Exploitdb Exploits

31,337 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-4950 EXPLOITDB text VERIFIED
Machform 2 - XSS
Cross-site scripting (XSS) vulnerability in view.php in Machform 2 allows remote attackers to inject arbitrary web script or HTML via the element_2 parameter.
by Yashar shahinzadeh
CVE-2014-2671 EXPLOITDB text VERIFIED
Microsoft Windows Media Player 11.0.5721.5230 - Memory Corruption
Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted WAV file.
by Asesino04
CVE-2013-2225 EXPLOITDB text
GLPI <0.83.9 - Code Injection
inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php.
by Xavier Mehrenberger
CVE-2013-2218 EXPLOITDB text VERIFIED
Redhat Libvirt - Resource Management Error
Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service (libvirtd crash) via a filtering flag that causes an interface to be skipped, as demonstrated by the "virsh iface-list --inactive" command.
by Daniel P. Berrange
CVE-2013-1414 EXPLOITDB text
Fortinet Fortios < 4.3.12 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of administrators for requests that modify (1) settings or (2) policies, or (3) restart the device via a rebootme action to system/maintenance/shutdown.
by Sven Wurth
EIP-2026-101552 EXPLOITDB text
Barracuda SSL VPN 680Vx 2.3.3.193 - Multiple Script Injection Vulnerabilities
by LiquidWorm
CVE-2013-4147 EXPLOITDB text VERIFIED
Yard Radius - Format String Vulnerability
Multiple format string vulnerabilities in Yet Another Radius Daemon (YARD RADIUS) 1.1.2 allow context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in a request in the (1) log_msg function in log.c or (2) version or (3) build_version function in version.c.
by Hamid Zamani
CVE-2013-4692 EXPLOITDB MEDIUM text VERIFIED
Xorbin Analog Flash Clock 1.0 - XSS
Xorbin Analog Flash Clock 1.0 extension for Joomia has XSS
by Prakhar Prasad
CVSS 6.1
CVE-2013-4692 EXPLOITDB MEDIUM text VERIFIED
Xorbin Analog Flash Clock 1.0 - XSS
Xorbin Analog Flash Clock 1.0 extension for Joomia has XSS
by Prakhar Prasad
CVSS 6.1
EIP-2026-105283 EXPLOITDB text VERIFIED
Atomy Maxsite - 'index.php' Arbitrary File Upload
by Iranian_Dark_Coders_Team
EIP-2026-101695 EXPLOITDB text
eFile Wifi Transfer Manager 1.0 - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-114227 EXPLOITDB text VERIFIED
WordPress Plugin WP Private Messages - 'msgid' SQL Injection
by IeDb ir
EIP-2026-109833 EXPLOITDB text VERIFIED
Nameko - 'nameko.php' Cross-Site Scripting
by Andrea Menin
CVE-2013-3639 EXPLOITDB text VERIFIED
Xaraya < 2.4.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Xaraya 2.4.0-b1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) interface, (3) name, or (4) tabmodule parameter to index.php.
by High-Tech Bridge
EIP-2026-106664 EXPLOITDB text VERIFIED
e107 Advanced Medal System Plugin - SQL Injection
by Life Wasted
EIP-2026-103989 EXPLOITDB text VERIFIED
Motion - Multiple Vulnerabilities
by xistence
CVE-2013-3792 EXPLOITDB text VERIFIED
Oracle VM VirtualBox <4.2.18 - DoS
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.18, 4.0.20, 4.1.28, and 4.2.18 allows local users to affect availability via unknown vectors related to Core.
by Thomas Dreibholz
EIP-2026-105398 EXPLOITDB text VERIFIED
Barnraiser Prairie - 'get_file.php' Directory Traversal
by prairie
EIP-2026-117444 EXPLOITDB text VERIFIED
McAfee Data Loss Prevention - Multiple Information Disclosure Vulnerabilities
by Jamie Ooi
CVE-2013-4953 EXPLOITDB text VERIFIED
Top Games Script 1.2 - SQL Injection
SQL injection vulnerability in play.php in Top Games Script 1.2 allows remote attackers to execute arbitrary SQL commands via the gid parameter.
by AtT4CKxT3rR0r1ST
EIP-2026-111386 EXPLOITDB text
PodHawk 1.85 - Arbitrary File Upload
by CWH Underground
CVE-2007-3519 EXPLOITDB text VERIFIED
Wesmo Phpeventcalendar < 0.2.3 - SQL Injection
SQL injection vulnerability in eventdisplay.php in phpEventCalendar 0.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by AtT4CKxT3rR0r1ST
CVE-2013-4952 EXPLOITDB text
Elemata CMS RC 3.0 - SQL Injection
SQL injection vulnerability in functions/global.php in Elemata CMS RC 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by CWH Underground
CVE-2013-5321 EXPLOITDB text
AlienVault OSSIM 4.1 - SQL Injection
Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) sensor parameter in a Query action to forensics/base_qry_main.php; the (2) tcp_flags[] or (3) tcp_port[0][4] parameter to forensics/base_stat_alerts.php; the (4) ip_addr[1][8] or (5) port_type parameter to forensics/base_stat_ports.php; or the (6) sortby or (7) rvalue parameter in a search action to vulnmeter/index.php.
by Glafkos Charalambous
EIP-2026-102082 EXPLOITDB text
TRENDnet TE100-P1U Print Server Firmware 4.11 - Authentication Bypass
by Chako
By Source
All 31,337 Writeup 60,208 Exploitdb 50,000 Nomisec 21,744 Metasploit 3,219 Github 2,593 Vulncheck_xdb 905 Inthewild 514 Gitlab 442 Gitee 415 Patchapalooza 312
By Language
text 31,337 python 5,970 ruby 5,908 c 3,567 perl 2,849 html 2,053 php 1,326 bash 460 java 362 c++ 250 javascript 215 shell 91 go 55 postscript 25 xml 24