Exploitdb Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-113743 EXPLOITDB text VERIFIED
WordPress Plugin Feedweb - 'wp_post_id' Cross-Site Scripting
by Stefan Schurtz
EIP-2026-119391 EXPLOITDB text
MailOrderWorks 5.907 - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2012-5879 EXPLOITDB text
McAfee Virtual Technician and ePO-MVT < 6.5.0.2101 - Arbitrary File Write via McHealthCheck.dll Save Method
An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician (MVT) and ePO-MVT 6.5.0.2101 and earlier allows remote attackers to modify or create arbitrary files via a full pathname argument to the Save method.
by High-Tech Bridge SA
CVE-2013-2690 EXPLOITDB text
Synchroweb SynConnect 2.0 - SQL Injection via LoginID Parameter
SQL injection vulnerability in index.php in Synchroweb Technology SynConnect 2.0 allows remote attackers to execute arbitrary SQL commands via the loginid parameter in a logoff action.
by Bhadresh Patel
CVE-2013-2474 EXPLOITDB HIGH text
AWS XMS 2.5 - Path Traversal via 'what' Parameter
Directory traversal vulnerability in AWS XMS 2.5 allows remote attackers to view arbitrary files via the 'what' parameter.
by High-Tech Bridge SA
CVSS 7.5
CVE-2013-1942 EXPLOITDB text VERIFIED
jPlayer < 2.2.20 - Cross-Site Scripting via jQuery or id Parameters
Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id parameters, as demonstrated using document.write in the jQuery parameter, a different vulnerability than CVE-2013-2022 and CVE-2013-2023.
by Malte Batram
EIP-2026-101121 EXPLOITDB text
Draytek Vigor 3900 1.06 - Local Privilege Escalation
by Mohammad abou hayt
CVE-2013-3721 EXPLOITDB text VERIFIED
PsychoStats 3.2.2b - SQL Injection via Awards Page d Parameter
SQL injection vulnerability in awards.php in PsychoStats 3.2.2b allows remote attackers to execute arbitrary SQL commands via the d parameter.
by Mohamed from ALG
EIP-2026-110344 EXPLOITDB text VERIFIED
OrionDB Web Directory - Multiple Cross-Site Scripting Vulnerabilities
by 3spi0n
CVE-2012-5909 EXPLOITDB text VERIFIED
MyBB 1.6.6 - SQL Injection via conditions[usergroup][] Parameter
SQL injection vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to execute arbitrary SQL commands via the conditions[usergroup][] parameter in a search action to admin/index.php.
by Aditya Modha
CVE-2012-5908 EXPLOITDB text VERIFIED
MyBB 1.6.6 - Cross-Site Scripting via User Search Conditions Parameter
Cross-site scripting (XSS) vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to inject arbitrary web script or HTML via the conditions[usergroup][] parameter in a search action to admin/index.php.
by Aditya Modha
CVE-2008-5489 EXPLOITDB text VERIFIED
ClipShare Pro <2008 - SQL Injection
SQL injection vulnerability in channel_detail.php in ClipShare Pro 4, and 2006 through 2007, allows remote attackers to execute arbitrary SQL commands via the chid parameter.
by Esac
EIP-2026-113882 EXPLOITDB text VERIFIED
WordPress Plugin Mathjax Latex 1.1 - Cross-Site Request Forgery
by Junaid Hussain
EIP-2026-103933 EXPLOITDB text VERIFIED
IBM Lotus Domino 8.5.x - 'x.nsf' Multiple Cross-Site Scripting Vulnerabilities
by MustLive
EIP-2026-101422 EXPLOITDB text
Rosewill RSVA11001 - Remote Command Injection
by Eric Urban
EIP-2026-113589 EXPLOITDB text VERIFIED
WordPress Plugin Banners Lite - 'wpbanners_show.php' HTML Injection
by Fernando A. Lagos B
EIP-2026-107212 EXPLOITDB text VERIFIED
Free Hosting Manager 2.0.2 - Multiple SQL Injections
by Saadi Siddiqui
EIP-2026-105943 EXPLOITDB text VERIFIED
ClipShare 4.1.1 - 'gid' Blind SQL Injection
by Esac
CVE-2013-6229 EXPLOITDB text VERIFIED
Atmail Webmail Server 7.0.2 - Cross-Site Scripting via Filter or MailId Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or (2) mailId[] parameter to index.php/mail/mail/movetofolder/fromFolder/INBOX/toFolder/INBOX.Trash. NOTE: the view attachment message process vector is already covered by CVE-2013-2585.
by Vicente Aguilera Diaz
CVE-2013-6229 EXPLOITDB text VERIFIED
Atmail Webmail Server 7.0.2 - Cross-Site Scripting via Filter or MailId Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or (2) mailId[] parameter to index.php/mail/mail/movetofolder/fromFolder/INBOX/toFolder/INBOX.Trash. NOTE: the view attachment message process vector is already covered by CVE-2013-2585.
by Vicente Aguilera Diaz
CVE-2013-6229 EXPLOITDB text VERIFIED
Atmail Webmail Server 7.0.2 - Cross-Site Scripting via Filter or MailId Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or (2) mailId[] parameter to index.php/mail/mail/movetofolder/fromFolder/INBOX/toFolder/INBOX.Trash. NOTE: the view attachment message process vector is already covered by CVE-2013-2585.
by Vicente Aguilera Diaz
EIP-2026-108039 EXPLOITDB text VERIFIED
Jaow CMS - 'add_ons' Cross-Site Scripting
by Metropolis
EIP-2026-117761 EXPLOITDB text VERIFIED
Photodex ProShow Gold/Producer 5.0.3310/6.0.3410 - 'ScsiAccess.exe' Local Privilege Escalation
by Julien Ahrens
EIP-2026-112444 EXPLOITDB text VERIFIED
Stradus CMS 1.0beta4 - Multiple Vulnerabilities
by DaOne
EIP-2026-112211 EXPLOITDB text VERIFIED
Slash CMS - Multiple Vulnerabilities
by DaOne