Exploitdb Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-101620 EXPLOITDB text
D-Link DCS Cameras - Multiple Vulnerabilities
by Roberto Paleari
EIP-2026-101578 EXPLOITDB text
Buffalo TeraStation TS-Series - Multiple Vulnerabilities
by Andrea Fabrizi
EIP-2026-109035 EXPLOITDB text
Kohana Framework 2.3.3 - Directory Traversal
by Vulnerability-Lab
CVE-2013-1391 EXPLOITDB HIGH text VERIFIED
Hunt CCTV DVR Firmware - Unauthenticated Configuration Disclosure
Authentication bypass vulnerability in the the web interface in Hunt CCTV, Capture CCTV, Hachi CCTV, NoVus CCTV, and Well-Vision Inc DVR systems allows a remote attacker to retrieve the device configuration.
by Alejandro Ramos
CVSS 7.5
CVE-2013-1471 EXPLOITDB text
FortiMail < 4.3.4 - Stored Cross-Site Scripting via Black List or Personal Black/White List
Multiple cross-site scripting (XSS) vulnerabilities in admin/FEAdmin.html in Fortinet FortiMail before 4.3.4 on FortiMail Identity-Based Encryption (IBE) appliances allow user-assisted remote attackers to inject arbitrary web script or HTML via (1) the Add field for the Black List under Antispam Management User Preferences or (2) the User name field for the Personal Black/White List in the AntiSpam section.
by Vulnerability-Lab
EIP-2026-100971 EXPLOITDB text
pfSense UTM Platform 2.0.1 - Cross-Site Scripting
by Dimitris Strevinas
CVE-2013-1412 EXPLOITDB text VERIFIED
DataLife Engine 9.7 - Remote Code Execution via catlist[] Parameter
DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier.
by EgiX
CVE-2013-1451 EXPLOITDB text
Microsoft Internet Explorer 8-9 - CSRF
Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent with the Address bar, which makes it easier for remote attackers to spoof web sites via a crafted HTML document that triggers many HTTPS requests to an arbitrary host, followed by an HTTPS request to a trusted host and then an HTTP request to an untrusted host, a related issue to CVE-2013-1450.
by Christian Haider
EIP-2026-110791 EXPLOITDB text VERIFIED
PHP weby directory software 1.2 - Multiple Vulnerabilities
by AkaStep
CVE-2013-7387 EXPLOITDB text VERIFIED
DataLife Engine <9.7 - Info Disclosure
Session fixation vulnerability in DataLife Engine (DLE) 9.7 and earlier allows remote attackers to hijack web sessions via the PHPSESSID cookie.
by EgiX
EIP-2026-114076 EXPLOITDB text VERIFIED
WordPress Plugin SolveMedia 1.1.0 - Cross-Site Request Forgery
by Junaid Hussain
EIP-2026-111251 EXPLOITDB text VERIFIED
PHPWeby Free Directory Script - 'contact.php' Multiple SQL Injections
by AkaStep
CVE-2012-6290 EXPLOITDB text
ImageCMS < 4.2 - Authenticated SQL Injection via Admin Search Parameter
SQL injection vulnerability in ImageCMS before 4.2 allows remote authenticated administrators to execute arbitrary SQL commands via the q parameter to admin/admin_search/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
by High-Tech Bridge SA
EIP-2026-107716 EXPLOITDB text VERIFIED
iCart Pro - 'section' SQL Injection
by n3tw0rk
EIP-2026-114889 EXPLOITDB text VERIFIED
Aloaha PDF Crypter (3.5.0.1164) - ActiveX Arbitrary File Overwrite
by shinnai
CVE-2013-1463 EXPLOITDB text VERIFIED
WP-Table Reloaded < 1.9.4 - Cross-Site Scripting via id Parameter
Cross-site scripting (XSS) vulnerability in js/tabletools/zeroclipboard.swf in the WP-Table Reloaded module before 1.9.4 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this might be the same vulnerability as CVE-2013-1808. If so, it is likely that CVE-2013-1463 will be REJECTed.
by hiphop
EIP-2026-114312 EXPLOITDB text VERIFIED
WordPress Theme Chocolate WP - Multiple Vulnerabilities
by Eugene Dokukin
CVE-2013-0807 EXPLOITDB text VERIFIED
gpEasy CMS < 3.5.2 - Cross-Site Scripting via Section Parameter
Cross-site scripting (XSS) vulnerability in the NewSectionPrompt function in include/tool/editing_page.php in gpEasy CMS 3.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the section parameter in a new_section action to index.php.
by High-Tech Bridge SA
EIP-2026-113680 EXPLOITDB text VERIFIED
WordPress Plugin Developer Formatter - Cross-Site Request Forgery
by Junaid Hussain
CVE-2013-1402 EXPLOITDB text VERIFIED
DigiLIBE 3.4 - Exposure of Sensitive Configuration Information via Direct Request
DigiLIBE 3.4 and possibly other versions sends a redirect but does not exit, which allows remote attackers to obtain sensitive configuration information via a direct request to configuration/general_configuration.html.
by Robert Gilbert
EIP-2026-104968 EXPLOITDB text VERIFIED
Adult WebMaster Script - Password Disclosure
by Dshellnoi Unix
CVE-2013-1410 EXPLOITDB MEDIUM text VERIFIED
Perforce P4web 2011.1 and 2012.1 - Cross-Site Scripting
Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities
by Christy Philip Mathew
CVSS 6.1
EIP-2026-109848 EXPLOITDB text VERIFIED
NConf 1.3 - Arbitrary File Creation
by haidao
EIP-2026-109847 EXPLOITDB text VERIFIED
NConf 1.3 - '/detail.php/detail_admin_items.php?id' SQL Injection
by haidao
CVE-2013-0221 EXPLOITDB text VERIFIED
Red Hat Enterprise Linux - Denial of Service via Long String to sort Command with -d or -M Switch
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function.
by anonymous