Exploitdb Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-10051 EXPLOITDB HIGH text VERIFIED
Photodex ProShow Producer <5.0.3256 - Buffer Overflow
Photodex ProShow Producer version 5.0.3256 contains a stack-based buffer overflow vulnerability in the handling of plugin load list files. When a specially crafted load file is placed in the installation directory, the application fails to properly validate its contents, leading to a buffer overflow when the file is parsed during startup. Exploitation requires local access to place the file and user interaction to launch the application.
by Julien Ahrens
EIP-2026-113677 EXPLOITDB text VERIFIED
WordPress Plugin custom tables - 'key' Cross-Site Scripting
by Sammy FORGIT
EIP-2026-111143 EXPLOITDB text VERIFIED
phpMyBackupPro 2.2 - Local File Inclusion
by dun
EIP-2026-110724 EXPLOITDB text VERIFIED
PHP MBB - Cross-Site Scripting / SQL Injection
by TheCyberNuxbie
EIP-2026-107465 EXPLOITDB text
gpEasy CMS Minishop 1.5 Plugin - Persistent Cross-Site Scripting
by Carlos Mario Penagos Hollmann
EIP-2026-105954 EXPLOITDB text
CLscript Classified Script 3.0 - SQL Injection
by Daniel Godoy
EIP-2026-103635 EXPLOITDB text VERIFIED
plow - '.plowrc' File Buffer Overflow
by Jean Pascal Pereira
CVE-2012-2738 EXPLOITDB text VERIFIED
VteTerminal < 0.32.2 - Authenticated Denial of Service via Escape Sequence with Large Repeat Count
The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value.
by Kevin Fenzi
EIP-2026-119404 EXPLOITDB text VERIFIED
Microsoft IIS - Short File/Folder Name Disclosure
by Soroush Dalili
EIP-2026-113581 EXPLOITDB text VERIFIED
WordPress Plugin Backup 2.0.1 - Information Disclosure
by Stephan Knauss
EIP-2026-102963 EXPLOITDB text VERIFIED
python-wrapper - Untrusted Search Path/Code Execution
by ShadowHatesYou
EIP-2026-100689 EXPLOITDB text
BSD - 'TelnetD' Remote Command Execution (2)
by kingcope
CVE-2012-3585 EXPLOITDB text
IrfanView PlugIns < 4.33 - Remote Code Execution via Crafted JLS File
Heap-based buffer overflow in jpeg_ls.dll in the Jpeg_LS (aka JLS) plugin in the formats plugins in IrfanView PlugIns before 4.34 allows remote attackers to execute arbitrary code via a crafted JLS file.
by Joseph Sheridan
EIP-2026-113946 EXPLOITDB text
WordPress Plugin Paid Business Listings 1.0.2 - Blind SQL Injection
by Chris Kellum
CVE-2012-3236 EXPLOITDB text
GIMP < 2.9.2 - Denial of Service via Malformed FITS File XTENSION Header
fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string.
by Joseph Sheridan
CVE-2012-5972 EXPLOITDB text VERIFIED
SpecView < 2.5 Build 853 - Path Traversal via URI
Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI.
by Luigi Auriemma
EIP-2026-116090 EXPLOITDB text VERIFIED
PowerNet Twin Client 8.9 - 'RFSync 1.0.0.1' Crash (PoC)
by Luigi Auriemma
EIP-2026-111131 EXPLOITDB text VERIFIED
phpmoneybooks 1.03 - Persistent Cross-Site Scripting
by chap0
EIP-2026-109166 EXPLOITDB text VERIFIED
LIOOSYS CMS - SQL Injection / Information Disclosure
by MustLive
CVE-2012-3414 EXPLOITDB text VERIFIED
SWFUpload < 2.2.0.1 - Cross-Site Scripting via movieName Parameter
Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function.
by Nathan Partlan
EIP-2026-113271 EXPLOITDB text VERIFIED
webERP 4.08.1 - Local/Remote File Inclusion
by dun
EIP-2026-102537 EXPLOITDB text VERIFIED
TEMENOS T24 - Multiple Cross-Site Scripting Vulnerabilities
by Rehan Ahmed
EIP-2026-101849 EXPLOITDB text VERIFIED
Mobile USB Drive HD - Multiple Local File Inclusion / Arbitrary File Upload Vulnerabilities
by Benjamin Kunz Mejri
CVE-2012-4357 EXPLOITDB text VERIFIED
Winlog Pro < 2.07.17 - Remote Code Execution via Invalid File-Pointer Index
Array index error in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 might allow remote attackers to execute arbitrary code by referencing, within a port-46824 TCP packet, an invalid file-pointer index that leads to execution of an EnterCriticalSection code block.
by Luigi Auriemma
CVE-2012-3363 EXPLOITDB CRITICAL text
Zend Framework 1.x < 1.11.12 and 1.12.x < 1.12.0 - XML External Entity Injection via XML-RPC Request
Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack.
by SEC Consult
CVSS 9.1