Exploitdb Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-108487 EXPLOITDB text VERIFIED
Joomla! Component com_ponygallery - SQL Injection
by xDarkSton3x
EIP-2026-104329 EXPLOITDB text
ManageEngine Support Center Plus 7903 - Multiple Vulnerabilities
by xistence
CVE-2012-0278 EXPLOITDB text VERIFIED
IrfanView <4.3.4.0 - Buffer Overflow
Heap-based buffer overflow in the FlashPix PlugIn before 4.3.4.0 for IrfanView might allow remote attackers to execute arbitrary code via a .fpx file containing a crafted FlashPix image that is not properly handled during decompression.
by Francis Provencher
EIP-2026-112938 EXPLOITDB text
Ushahidi 2.2 - Multiple Vulnerabilities
by shpendk
CVE-2012-2226 EXPLOITDB CRITICAL text
Invision Power Board < 3.3.1 - Unauthenticated Arbitrary File Upload
Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file.
by waraxe
CVSS 9.8
CVE-2012-2104 EXPLOITDB text VERIFIED
Munin 2.x - Remote Code Execution via Terminal Emulator Escape Sequence Injection
cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request.
by Helmut Grohne
CVE-2012-2276 EXPLOITDB text VERIFIED
EMC Documentum Information Rights Management - Denial of Service via Invalid FIPS Fields or Version Number
The IRM Server in EMC Documentum Information Rights Management 4.x before 4.7.0100 and 5.x before 5.0.1030 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via input data that (1) lacks FIPS fields or (2) has an invalid version number.
by Luigi Auriemma
EIP-2026-112338 EXPLOITDB text VERIFIED
SoftwareDEP Classified Script 2.5 - SQL Injection (2)
by hordcode security
CVE-2012-2277 EXPLOITDB text VERIFIED
EMC Documentum Information Rights Management 4.x-5.x - Denial of Service via Newline in Batch Begin Untethered Command
The IRM Server in EMC Documentum Information Rights Management 4.x before 4.7.0100 and 5.x before 5.0.1030 allows remote attackers to cause a denial of service (pvcontrol.exe process hang) via \n (line feed) characters in the Id fields of many "batch begin untethered" commands.
by Luigi Auriemma
CVE-2012-1835 EXPLOITDB text VERIFIED
All-in-One Event Calendar 1.4-1.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php.
by High-Tech Bridge SA
CVE-2012-1835 EXPLOITDB text VERIFIED
All-in-One Event Calendar 1.4-1.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php.
by High-Tech Bridge SA
CVE-2012-1835 EXPLOITDB text VERIFIED
All-in-One Event Calendar 1.4-1.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php.
by High-Tech Bridge SA
CVE-2012-1835 EXPLOITDB text VERIFIED
All-in-One Event Calendar 1.4-1.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php.
by High-Tech Bridge SA
EIP-2026-109347 EXPLOITDB text VERIFIED
Matterdaddy Market 1.1 - 'cat_name' Multiple SQL Injections
by Chokri B.A
CVE-2011-4571 EXPLOITDB text VERIFIED
Estate Agent (com_estateagent) - SQL Injection via id Parameter
SQL injection vulnerability in the Estate Agent (com_estateagent) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showEO action to index.php.
by xDarkSton3x
EIP-2026-108277 EXPLOITDB text
Joomla! Component com_bearleague - SQL Injection
by xDarkSton3x
CVE-2012-10059 EXPLOITDB CRITICAL text VERIFIED
Dolibarr ERP/CRM <= 3.1.1-3.2.0 - Command Injection
Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. The export.php script fails to sanitize the sql_compat parameter, allowing authenticated users to inject arbitrary system commands, resulting in remote code execution on the server.
by Nahuel Grisolia
EIP-2026-105856 EXPLOITDB text VERIFIED
CitrusDB 2.4.1 - Local File Inclusion / SQL Injection
by wacky
EIP-2026-118431 EXPLOITDB text VERIFIED
Distinct TFTP Server 3.01 - Directory Traversal
by modpr0be
EIP-2026-115013 EXPLOITDB text VERIFIED
BulletProof FTP Client 2010 - Buffer Overflow (PoC)
by Vulnerability-Lab
EIP-2026-114902 EXPLOITDB text VERIFIED
AnvSoft Any Video Converter 4.3.6 - Multiple Buffer Overflows
by Vulnerability-Lab
CVE-2012-4325 EXPLOITDB text VERIFIED
Utopia News Pro < 1.4.0 - Cross-Site Request Forgery via upload/users.php
Cross-site request forgery (CSRF) vulnerability in upload/users.php in Utopia News Pro (UNP) 1.4.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts.
by Dr.NaNo
CVE-2012-4746 EXPLOITDB text
ZTE ZXDSL 831IIV7.5.0a_Z29_OV - CSRF
Cross-site request forgery (CSRF) vulnerability in accessaccount.cgi in ZTE ZXDSL 831IIV7.5.0a_Z29_OV allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter.
by Nuevo Asesino
EIP-2026-114151 EXPLOITDB text VERIFIED
WordPress Plugin Uploadify Integration 0.9.6 - Multiple Cross-Site Scripting Vulnerabilities
by waraxe
CVE-2012-6522 EXPLOITDB text VERIFIED
w-cms 2.01 - Path Traversal via p Parameter
Directory traversal vulnerability in the getContent function in codes/wcms.php in w-CMS 2.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. NOTE: some of these details are obtained from third party information.
by Black-ID