Exploitdb Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-103251 EXPLOITDB text VERIFIED
YingZhiPython - Directory Traversal / Arbitrary File Upload
by Larry Cashdollar
CVE-2011-1613 EXPLOITDB text
Cisco Wireless LAN Controller <6.0.200.0-7.0.112.0 - DoS
Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 6.0 before 6.0.200.0, 7.0 before 7.0.98.216, and 7.0.1xx before 7.0.112.0 allows remote attackers to cause a denial of service (device reload) via a sequence of ICMP packets, aka Bug ID CSCth74426.
by Daniel Smith
EIP-2026-114120 EXPLOITDB text VERIFIED
WordPress Plugin Token Manager - 'tid' Cross-Site Scripting
by TheCyberNuxbie
EIP-2026-113063 EXPLOITDB text
ViArt Shop Enterprise 4.1 - Arbitrary Command Execution
by LiquidWorm
EIP-2026-100942 EXPLOITDB text VERIFIED
ZEN Load Balancer - Multiple Vulnerabilities
by Brendan Coles
EIP-2026-114514 EXPLOITDB text VERIFIED
YCommerce - Multiple SQL Injections
by Ricardo Almeida
CVE-2012-4242 EXPLOITDB text VERIFIED
MF Gig Calendar 0.9.2 - Cross-Site Scripting via Query String
Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page.
by Chris Cooper
EIP-2026-111448 EXPLOITDB text VERIFIED
Poweradmin - 'index.php' Cross-Site Scripting
by Siavash
EIP-2026-109313 EXPLOITDB text VERIFIED
Manhali 1.8 - Local File Inclusion
by L0n3ly-H34rT
EIP-2026-119436 EXPLOITDB text
SpiceWorks 6.0.00993 - Multiple Script Injection Vulnerabilities
by LiquidWorm
EIP-2026-119433 EXPLOITDB text
SonicWALL email security 7.3.5 - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-114269 EXPLOITDB text VERIFIED
WordPress Plugin wp-topbar 4.02 - Multiple Vulnerabilities
by Blake Entrekin
EIP-2026-112752 EXPLOITDB text VERIFIED
torrenttrader 2.08 - Multiple Vulnerabilities
by waraxe
EIP-2026-101746 EXPLOITDB text
Fortigate UTM WAF Appliance - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-113504 EXPLOITDB text VERIFIED
WordPress Core 3.4.2 - Multiple Path Disclosure Vulnerabilities
by AkaStep
EIP-2026-113005 EXPLOITDB text VERIFIED
vBulletin 4.1.12 - 'blog_plugin_useradmin.php' SQL Injection
by Am!r
EIP-2026-112548 EXPLOITDB text VERIFIED
TAGWORX.CMS - 'cid' SQL Injection
by Crim3R
EIP-2026-100748 EXPLOITDB text VERIFIED
AxisInternet VoIP Manager - Multiple Cross-Site Scripting Vulnerabilities
by Benjamin Kunz Mejri
CVE-2012-10038 EXPLOITDB CRITICAL text VERIFIED
Auxilium RateMyPet - Unauthenticated Arbitrary File Upload via Banner Upload Feature
Auxilium RateMyPet contains an unauthenticated arbitrary file upload vulnerability in upload_banners.php. The banner upload feature fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files. These files are stored in a web-accessible /banners/ directory and can be executed directly, resulting in remote code execution.
by DaOne
CVE-2012-0271 EXPLOITDB text VERIFIED
Novell GroupWise <8.0.3-2012.SP1 - RCE
Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow, as demonstrated by a request with -1 in the Content-Length HTTP header.
by Francis Provencher
EIP-2026-113272 EXPLOITDB text
webERP 4.08.4 - 'WorkOrderEntry.php' SQL Injection
by modpr0be
CVE-2012-3859 EXPLOITDB text
Netsweeper WebAdmin Portal - Impact Unknown
Unspecified vulnerability in the WebAdmin Portal in Netsweeper has unknown impact and attack vectors, a different vulnerability than CVE-2012-2446 and CVE-2012-2447.
by Jacob Holcomb
EIP-2026-109487 EXPLOITDB text VERIFIED
minimal Gallery - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
by ayastar
EIP-2026-109225 EXPLOITDB text VERIFIED
luxcal 2.7.0 - Multiple Vulnerabilities
by L0n3ly-H34rT
CVE-2012-2994 EXPLOITDB text VERIFIED
CoSoSys Endpoint Protector 4 - Info Disclosure
The CoSoSys Endpoint Protector 4 appliance establishes an EPProot password based entirely on the appliance serial number, which makes it easier for remote attackers to obtain access via a brute-force attack.
by Christopher Campbell