
Buddypress <1.9.2 - Privilege Escalation
The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check.
by Pietro Oliva
CVSS 6.5
EIP-2026-102310 EXPLOITDB text
WiFi Camera Roll 1.2 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-101645 EXPLOITDB text
D-Link DSL-2750B ADSL Route' - Cross-Site Request Forgery
by killall-9
EIP-2026-109713 EXPLOITDB text VERIFIED
MyBB Extended Useradmininfo Plugin 1.2.1 - Cross-Site Scripting
by Fikri Fadzil
EIP-2026-111861 EXPLOITDB text VERIFIED
S9Y Serendipity 1.7.5 - 'Backend' Multiple Vulnerabilities
by Stefan Schurtz
CVE-2014-10033 EXPLOITDB text VERIFIED
osCommerce Online Merchant < 2.3.3.4 - Authenticated SQL Injection via zID Parameter
SQL injection vulnerability in the update_zone function in catalog/admin/geo_zones.php in osCommerce Online Merchant 2.3.3.4 and earlier allows remote administrators to execute arbitrary SQL commands via the zID parameter in a list action.
by Ahmed Aboul-Ela
CVE-2014-1459 EXPLOITDB text
doorGets CMS <= 5.2 - Authenticated SQL Injection via _position_down_id Parameter
SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the _position_down_id parameter. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
by High-Tech Bridge SA
CVE-2013-2639 EXPLOITDB text
CTERA Cloud Storage OS <3.2.29.0-3.2.42.0 - XSS
Cross-site scripting (XSS) vulnerability in CTERA Cloud Storage OS before 3.2.29.0, 3.2.42.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the description in a project folder.
by Luigi Vezzoso
CVE-2014-1401 EXPLOITDB text
AuraCMS <= 2.3 - Authenticated SQL Injection via Search Parameter or HTTP Headers
Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search parameter to mod/content/content.php or (2) CLIENT_IP, (3) X_FORWARDED_FOR, (4) X_FORWARDED, (5) FORWARDED_FOR, or (6) FORWARDED HTTP header to index.php.
by High-Tech Bridge SA
EIP-2026-116817 EXPLOITDB text
Asseco SEE iBank FX Client 2.0.9.3 - Local Privilege Escalation
by LiquidWorm
CVE-2014-0980 EXPLOITDB text VERIFIED
Publish-It PUI Buffer Overflow (SEH)
Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote attackers to execute arbitrary code via a crafted PUI file.
by Core Security
EIP-2026-110789 EXPLOITDB text VERIFIED
PHP Webcam Video Conference - Multiple Vulnerabilities
by vinicius777
EIP-2026-108182 EXPLOITDB text VERIFIED
Joomla! 3.2.1 - SQL Injection
by killall-9
CVE-2013-7051 EXPLOITDB HIGH text
D-Link DIR-100 Firmware 4.03B07 - Unauthenticated Authentication Bypass via cli.cgi
D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters
by Felix Richter
CVSS 8.8
EIP-2026-119380 EXPLOITDB text
IBM Business Process Manager - User Account Reconfiguration
by 0in
EIP-2026-114320 EXPLOITDB text
WordPress Theme Dandelion - Arbitrary File Upload
by TheBlackMonster
CVE-2014-10023 EXPLOITDB text
TopicsViewer 3.0 Beta 1 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in TopicsViewer 3.0 Beta 1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) edit_block.php, (2) edit_cat.php, (3) edit_note.php, or (4) rmv_topic.php in admincp/.
by AtT4CKxT3rR0r1ST
EIP-2026-112170 EXPLOITDB text VERIFIED
Singapore 0.9.9b Beta - Image Gallery Remote File Inclusion / Cross-Site Scripting
by TUNISIAN CYBER
EIP-2026-111347 EXPLOITDB text
Plogger 1.0 (RC1) - Multiple Vulnerabilities
by killall-9
EIP-2026-110458 EXPLOITDB text
Pandora Fms 5.0RC1 - Remote Command Injection
by xistence
CVE-2014-1665 EXPLOITDB MEDIUM text
owncloud < 6.0.1 - Authenticated Stored Cross-Site Scripting via Uploaded Filename
Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.
by absane
CVSS 5.4