Exploitdb Exploits

31,337 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-105612 EXPLOITDB text
BoxBilling 3.6.11 - 'mod_notification' Persistent Cross-Site Scripting
by LiquidWorm
CVE-2013-7091 EXPLOITDB text VERIFIED
Zimbra 7.2.2-8.0.2 - Path Traversal
Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. NOTE: this can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API.
by rubina119
CVE-2013-7025 EXPLOITDB text
Sonicwall Analyzer - XSS
Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp.
by Vulnerability-Lab
EIP-2026-102320 EXPLOITDB text
Wireless Transfer App 3.7 iOS - Multiple Web Vulnerabilities
by Vulnerability-Lab
CVE-2007-2583 EXPLOITDB text VERIFIED
MySQL <5.0.40, <5.1.18 - DoS
The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.
by Neil Kettle
EIP-2026-102247 EXPLOITDB text
Imagam iFiles 1.16.0 iOS - Multiple Web Vulnerabilities
by Vulnerability-Lab
EIP-2026-117702 EXPLOITDB text VERIFIED
Notepad++ Plugin Notepad 1.5 - Local Overflow
by Junwen Sun
CVE-2013-6341 EXPLOITDB text
Dokeos < 2.2 - SQL Injection
SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php.
by High-Tech Bridge SA
CVE-2013-6787 EXPLOITDB text VERIFIED
Chamilo Lms < 1.9.6 - SQL Injection
SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter.
by High-Tech Bridge SA
CVE-2013-7187 EXPLOITDB text VERIFIED
FormCraft <1.3.7 - SQL Injection
SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Ashiyane Digital Security Team
EIP-2026-102276 EXPLOITDB text
Photo Transfer Wifi 1.4.4 iOS - Multiple Web Vulnerabilities
by Vulnerability-Lab
EIP-2026-109638 EXPLOITDB text
Multiple WordPress Orange Themes - Cross-Site Request Forgery (Arbitrary File Upload)
by Jje Incovers
CVE-2013-6023 EXPLOITDB text
TVT Dvr < 3.2.0.p-3520a-03 - Path Traversal
Directory traversal vulnerability in the TVT TD-2308SS-B DVR with firmware 3.2.0.P-3520A-00 and earlier allows remote attackers to read arbitrary files via .. (dot dot) in the URI.
by Cesar Neira
EIP-2026-102351 EXPLOITDB text
Ametys CMS 3.5.2 - 'lang' XPath Injection
by LiquidWorm
EIP-2026-102061 EXPLOITDB text
TP-Link TD-8840t - Cross-Site Request Forgery
by mohammed al-saggaf
CVE-2013-7043 EXPLOITDB text
Cisco Scientific Atlanta Dpr/epr2320 Firmware - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Scientific Atlanta DPR2320R2 routers with software 2.0.2r1262-090417 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via the Password parameter to goform/RgSecurity; (2) reboot the device via the Restart parameter to goform/restart; (3) modify Wi-Fi settings, as demonstrated by the WpaPreSharedKey parameter to goform/wlanSecurity; or (4) modify parental controls via the ParentalPassword parameter to goform/RgParentalBasic.
by sajith
CVE-2013-0640 EXPLOITDB HIGH text VERIFIED
Adobe Reader/Acrobat <9.5.4-10.1.6-11.0.02 - RCE
Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, as exploited in the wild in February 2013.
by w3bd3vil & abh1sek
CVSS 7.8
EIP-2026-110451 EXPLOITDB text
Palo Alto Networks Pan-OS 5.0.8 - Multiple Vulnerabilities
by Thomas Pollet
EIP-2026-113701 EXPLOITDB text VERIFIED
WordPress Plugin dzs-videogallery - Arbitrary File Upload
by link_satisi
EIP-2026-102077 EXPLOITDB text
TP-Link WR740N/WR740ND - Multiple Cross-Site Request Forgery Vulnerabilities
by Samandeep Singh
CVE-2013-6936 EXPLOITDB text VERIFIED
Mybb Ajax Forum Stat - SQL Injection
Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter.
by IeDb ir
EIP-2026-101917 EXPLOITDB text
Pirelli Discus DRG A125g - Remote Change SSID Value
by Sebastián Magof
EIP-2026-109141 EXPLOITDB text
LimeSurvey 2.00+ (build 131107) - Multiple Vulnerabilities
by LiquidWorm
EIP-2026-107816 EXPLOITDB text VERIFIED
ImpressPages CMS 3.8 - Persistent Cross-Site Scripting
by sajith
CVE-2013-5912 EXPLOITDB text VERIFIED
Thomsonreuters Velocity Analytics Vha... - Code Injection
VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 build 2995 allows remote attackers to execute arbitrary code via a URL in the fileName parameter during an importFile action.
by Eduardo Gonzalez
By Source
All 31,337 Writeup 60,186 Exploitdb 49,996 Nomisec 21,730 Metasploit 3,219 Github 2,577 Vulncheck_xdb 905 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,337 python 5,951 ruby 5,908 c 3,567 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 91 go 55 postscript 25 xml 24