Exploitdb Exploits

31,342 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-1586 EXPLOITDB text VERIFIED
Debian Cifs-utils - Information Disclosure
mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.
by Sha0
CVE-2012-1803 EXPLOITDB text
Siemens Ruggedcom Rugged Operating System - Cryptographic Issue
RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a factory account with a password derived from the MAC Address field in the banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) TELNET, (2) remote shell (aka rsh), or (3) serial-console session.
by jc
CVE-2012-0163 EXPLOITDB text
Microsoft .net Framework - Improper Input Validation
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability."
by Akita Software Security
EIP-2026-114986 EXPLOITDB text VERIFIED
BeyondCHM 1.1 - Buffer Overflow
by shinnai
CVE-2012-6516 EXPLOITDB text VERIFIED
Shawn Bradley Php Ticket System - SQL Injection
SQL injection vulnerability in PHP Ticket System Beta 1 allows remote attackers to execute arbitrary SQL commands via the q parameter to index.php.
by G13
EIP-2026-108577 EXPLOITDB text VERIFIED
Joomla! Component com_videogallery - Local File Inclusion / SQL Injection
by KedAns-Dz
CVE-2012-2441 EXPLOITDB text
RuggedCom ROS <3.3 - Info Disclosure
RuggedCom Rugged Operating System (ROS) before 3.3 has a factory account with a password derived from the MAC Address field in a banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) SSH or (2) HTTPS session, a different vulnerability than CVE-2012-1803.
by jc
EIP-2026-116344 EXPLOITDB text
SumatraPDF 2.0.1 - '.chm' / '.mobi' Memory Corruption
by shinnai
EIP-2026-115845 EXPLOITDB text VERIFIED
Mobipocket Reader 6.2 Build 608 - Buffer Overflow
by shinnai
CVE-2011-5099 EXPLOITDB text VERIFIED
Chillcreations Mod Ccnewsletter - SQL Injection
SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
by E1nzte1N
CVE-2012-5919 EXPLOITDB text
Havalite Cms < 1.0.4 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Havalite 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) find or (2) replace fields to havalite/findReplace.php; (3) username parameter to havalite/hava_login.php, (4) the Edit Article module, or (5) hava_post.php in the postAuthor module; (6) postId parameter to hava_post.php; (7) userId parameter to hava_user.php; or (8) linkId parameter to hava_link.php.
by Vulnerability-Lab
EIP-2026-106970 EXPLOITDB text VERIFIED
exponentcms 2.0.5 - Multiple Vulnerabilities
by Onur Yılmaz
CVE-2012-4334 EXPLOITDB text VERIFIED
STWConfigNVR 1.1.13.15 & STWConfig 1.1.14.13 - RCE
The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) STWConfig 1.1.14.13 ActiveX controls in Samsung NET-i viewer 1.37.120316 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information.
by Luigi Auriemma
CVE-2012-4333 EXPLOITDB text VERIFIED
Samsung Net-i Viewer - Memory Corruption
Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0 ActiveX controls in Samsung NET-i viewer 1.37.120316 allow remote attackers to execute arbitrary code via a long string in the fname parameter. NOTE: some of these details are obtained from third party information.
by Luigi Auriemma
CVE-2012-0551 EXPLOITDB text
Oracle Java SE <7u4 & <6u32 - Info Disclosure
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Container or Deployment.
by Roberto Suggi Liverani
CVE-2012-0550 EXPLOITDB text
Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1 - Info ...
Unspecified vulnerability in the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web Container.
by Roberto Suggi Liverani
CVE-2012-4335 EXPLOITDB text VERIFIED
Samsung Net-i Viewer - Memory Corruption
Samsung NET-i viewer 1.37.120316 allows remote attackers to cause a denial of service (infinite loop) via a negative size value in a TCP request to (1) NiwMasterService or (2) NiwStorageService. NOTE: some of these details are obtained from third party information.
by Luigi Auriemma
CVE-2012-4867 EXPLOITDB text VERIFIED
vtiger CRM <5.1.0 - Path Traversal
Directory traversal vulnerability in modules/com_vtiger_workflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the module_name parameter.
by Pi3rrot
EIP-2026-109396 EXPLOITDB text VERIFIED
Mega File Manager - File Download
by i2sec-Min Gi Jo
EIP-2026-103968 EXPLOITDB text
Liferay 6.0.x - WebDAV File Reading
by Jelmer Kuperus
EIP-2026-113185 EXPLOITDB text VERIFIED
Waylu CMS - '/products_xx.php' SQL Injection / HTML Injection
by TheCyberNuxbie
EIP-2026-110543 EXPLOITDB text VERIFIED
Pendulab ChatBlazer 8.5 - 'Username' Cross-Site Scripting
by sonyy
CVE-2012-1260 EXPLOITDB MEDIUM text VERIFIED
Plixer Scrutinizer Netflow & Sflow Analyzer < 9.0.1.19899 - XSS
Cross-site scripting (XSS) vulnerability in cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allows remote attackers to inject arbitrary web script or HTML via the newUser parameter. NOTE: this might not be a vulnerability, since an administrator might already have the privileges to create arbitrary script.
by Trustwave's SpiderLabs
CVSS 6.1
CVE-2012-1259 EXPLOITDB CRITICAL text VERIFIED
Plixer Scrutinizer Netflow & Sflow Analyzer - SQL Injection
Multiple SQL injection vulnerabilities in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allow remote attackers to execute arbitrary SQL commands via the (1) addip parameter to cgi-bin/scrut_fa_exclusions.cgi, (2) getPermissionsAndPreferences parameter to cgi-bin/login.cgi, or (3) possibly certain parameters to d4d/alarms.php as demonstrated by the search_str parameter.
by Trustwave's SpiderLabs
CVSS 9.8
CVE-2012-1258 EXPLOITDB MEDIUM text VERIFIED
Plixer Scrutinizer Netflow & Sflow Analyzer - Authentication Bypass
cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer before 9.0.1.19899 does not validate user permissions, which allow remote attackers to add user accounts with administrator privileges via the newuser, pwd, and selectedUserGroup parameters.
by Trustwave's SpiderLabs
CVSS 6.5
By Source
All 31,342 Writeup 60,263 Exploitdb 50,007 Nomisec 21,822 Metasploit 3,224 Github 2,602 Vulncheck_xdb 906 Inthewild 514 Gitlab 442 Gitee 415 Patchapalooza 312
By Language
text 31,342 python 5,978 ruby 5,913 c 3,569 perl 2,849 html 2,053 php 1,326 bash 460 java 362 c++ 250 javascript 215 shell 91 go 55 postscript 25 xml 24