Exploitdb Exploits

31,337 exploits tracked across all sources.

Sort: Activity Stars

CVE-2013-1937 EXPLOITDB MEDIUM text VERIFIED

Phpmyadmin < 3.5.8 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSettings[height] parameter. NOTE: a third party reports that this is "not exploitable.

by waraxe

CVSS 6.1

View

EIP-2026-106729 EXPLOITDB text VERIFIED

EasyPHP - '/index.php' Authentication Bypass / Remote PHP Code Injection

by KedAns-Dz

View

EIP-2026-101283 EXPLOITDB text VERIFIED

Foscam IP (Multiple Cameras) - Multiple Cross-Site Request Forgery Vulnerabilities

by shekyan

View

CVE-2013-2760 EXPLOITDB text VERIFIED

Groovy Media Player 3.2.0 - RCE

Buffer overflow in Groovy Media Player 3.2.0 allows remote attackers to execute arbitrary code via a long string in a .m3u file.

by Akshaysinh Vaghela

View

CVE-2013-3536 EXPLOITDB text

Whmcs Group Pay < 1.5 - SQL Injection

SQL injection vulnerability in the gp_LoadUserFromHash function in functions_hash.php in the Group Pay module 1.5 and earlier for WHMCS allows remote attackers to execute arbitrary SQL commands via the hash parameter.

by HJauditing Employee Tim

View

CVE-2013-3527 EXPLOITDB text

Vanilla < 2.0.18.7 - SQL Injection

Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to (1) entry/signin or (2) entry/passwordrequest.

by bl4ckw0rm

View

EIP-2026-110261 EXPLOITDB text VERIFIED

OpenCart - Cross-Site Request Forgery (Change User Password)

by Saadi Siddiqui

View

CVE-2013-2637 EXPLOITDB MEDIUM text VERIFIED

OTRS ITSM <3.2.4-3.0.7 - XSS

A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code.

by Luigi Vezzoso

CVSS 6.1

View

EIP-2026-103776 EXPLOITDB text

Google AD Sync Tool - Exposure of Sensitive Information

by Sense of Security

View

CVE-2013-2643 EXPLOITDB text

Sophos Web Appliance <3.7.8.2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action to rss.php, (2) msg parameter to end-user/errdoc.php, (3) h parameter to end-user/ftp_redirect.php, or (4) threat parameter to the Blocked component.

by SEC Consult

View

CVE-2013-1892 EXPLOITDB text VERIFIED

Mongodb < 2.0.8 - Improper Input Validation

MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument.

by agix

View

EIP-2026-102953 EXPLOITDB text

PonyOS 0.4.99-mlp - Multiple Vulnerabilities

by John Cartwright

View

EIP-2026-102060 EXPLOITDB text

TP-Link TD-8817 6.0.1 Build 111128 Rel.26763 - Cross-Site Request Forgery

by Un0wn_X

View

EIP-2026-101613 EXPLOITDB text

D-Link - Multiple Vulnerabilities

by m-1-k-3

View

CVE-2013-2748 EXPLOITDB CRITICAL text

Belkin Wemo Switch <WeMo_US_2.00.2176.PVT - Code Injection

Belkin Wemo Switch before WeMo_US_2.00.2176.PVT could allow remote attackers to upload arbitrary files onto the system.

by Daniel Buentello

CVSS 9.8

View

CVE-2013-1938 EXPLOITDB MEDIUM text VERIFIED

Zimbra - XSS

Zimbra 2013 has XSS in aspell.php

by Michael Scherer

CVSS 6.1

View