Exploitdb Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-109011 EXPLOITDB text VERIFIED
KindEditor - Multiple Arbitrary File Upload Vulnerabilities
by KedAns-Dz
EIP-2026-112512 EXPLOITDB text VERIFIED
SWFupload - Multiple Content Spoofing / Cross-Site Scripting Vulnerabilities
by MustLive
EIP-2026-105273 EXPLOITDB text VERIFIED
Asteriskguru Queue Statistics - 'warning' Cross-Site Scripting
by Manuel García Cárdenas
EIP-2026-114543 EXPLOITDB text VERIFIED
Your Own Classifieds - Cross-Site Scripting
by Rafay Baloch
CVE-2013-2501 EXPLOITDB text VERIFIED
terillion_reviews_plugin < 1.1 - Cross-Site Scripting via ProfileId Field
Cross-site scripting (XSS) vulnerability in the Terillion Reviews plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ProfileId field.
by Aditya Balapure
CVE-2013-5094 EXPLOITDB text VERIFIED
McAfee Vulnerability Manager 7.5 - Cross-Site Scripting via cert_cn Cookie Parameter
Cross-site scripting (XSS) vulnerability in index.exp in McAfee Vulnerability Manager 7.5 allows remote attackers to inject arbitrary web script or HTML via the cert_cn cookie parameter.
by Asheesh Anaconda
CVE-2013-20006 EXPLOITDB HIGH text VERIFIED
Qool CMS Multiple Persistent Cross-Site Scripting Vulnerabilities
Qool CMS contains multiple persistent cross-site scripting vulnerabilities in several administrative scripts where POST parameters are not properly sanitized before being stored and returned to users. Attackers can inject malicious JavaScript code through parameters like 'title', 'name', 'email', 'username', 'link', and 'task' in endpoints such as addnewtype, addnewdatafield, addmenu, addusergroup, addnewuserfield, adduser, addgeneraldata, and addcontentitem to execute arbitrary scripts in administrator browsers.
by LiquidWorm
CVSS 7.5
CVE-2013-20005 EXPLOITDB MEDIUM text VERIFIED
Qool CMS 2.0 RC2 Cross-Site Request Forgery via adduser
Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious web pages. Attackers can forge POST requests to the /admin/adduser endpoint with parameters like username, password, email, and level to create root-level user accounts without user consent.
by LiquidWorm
CVSS 5.3
CVE-2013-1668 EXPLOITDB text
CosCMS < 1.822 - Authenticated OS Command Injection via Uploaded File Name
The uploadFile function in upload/index.php in CosCMS before 1.822 allows remote administrators to execute arbitrary commands via shell metacharacters in the name of an uploaded file.
by High-Tech Bridge SA
CVE-2013-1861 EXPLOITDB text VERIFIED
MariaDB 5.1.x-5.5.x - Denial of Service via Crafted Geometry Feature
MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.
by Alyssa Milburn
EIP-2026-100860 EXPLOITDB text
mnoGoSearch 3.3.12 (search.cgi) - Arbitrary File Read
by Sergey Bobrov
EIP-2026-102292 EXPLOITDB text
Remote File Manager 1.2 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2013-2504 EXPLOITDB text VERIFIED
Matrix42 Service Store <5.33.946.0 - XSS
Cross-site scripting (XSS) vulnerability in SPS/Portal/default.aspx in Service Desk in Matrix42 Service Store 5.3 SP3 (aka 5.33.946.0) allows remote attackers to inject arbitrary web script or HTML via the query string.
by 43zsec
EIP-2026-115513 EXPLOITDB text
Kaspersky Internet Security 2013 - Denial of Service
by Marc Heuse
EIP-2026-113659 EXPLOITDB text VERIFIED
WordPress Plugin Count Per Day - 'daytoshow' Cross-Site Scripting
by alejandr0.m0f0
EIP-2026-103691 EXPLOITDB text VERIFIED
Varnish Cache - Multiple Denial of Service Vulnerabilities
by tytusromekiatomek
EIP-2026-102742 EXPLOITDB text VERIFIED
Squid - 'httpMakeVaryMark()' Remote Denial of Service
by tytusromekiatomek
EIP-2026-109849 EXPLOITDB text VERIFIED
Nconf 1.3 - Multiple SQL Injections
by Saadi Siddiqui
EIP-2026-102376 EXPLOITDB text VERIFIED
HP Intelligent Management Center - 'topoContent.jsf' Cross-Site Scripting
by Julien Ahrens
CVE-2013-2271 EXPLOITDB text
D-Link DSL-2740B Firmware EU_1.0 - Unauthenticated Authentication Bypass via login.cgi
The D-Link DSL-2740B Gateway with firmware EU_1.0, when an active administrator session exists, allows remote attackers to bypass authentication and gain administrator access via a request to login.cgi.
by Ivano Binetti
EIP-2026-111345 EXPLOITDB text VERIFIED
Plogger - Multiple Input Validation Vulnerabilities
by Saadat Ullah
CVE-2013-1468 EXPLOITDB text VERIFIED
Piwigo < 2.4.7 - Cross-Site Request Forgery via LocalFiles Editor Plugin
Cross-site request forgery (CSRF) vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create arbitrary PHP files via unspecified vectors.
by High-Tech Bridge SA
CVE-2013-2287 EXPLOITDB text VERIFIED
Uploader 1.0.4 - Cross-Site Scripting via Notify or Blog Parameter
Multiple cross-site scripting (XSS) vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter.
by CodeV
CVE-2013-1469 EXPLOITDB text VERIFIED
Piwigo < 2.4.7 - Path Traversal via Install.php DL Parameter
Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the dl parameter.
by High-Tech Bridge SA
CVE-2013-7375 EXPLOITDB text
PHP-Fusion <7.02.05 - SQL Injection
SQL injection vulnerability in includes/classes/Authenticate.class.php in PHP-Fusion 7.02.01 through 7.02.05 allows remote attackers to execute arbitrary SQL commands via the user ID in a user cookie, a different vulnerability than CVE-2013-1803.
by waraxe