Exploitdb Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-109857 EXPLOITDB text
NeoBill CMS 0.8 Alpha - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-105275 EXPLOITDB text
ASTPP VoIP Billing (4cf207a) - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2012-2996 EXPLOITDB text
Trend Micro InterScan Messaging Security Suite 7.1 - CSRF
Cross-site request forgery (CSRF) vulnerability in saveAccountSubTab.imss in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allows remote attackers to hijack the authentication of administrators for requests that create admin accounts via a saveAuth action.
by modpr0be
CVE-2012-5863 EXPLOITDB text
Sinapsi eSolar, eSolar DUO, eSolar Light, and sinapsi_firmware < 2.0.2870 - Authenticated OS Command Injection
These Sinapsi devices do not check for special elements in commands sent to the system. By accessing certain pages with administrative privileges that do not require authentication within the device, attackers can execute arbitrary, unexpected, or dangerous commands directly onto the operating system.
by Roberto Paleari
CVE-2012-5862 EXPLOITDB text
Sinapsi eSolar, eSolar DUO, eSolar Light and sinapsi_firmware < 2.0.2870 - Use of Hard-coded Password
These Sinapsi devices store hard-coded passwords in the PHP file of the device. By using the hard-coded passwords in the device, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access.
by Roberto Paleari
CVE-2012-5861 EXPLOITDB text
Sinapsi eSolar, eSolar DUO, and eSolar Light < 2.0.2870_xxx_2.2.12 - Unauthenticated SQL Injection
These Sinapsi devices do not check the validity of the data before executing queries. By accessing the SQL table of certain pages that do not require authentication within the device, attackers can leak information from the device. This could allow the attacker to compromise confidentiality.
by Roberto Paleari
EIP-2026-113308 EXPLOITDB text VERIFIED
Webify Photo Gallery - Arbitrary File Deletion
by JIKO
EIP-2026-113306 EXPLOITDB text
Webify eDownloads Cart - Arbitrary File Deletion
by JIKO
EIP-2026-113305 EXPLOITDB text VERIFIED
Webify Business Directory - Arbitrary File Deletion
by JIKO
CVE-2012-4773 EXPLOITDB text
Subrion CMS < 2.2.3 - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding an administrator account via an add action to admin/accounts/add/.
by LiquidWorm
CVE-2012-5864 EXPLOITDB text
Sinapsi eSolar, eSolar DUO, eSolar Light, and sinapsi_firmware < 2.0.2870 - Unauthenticated Administrative Access
These Sinapsi devices do not check if users that visit pages within the device have properly authenticated. By directly visiting the pages within the device, attackers can gain unauthorized access with administrative privileges.
by Roberto Paleari
EIP-2026-104173 EXPLOITDB text VERIFIED
Atlassian Confluence 3.4.x - Error Page Cross-Site Scripting
by D. Niedermaier
EIP-2026-100390 EXPLOITDB text
Knowledge Base Enterprise Edition 4.62.0 - SQL Injection
by Vulnerability-Lab
CVE-2012-4908 EXPLOITDB text VERIFIED
Google Chrome < 18.0.1025306 - Same Origin Policy Bypass via Symlink
Google Chrome before 18.0.1025308 on Android allows remote attackers to bypass the Same Origin Policy and obtain access to local files via vectors involving a symlink.
by Artem Chaykin
CVE-2012-4906 EXPLOITDB text VERIFIED
Google Chrome <18.0.1025308 - Info Disclosure
Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4903.
by Artem Chaykin
CVE-2012-4909 EXPLOITDB text VERIFIED
Google Chrome <18.0.1025308 - Info Disclosure
Google Chrome before 18.0.1025308 on Android allows remote attackers to obtain cookie information via a crafted application.
by Artem Chaykin
CVE-2012-4905 EXPLOITDB text VERIFIED
Google Chrome < 18.0.1025306 - Cross-Site Scripting via Intent Extra
Cross-site scripting (XSS) vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script or HTML via an extra in an Intent object, aka "Universal XSS (UXSS)."
by Artem Chaykin
EIP-2026-113304 EXPLOITDB text VERIFIED
Webify Blog - Arbitrary File Deletion
by JIKO
EIP-2026-107061 EXPLOITDB text VERIFIED
FBDj - 'id' SQL Injection
by TUNISIAN CYBER
EIP-2026-105061 EXPLOITDB text VERIFIED
akcms 4.2.4 - Information Disclosure
by L0n3ly-H34rT
EIP-2026-113074 EXPLOITDB text
VICIDIAL Call Center Suite 2.2.1-237 - Multiple Vulnerabilities
by Ertebat Gostar Co
EIP-2026-113073 EXPLOITDB text VERIFIED
VICIDIAL Call Center Suite - Multiple SQL Injections
by Ertebat Gostar Co
EIP-2026-112187 EXPLOITDB text VERIFIED
SiteGo - Remote File Inclusion
by L0n3ly-H34rT
CVE-2010-1480 EXPLOITDB text
Joomla! com_rokmodule 1.1 - SQL Injection
SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the module parameter to index.php. NOTE: some of these details are obtained from third party information.
by Yarolinux
CVE-2008-6720 EXPLOITDB text VERIFIED
DeltaScripts PHP Links < 1.3 - SQL Injection via admin_username Parameter
SQL injection vulnerability in admin/adm_login.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the admin_username parameter (aka the admin field).
by L0n3ly-H34rT