Exploitdb Exploits

31,337 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-7274 EXPLOITDB text
Wallpaper Script 3.5.0082 - XSS
Cross-site scripting (XSS) vulnerability in Wallpaper Script 3.5.0082 allows remote authenticated users to inject arbitrary web script or HTML via the title field in a wallpaper file upload.
by null pointer
EIP-2026-110544 EXPLOITDB text VERIFIED
Penny Auction 5 - SQL Injection
by 3spi0n
EIP-2026-109221 EXPLOITDB text VERIFIED
Lowest Unique Bid Auction - SQL Injection
by 3spi0n
EIP-2026-107963 EXPLOITDB text
iScripts MultiCart 2.4 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Cross-Site Scripting / Cross-Site Request Forgery / Mass Accounts Takeover
by Saadi Siddiqui
CVE-2013-7193 EXPLOITDB text VERIFIED
C2C Forward Auction Creator 2.0 - SQL Injection
Multiple SQL injection vulnerabilities in C2C Forward Auction Creator 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) pa parameter to auction/asp/list.asp, or the (2) UserID or (3) Password to auction/casp/admin.asp.
by R3d-D3V!L
CVE-2013-7193 EXPLOITDB text VERIFIED
C2C Forward Auction Creator 2.0 - SQL Injection
Multiple SQL injection vulnerabilities in C2C Forward Auction Creator 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) pa parameter to auction/asp/list.asp, or the (2) UserID or (3) Password to auction/casp/admin.asp.
by R3d-D3V!L
CVE-2013-7136 EXPLOITDB text
UPC Ireland Cisco EPC 2425 - Info Disclosure
The UPC Ireland Cisco EPC 2425 router (aka Horizon Box) does not have a sufficiently large number of possible WPA-PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack.
by Matt O'Connor
CVE-2013-6976 EXPLOITDB text
Cisco Epc3925 - CSRF
Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup on Cisco EPC3925 devices allows remote attackers to hijack the authentication of administrators for requests that change a password via the Password and PasswordReEnter parameters, aka Bug ID CSCuh37496.
by Jeroen - IT Nerdbox
EIP-2026-101555 EXPLOITDB text
Beetel TC1-450 Airtel Wireless Router - Multiple Cross-Site Request Forgery Vulnerabilities
by Samandeep Singh
CVE-2013-7108 EXPLOITDB text VERIFIED
Nagios Core <4.0.2 - Info Disclosure
Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read.
by DTAG Group Information Security
EIP-2026-111294 EXPLOITDB text VERIFIED
Piwigo CMS 2.5.3 - Multiple Web Vulnerabilities
by sajith
CVE-2013-7190 EXPLOITDB text VERIFIED
iScripts AutoHoster - Path Traversal
Multiple directory traversal vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to read arbitrary files via the (1) tmpid parameter to websitebuilder/showtemplateimage.php, (2) fname parameter to admin/downloadfile.php, or (3) id parameter to support/admin/csvdownload.php; or (4) have an unspecified impact via unspecified vectors in support/parser/main_smtp.php.
by i-Hmx
CVE-2013-7190 EXPLOITDB text VERIFIED
iScripts AutoHoster - Path Traversal
Multiple directory traversal vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to read arbitrary files via the (1) tmpid parameter to websitebuilder/showtemplateimage.php, (2) fname parameter to admin/downloadfile.php, or (3) id parameter to support/admin/csvdownload.php; or (4) have an unspecified impact via unspecified vectors in support/parser/main_smtp.php.
by i-Hmx
CVE-2013-7189 EXPLOITDB text VERIFIED
iScripts AutoHoster - SQL Injection
Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2) checktransferstatusbck.php, or (3) additionalsettings.php; or (4) invno parameter to payinvoiceothers.php.
by i-Hmx
CVE-2013-7190 EXPLOITDB text VERIFIED
iScripts AutoHoster - Path Traversal
Multiple directory traversal vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to read arbitrary files via the (1) tmpid parameter to websitebuilder/showtemplateimage.php, (2) fname parameter to admin/downloadfile.php, or (3) id parameter to support/admin/csvdownload.php; or (4) have an unspecified impact via unspecified vectors in support/parser/main_smtp.php.
by i-Hmx
CVE-2013-7190 EXPLOITDB text VERIFIED
iScripts AutoHoster - Path Traversal
Multiple directory traversal vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to read arbitrary files via the (1) tmpid parameter to websitebuilder/showtemplateimage.php, (2) fname parameter to admin/downloadfile.php, or (3) id parameter to support/admin/csvdownload.php; or (4) have an unspecified impact via unspecified vectors in support/parser/main_smtp.php.
by i-Hmx
CVE-2013-7189 EXPLOITDB text VERIFIED
iScripts AutoHoster - SQL Injection
Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2) checktransferstatusbck.php, or (3) additionalsettings.php; or (4) invno parameter to payinvoiceothers.php.
by i-Hmx
CVE-2013-7189 EXPLOITDB text VERIFIED
iScripts AutoHoster - SQL Injection
Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2) checktransferstatusbck.php, or (3) additionalsettings.php; or (4) invno parameter to payinvoiceothers.php.
by i-Hmx
CVE-2013-7189 EXPLOITDB text VERIFIED
iScripts AutoHoster - SQL Injection
Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2) checktransferstatusbck.php, or (3) additionalsettings.php; or (4) invno parameter to payinvoiceothers.php.
by i-Hmx
EIP-2026-102270 EXPLOITDB text
Phone Drive Eightythree 4.1.1 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-110349 EXPLOITDB text VERIFIED
Osclass - Multiple Input Validation Vulnerabilities
by R3d-D3V!L
EIP-2026-100313 EXPLOITDB text VERIFIED
Etoshop B2B Vertical Marketplace Creator - Multiple SQL Injections
by R3d-D3V!L
CVE-2014-1214 EXPLOITDB HIGH text VERIFIED
Projoom Smart Flash Header < 3.0.2 - Unrestricted File Upload
views/upload.php in the ProJoom Smart Flash Header (NovaSFH) component 3.0.2 and earlier for Joomla! allows remote attackers to upload and execute arbitrary files via a crafted (1) dest parameter and (2) arbitrary extension in the Filename parameter.
by Yuri Kramarz
CVSS 8.8
EIP-2026-105572 EXPLOITDB text VERIFIED
BoastMachine - 'blog' SQL Injection
by Omar Kurt
CVE-2013-6875 EXPLOITDB text VERIFIED
Nagios XI < 2012r2.3 - SQL Injection
SQL injection vulnerability in functions/prepend_adm.php in Nagios Core Config Manager in Nagios XI before 2012R2.4 allows remote attackers to execute arbitrary SQL commands via the tfPassword parameter to nagiosql/index.php.
by Denis Andzakovic
By Source
All 31,337 Writeup 60,186 Exploitdb 49,996 Nomisec 21,730 Metasploit 3,219 Github 2,577 Vulncheck_xdb 905 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,337 python 5,951 ruby 5,908 c 3,567 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 91 go 55 postscript 25 xml 24