Exploitdb Exploits

31,337 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-105009 EXPLOITDB text VERIFIED
AFCommerce - 'controlheader.php' Remote File Inclusion
by NoGe
EIP-2026-105008 EXPLOITDB text VERIFIED
AFCommerce - 'adminpassword.php' Remote File Inclusion
by NoGe
EIP-2026-105007 EXPLOITDB text VERIFIED
AFCommerce - 'adblock.php' Remote File Inclusion
by NoGe
CVE-2014-8359 EXPLOITDB text
Huawei Mobile Partner Firmware - Access Control
Untrusted search path vulnerability in Huawei Mobile Partner for Windows 23.009.05.03.1014 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll in the Mobile Partner directory.
by LiquidWorm
EIP-2026-114412 EXPLOITDB text VERIFIED
xBoard 5.0/5.5/6.0 - 'view.php' Local File Inclusion
by TUNISIAN CYBER
EIP-2026-110725 EXPLOITDB text
PHP MBB CMS 004 - Multiple Vulnerabilities
by cr4wl3r
EIP-2026-102296 EXPLOITDB text
Song Exporter 2.1.1 RS iOS - Local File Inclusion
by Vulnerability-Lab
CVE-2013-6987 EXPLOITDB text
Synology Diskstation Manager - Path Traversal
Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter to file_delete.cgi or (2) folder_path parameter to file_share.cgi in webapi/FileStation/; (3) dlink parameter to fbdownload/; or unspecified parameters to (4) html5_upload.cgi, (5) file_download.cgi, (6) file_sharing.cgi, (7) file_MVCP.cgi, or (8) file_rename.cgi in webapi/FileStation/.
by Andrea Fabrizi
EIP-2026-114344 EXPLOITDB text VERIFIED
WordPress Theme Persuasion 2.x - Arbitrary File Download / File Deletion
by Interference Security
CVE-2013-6976 EXPLOITDB text
Cisco Epc3925 - CSRF
Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup on Cisco EPC3925 devices allows remote attackers to hijack the authentication of administrators for requests that change a password via the Password and PasswordReEnter parameters, aka Bug ID CSCuh37496.
by Jeroen - IT Nerdbox
CVE-2013-7420 EXPLOITDB text VERIFIED
Hancom Office 2010 SE - Buffer Overflow
Buffer overflow in Hancom Office 2010 SE allows remote attackers to execute arbitrary via a long string in the Text attribute in a TEXTART XML element in an HML file.
by diroverflow
CVE-2013-6890 EXPLOITDB text VERIFIED
Debian Linux - Authentication Bypass
denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login names.
by Helmut Grohne
CVE-2013-5676 EXPLOITDB text
Sonarsource Jenkins Plugin - Cryptographic Issue
The Jenkins Plugin for SonarQube 3.7 and earlier allows remote authenticated users to obtain sensitive information (cleartext passwords) by reading the value in the sonar.sonarPassword parameter from jenkins/configure.
by Christian Catalano
CVE-2013-2627 EXPLOITDB text VERIFIED
Leed Light Feed <1.5 - SQL Injection
SQL injection vulnerability in action.php in Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to execute arbitrary SQL commands via the id parameter in a removeFolder action.
by Alexandre Herzog
CVE-2013-5573 EXPLOITDB text
Jenkins 1.523 - XSS
Cross-site scripting (XSS) vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration.
by Christian Catalano
CVE-2013-6883 EXPLOITDB text
Cru-inc Ditto Forensic Fieldstation Firmware < 2013oct15a - CSRF
Cross-site request forgery (CSRF) vulnerability in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to hijack the authentication of administrators for requests that modify the disk erase technique settings via unspecified vectors.
by Martin Wundram
CVE-2013-6882 EXPLOITDB text
Cru-inc Ditto Forensic Fieldstation Firmware < 2013oct15a - XSS
Multiple cross-site scripting (XSS) vulnerabilities in CRU Ditto Forensic FieldStation with firmware 2013Oct15a and earlier allow (1) remote attackers to inject arbitrary web script or HTML via the username parameter in a login or (2) remote authenticated users to inject arbitrary web script or HTML via unspecified form fields.
by Martin Wundram
CVE-2013-6881 EXPLOITDB text
Cru-inc Ditto Forensic Fieldstation Firmware - OS Command Injection
CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) sector size or (2) skip count fields for the forensic imaging task.
by Martin Wundram
CVE-2013-6767 EXPLOITDB text
Quickheal Antivirus Pro - Memory Corruption
Stack-based buffer overflow in pepoly.dll in Quick Heal AntiVirus Pro 7.0.0.1 allows local users to execute arbitrary code or cause a denial of service (process crash) via a long *.text value in a PE file.
by Arash Allebrahim
CVE-2013-5058 EXPLOITDB text VERIFIED
Microsoft Windows - Privilege Escalation
Integer overflow in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows local users to gain privileges via a crafted application, aka "Win32k Integer Overflow Vulnerability."
by Core Security
CVE-2013-7233 EXPLOITDB text VERIFIED
WordPress <2.0.11 - CSRF
Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of administrators for requests that move comments to the moderation list.
by MustLive
CVE-2013-6839 EXPLOITDB text
Instantsoft Instantcms < 1.10.3 - SQL Injection
SQL injection vulnerability in InstantSoft InstantCMS 1.10.3 and earlier allows remote attackers to execute arbitrary SQL commands via the orderby parameter to catalog/[id].
by High-Tech Bridge SA
CVE-2013-6884 EXPLOITDB text
Cru-inc Ditto Forensic Fieldstation Firmware - Credentials Management
The write-blocker in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a has a default "ditto" username and password, which allows remote attackers to gain privileges.
by Martin Wundram
CVE-2013-6420 EXPLOITDB text
Php < 10.9.1 - Memory Corruption
The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.
by Stefan Esser
EIP-2026-102234 EXPLOITDB text
FileMaster SY-IT 3.1 iOS - Multiple Web Vulnerabilities
by Vulnerability-Lab
By Source
All 31,337 Writeup 60,186 Exploitdb 49,996 Nomisec 21,730 Metasploit 3,219 Github 2,577 Vulncheck_xdb 905 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,337 python 5,951 ruby 5,908 c 3,567 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 91 go 55 postscript 25 xml 24