Exploitdb Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-2437 EXPLOITDB text VERIFIED
ar web content manager 2.2 - Unauthenticated Improper Authentication via cookie_gen.php
cookie_gen.php in ar web content manager (AWCM) 2.2 does not require authentication, which allows remote attackers to generate arbitrary cookies via the name parameter in conjunction with the content parameter.
by Sooel Son
EIP-2026-114434 EXPLOITDB text VERIFIED
Xivo 1.2 - Arbitrary File Download
by Mr.Un1k0d3r
EIP-2026-113760 EXPLOITDB text VERIFIED
WordPress Plugin FLV Player - 'id' SQL Injection
by Ashiyane Digital Security Team
CVE-2012-5367 EXPLOITDB text VERIFIED
OrangeHRM 2.7.1 RC 1 - SQL Injection
Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow remote authenticated administrators to execute arbitrary SQL commands via the sortField parameter to (1) viewCustomers, (2) viewPayGrades, or (3) viewSystemUsers in symfony/web/index.php/admin/, as demonstrated using cross-site request forgery (CSRF) attacks.
by High-Tech Bridge
CVE-2013-4103 EXPLOITDB CRITICAL text VERIFIED
Cryptocat < 2.0.22 - Remote Script Injection via Improper Input Sanitization
Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input
by Mario Heiderich
CVSS 9.8
CVE-2013-2261 EXPLOITDB HIGH text VERIFIED
Cryptocat < 2.0.22 - Information Disclosure via img/keygen.gif
Cryptocat before 2.0.22 Chrome Extension 'img/keygen.gif' has Information Disclosure
by Mario Heiderich
CVSS 7.5
EIP-2026-101545 EXPLOITDB text
AVerCaster Pro RS3400 Web Server - Directory Traversal
by Patrick Saladino
EIP-2026-114611 EXPLOITDB text VERIFIED
ZenPhoto 1.4.3.3 - Multiple Vulnerabilities
by waraxe
CVE-2012-4951 EXPLOITDB text VERIFIED
VeriFone VeriCentre Web Console <2.2.36 - SQL Injection
Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in VeriFone VeriCentre Web Console before 2.2 build 36 allow remote attackers to execute arbitrary SQL commands via the (1) TerminalId, (2) ModelName, or (3) ApplicationName parameter.
by Cory Eubanks
CVE-2012-5685 EXPLOITDB text VERIFIED
ZPanel < 10.0.1 - SQL Injection via inEmailAddress Parameter
SQL injection vulnerability in ZPanel 10.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the inEmailAddress parameter in an UpdateClient action in the manage_clients module to the default URI.
by pcsjj
CVE-2012-5684 EXPLOITDB text VERIFIED
ZPanel < 10.0.1 - Cross-Site Scripting via inFullname Parameter
Cross-site scripting (XSS) vulnerability in ZPanel 10.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the inFullname parameter in an UpdateAccountSettings action in the my_account module to zpanel/.
by pcsjj
CVE-2012-5683 EXPLOITDB text VERIFIED
ZPanel < 10.0.1 - Cross-Site Request Forgery via FTP User Creation
Multiple cross-site request forgery (CSRF) vulnerabilities in ZPanel 10.0.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create new FTP users via a CreateFTP action in the ftp_management module to the default URI, (2) conduct cross-site scripting (XSS) attacks via the inFullname parameter in an UpdateAccountSettings action in the my_account module to zpanel/, or (3) conduct SQL injection attacks via the inEmailAddress parameter in an UpdateClient action in the manage_clients module to the default URI.
by pcsjj
CVE-2012-5686 EXPLOITDB CRITICAL text VERIFIED
ZPanel 10.0.1 - Weak Password Recovery Mechanism
ZPanel 10.0.1 has insufficient entropy for its password reset process.
by pcsjj
CVSS 9.8
EIP-2026-104084 EXPLOITDB text VERIFIED
Sophos Products - Multiple Vulnerabilities
by Tavis Ormandy
EIP-2026-101584 EXPLOITDB text
CheckPoint/Sofaware Firewall - Multiple Vulnerabilities
by Procheckup
EIP-2026-117988 EXPLOITDB text VERIFIED
Sysax FTP Automation Server 5.33 - Local Privilege Escalation
by Craig Freyman
EIP-2026-115520 EXPLOITDB text VERIFIED
KMPlayer 3.3.0.33 - Multiple Vulnerabilities
by Mr.XHat
EIP-2026-114867 EXPLOITDB text VERIFIED
Adobe Reader 11.0.0 - Stack Overflow Crash (PoC)
by coolkaveh
EIP-2026-114082 EXPLOITDB text VERIFIED
WordPress Plugin Spider Catalog 1.1 - HTML Code Injection / Cross-Site Scripting
by D4NB4R
EIP-2026-105332 EXPLOITDB text VERIFIED
AWAuctionScript CMS - Multiple Remote Vulnerabilities
by X-Cisadane
EIP-2026-108822 EXPLOITDB text VERIFIED
Joomla! Component Parcoauto - 'idVeicolo' SQL Injection
by Andrea Bocchetti
CVE-2012-6653 EXPLOITDB text VERIFIED
All Video Gallery <1.2.0 - Info Disclosure
Unspecified vulnerability in the All Video Gallery (all-video-gallery) plugin before 1.2.0 for WordPress has unspecified impact and attack vectors.
by Ashiyane Digital Security Team
EIP-2026-113019 EXPLOITDB text VERIFIED
vBulletin ChangUonDyU Advanced Statistics - SQL Injection
by Juno_okyo
EIP-2026-111497 EXPLOITDB text
PrestaShop 1.5.1 - Persistent Cross-Site Scripting
by David Sopas
EIP-2026-106380 EXPLOITDB text VERIFIED
DCForum - 'auth_user_file.txt' File Multiple Information Disclosure Vulnerabilities
by r45c4l