Exploitdb Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-101607 EXPLOITDB text
Conceptronic Grab'n'Go Network Storage - Directory Traversal
by Mattijs van Ommeren
CVE-2012-4748 EXPLOITDB text VERIFIED
Admidio 2.3.5 - Multiple Vulnerabilities
by Stefan Schurtz
EIP-2026-105326 EXPLOITDB text VERIFIED
AV Arcade Free Edition - 'add_rating.php?id' Blind SQL Injection
by DaOne
CVE-2012-4749 EXPLOITDB text VERIFIED
Admidio 2.3.5 - Multiple Vulnerabilities
by Stefan Schurtz
CVE-2012-4170 EXPLOITDB text VERIFIED
Adobe Photoshop CS6 13.x - Remote Code Execution via Crafted File
Buffer overflow in Adobe Photoshop CS6 13.x before 13.0.1 allows remote attackers to execute arbitrary code via a crafted file.
by Francis Provencher
EIP-2026-112475 EXPLOITDB text
SugarCRM Community Edition 6.5.2 (Build 8410) - Multiple Vulnerabilities
by Brendan Coles
EIP-2026-113029 EXPLOITDB text VERIFIED
vBulletin Yet Another Awards System 4.0.2 - SQL Injection
by Backsl@sh/Dan
EIP-2026-112474 EXPLOITDB text VERIFIED
SugarCRM Community Edition - Multiple Information Disclosure Vulnerabilities
by Brendan Coles
EIP-2026-119658 EXPLOITDB text VERIFIED
SquidGuard 1.4 - Long URL Handling Remote Denial of Service
by Stefan Bauer
CVE-2012-4768 EXPLOITDB text VERIFIED
WordPress Download Monitor <3.3.5.9 - XSS
Cross-site scripting (XSS) vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI.
by Chris Cooper
EIP-2026-112738 EXPLOITDB text VERIFIED
TomatoCart - 'example_form.ajax.php' Cross-Site Scripting
by HauntIT
CVE-2012-3551 EXPLOITDB text VERIFIED
Dell Crowbar < 1.4 - Cross-Site Scripting via File Parameter
Cross-site scripting (XSS) vulnerability in crowbar_framework/app/views/support/index.html.haml in the Crowbar barclamp in Crowbar, possibly 1.4 and earlier, allows remote attackers to inject arbitrary web script or HTML via the file parameter to /utils.
by Matthias Weckbecker
EIP-2026-100631 EXPLOITDB text VERIFIED
XM Forum - 'search.asp' SQL Injection
by Crim3R
CVE-2012-3351 EXPLOITDB MEDIUM text VERIFIED
JW Player < 5.10.2295 - Cross-Site Scripting via Link or Logo Parameters
Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video JW Player through 5.10.2295 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) logo.link, or (3) aboutlink parameter, or a nested URI scheme name for (4) javascript, (5) asfunction, or (6) vbscript.
by MustLive
CVSS 6.1
EIP-2026-116553 EXPLOITDB text VERIFIED
Winlog Lite SCADA HMI system - Overwrite (SEH)
by Ciph3r
EIP-2026-113807 EXPLOITDB text VERIFIED
WordPress Plugin HD Webplayer 1.1 - SQL Injection
by JoinSe7en
CVE-2012-4234 EXPLOITDB text VERIFIED
Phorum < 5.2.19 - Cross-Site Scripting via Group Parameter
Cross-site scripting (XSS) vulnerability in the group moderation screen in the control center (control.php) in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via the group parameter.
by High-Tech Bridge
EIP-2026-106472 EXPLOITDB text VERIFIED
Disqus Blog Comments - Blind SQL Injection
by Spy_w4r3
EIP-2026-114057 EXPLOITDB text VERIFIED
WordPress Plugin Simple:Press Forum - Arbitrary File Upload
by Iranian Dark Coders
EIP-2026-113631 EXPLOITDB text VERIFIED
WordPress Plugin Cloudsafe365 - 'file' Remote File Disclosure
by Jan Van Niekerk
EIP-2026-109464 EXPLOITDB text
mieric AddressBook 1.0 - SQL Injection
by Jean Pascal Pereira
EIP-2026-106085 EXPLOITDB text
CommPort 1.01 - Multiple Vulnerabilities
by Jean Pascal Pereira
EIP-2026-101606 EXPLOITDB text
Conceptronic Grab'n'Go and Sitecom Storage Center - Password Disclosure
by Mattijs van Ommeren
CVE-2012-0217 EXPLOITDB text VERIFIED
FreeBSD Intel SYSRET Privilege Escalation
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.
by Shahriyar Jalayeri
EIP-2026-114494 EXPLOITDB text VERIFIED
XWiki 4.2-milestone-2 - Multiple Persistent Cross-Site Scripting Vulnerabilities
by Shai rod