Exploitdb Exploits

31,337 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-20005 EXPLOITDB MEDIUM text VERIFIED
Qool CMS 2.0 RC2 Cross-Site Request Forgery via adduser
Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious web pages. Attackers can forge POST requests to the /admin/adduser endpoint with parameters like username, password, email, and level to create root-level user accounts without user consent.
by LiquidWorm
CVSS 5.3
CVE-2013-1668 EXPLOITDB text
Coscms < 1.721 - OS Command Injection
The uploadFile function in upload/index.php in CosCMS before 1.822 allows remote administrators to execute arbitrary commands via shell metacharacters in the name of an uploaded file.
by High-Tech Bridge SA
CVE-2013-1861 EXPLOITDB text VERIFIED
Mariadb < 5.5.32 - Memory Corruption
MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.
by Alyssa Milburn
EIP-2026-100860 EXPLOITDB text
mnoGoSearch 3.3.12 (search.cgi) - Arbitrary File Read
by Sergey Bobrov
EIP-2026-102292 EXPLOITDB text
Remote File Manager 1.2 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2013-2504 EXPLOITDB text VERIFIED
Matrix42 Service Store <5.33.946.0 - XSS
Cross-site scripting (XSS) vulnerability in SPS/Portal/default.aspx in Service Desk in Matrix42 Service Store 5.3 SP3 (aka 5.33.946.0) allows remote attackers to inject arbitrary web script or HTML via the query string.
by 43zsec
EIP-2026-115513 EXPLOITDB text
Kaspersky Internet Security 2013 - Denial of Service
by Marc Heuse
EIP-2026-113659 EXPLOITDB text VERIFIED
WordPress Plugin Count Per Day - 'daytoshow' Cross-Site Scripting
by alejandr0.m0f0
EIP-2026-103691 EXPLOITDB text VERIFIED
Varnish Cache - Multiple Denial of Service Vulnerabilities
by tytusromekiatomek
EIP-2026-102742 EXPLOITDB text VERIFIED
Squid - 'httpMakeVaryMark()' Remote Denial of Service
by tytusromekiatomek
EIP-2026-109849 EXPLOITDB text VERIFIED
Nconf 1.3 - Multiple SQL Injections
by Saadi Siddiqui
EIP-2026-102376 EXPLOITDB text VERIFIED
HP Intelligent Management Center - 'topoContent.jsf' Cross-Site Scripting
by Julien Ahrens
CVE-2013-2271 EXPLOITDB text
Dlink Dsl-2740b Firmware - Access Control
The D-Link DSL-2740B Gateway with firmware EU_1.0, when an active administrator session exists, allows remote attackers to bypass authentication and gain administrator access via a request to login.cgi.
by Ivano Binetti
EIP-2026-111345 EXPLOITDB text VERIFIED
Plogger - Multiple Input Validation Vulnerabilities
by Saadat Ullah
CVE-2013-1468 EXPLOITDB text VERIFIED
Piwigo < 2.4.6 - CSRF
Cross-site request forgery (CSRF) vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create arbitrary PHP files via unspecified vectors.
by High-Tech Bridge SA
CVE-2013-2287 EXPLOITDB text VERIFIED
Roberta Bramski Uploader - XSS
Multiple cross-site scripting (XSS) vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter.
by CodeV
CVE-2013-1469 EXPLOITDB text VERIFIED
Piwigo < 2.4.6 - Path Traversal
Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the dl parameter.
by High-Tech Bridge SA
CVE-2013-7375 EXPLOITDB text
PHP-Fusion <7.02.05 - SQL Injection
SQL injection vulnerability in includes/classes/Authenticate.class.php in PHP-Fusion 7.02.01 through 7.02.05 allows remote attackers to execute arbitrary SQL commands via the user ID in a user cookie, a different vulnerability than CVE-2013-1803.
by waraxe
EIP-2026-106544 EXPLOITDB text VERIFIED
doorGets CMS - Cross-Site Request Forgery
by n0pe
CVE-2013-2289 EXPLOITDB text VERIFIED
Batavi - XSS
Cross-site scripting (XSS) vulnerability in admin/templates/default.php in Batavi 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to admin/index.php.
by Dognaedis
CVE-2013-2560 EXPLOITDB text VERIFIED
Foscam <11.37.2.49 - Path Traversal
Directory traversal vulnerability in the web interface on Foscam devices with firmware before 11.37.2.49 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI, as demonstrated by discovering (1) web credentials or (2) Wi-Fi credentials.
by Frederic Basse
EIP-2026-113639 EXPLOITDB text VERIFIED
WordPress Plugin Comment Rating 2.9.32 - Multiple Vulnerabilities
by ebanyu
CVE-2013-1453 EXPLOITDB text VERIFIED
Joomla! - SQL Injection
plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight parameter. Note: it was originally reported that this issue only allowed attackers to obtain sensitive information, but later analysis demonstrated that other attacks exist.
by EgiX
EIP-2026-107359 EXPLOITDB text VERIFIED
Geeklog - Cross-Site Scripting
by High-Tech Bridge
EIP-2026-111783 EXPLOITDB text
Rix4Web Portal - Blind SQL Injection
by L0n3ly-H34rT
By Source
All 31,337 Writeup 60,223 Exploitdb 50,000 Nomisec 21,761 Metasploit 3,221 Github 2,593 Vulncheck_xdb 906 Inthewild 514 Gitlab 442 Gitee 415 Patchapalooza 312
By Language
text 31,337 python 5,970 ruby 5,910 c 3,567 perl 2,849 html 2,053 php 1,326 bash 460 java 362 c++ 250 javascript 215 shell 91 go 55 postscript 25 xml 24