Exploitdb Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-102286 EXPLOITDB text
Print n Share 5.5 iOS - Multiple Web Vulnerabilities
by Vulnerability-Lab
EIP-2026-102229 EXPLOITDB text
Feetan Inc WireShare 1.9.1 iOS - Persistent
by Vulnerability-Lab
EIP-2026-118278 EXPLOITDB text VERIFIED
Apple Safari For Windows - PhishingAlert Security Bypass
by Jackmasa
EIP-2026-113706 EXPLOITDB text VERIFIED
WordPress Plugin Easy Career Openings - 'jobid' SQL Injection
by Iranian_Dark_Coders_Team
EIP-2026-113699 EXPLOITDB text VERIFIED
WordPress Plugin DZS Video Gallery 3.1.3 - Remote File Disclosure / Local File Disclosure
by aceeeeeeeer .
EIP-2026-109856 EXPLOITDB text VERIFIED
NeoBill 0.9-alpha - 'language' Local File Inclusion
by KedAns-Dz
CVE-2013-6985 EXPLOITDB text VERIFIED
Enorth Webpublisher CMS < 5.0 - SQL Injection via thisday Parameter
SQL injection vulnerability in m_worklog/log_searchday.jsp in Enorth Webpublisher CMS, possibly 5.0 and earlier, allows remote attackers to execute arbitrary SQL commands via the thisday parameter.
by xin.wang
EIP-2026-105612 EXPLOITDB text
BoxBilling 3.6.11 - 'mod_notification' Persistent Cross-Site Scripting
by LiquidWorm
CVE-2013-7091 EXPLOITDB text VERIFIED
Zimbra 7.2.2-8.0.2 - Path Traversal
Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. NOTE: this can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API.
by rubina119
CVE-2013-7025 EXPLOITDB text
SonicWALL GMS Analyzer and UMA EM5000 7.1 SP1 - Authenticated Cross-Site Scripting via valfield_1 or value_1 Parameter
Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp.
by Vulnerability-Lab
EIP-2026-102320 EXPLOITDB text
Wireless Transfer App 3.7 iOS - Multiple Web Vulnerabilities
by Vulnerability-Lab
CVE-2007-2583 EXPLOITDB text VERIFIED
MySQL < 5.0.40 and 5.1 < 5.1.18-beta - Denial of Service via Crafted IF Clause
The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.
by Neil Kettle
EIP-2026-102247 EXPLOITDB text
Imagam iFiles 1.16.0 iOS - Multiple Web Vulnerabilities
by Vulnerability-Lab
EIP-2026-117702 EXPLOITDB text VERIFIED
Notepad++ Plugin Notepad 1.5 - Local Overflow
by Junwen Sun
CVE-2013-6341 EXPLOITDB text
Dokeos < 2.2 - SQL Injection via Language Parameter
SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php.
by High-Tech Bridge SA
CVE-2013-6787 EXPLOITDB text VERIFIED
Chamilo LMS < 1.9.6 - Authenticated SQL Injection via Password Parameter
SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter.
by High-Tech Bridge SA
CVE-2013-7187 EXPLOITDB text VERIFIED
FormCraft < 1.3.7 - SQL Injection via id Parameter
SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Ashiyane Digital Security Team
EIP-2026-102276 EXPLOITDB text
Photo Transfer Wifi 1.4.4 iOS - Multiple Web Vulnerabilities
by Vulnerability-Lab
EIP-2026-109638 EXPLOITDB text
Multiple WordPress Orange Themes - Cross-Site Request Forgery (Arbitrary File Upload)
by Jje Incovers
CVE-2013-6023 EXPLOITDB text
TVT DVR Firmware < 3.2.0.p-3520a-03 - Path Traversal via URI
Directory traversal vulnerability in the TVT TD-2308SS-B DVR with firmware 3.2.0.P-3520A-00 and earlier allows remote attackers to read arbitrary files via .. (dot dot) in the URI.
by Cesar Neira
EIP-2026-102351 EXPLOITDB text
Ametys CMS 3.5.2 - 'lang' XPath Injection
by LiquidWorm
EIP-2026-102061 EXPLOITDB text
TP-Link TD-8840t - Cross-Site Request Forgery
by mohammed al-saggaf
CVE-2013-7043 EXPLOITDB text
Cisco Scientific Atlanta DPR2320R2 Firmware 2.0.2r1262-090417 - Cross-Site Request Forgery via Multiple Endpoints
Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Scientific Atlanta DPR2320R2 routers with software 2.0.2r1262-090417 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via the Password parameter to goform/RgSecurity; (2) reboot the device via the Restart parameter to goform/restart; (3) modify Wi-Fi settings, as demonstrated by the WpaPreSharedKey parameter to goform/wlanSecurity; or (4) modify parental controls via the ParentalPassword parameter to goform/RgParentalBasic.
by sajith
CVE-2013-0640 EXPLOITDB HIGH text VERIFIED
Adobe Reader/Acrobat <9.5.4-10.1.6-11.0.02 - RCE
Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, as exploited in the wild in February 2013.
by w3bd3vil & abh1sek
CVSS 7.8
EIP-2026-110451 EXPLOITDB text
Palo Alto Networks Pan-OS 5.0.8 - Multiple Vulnerabilities
by Thomas Pollet