Exploitdb Exploits

50,123 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-4600 EXPLOITDB python
OTRS Help Desk <2.4.14-3.0.16-3.1.10 - XSS
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags.
CVE-2021-26855 EXPLOITDB CRITICAL python
Microsoft Exchange ProxyLogon RCE
Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS 9.1
CVE-2013-4882 EXPLOITDB
McAfee ePolicy Orchestrator <4.6.6 - SQL Injection
Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePolicy Orchestrator (ePO) extension for McAfee Agent (MA) 4.5 and 4.6, allow remote authenticated users to execute arbitrary SQL commands via the uid parameter to (1) core/showRegisteredTypeDetails.do and (2) EPOAGENTMETA/DisplayMSAPropsDetail.do, a different vulnerability than CVE-2013-0140.
CVE-2015-2862 EXPLOITDB
Kaseya Virtual System Administrator < 7.0.0.29 - Path Traversal
Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote authenticated users to read arbitrary files via a crafted HTTP request.
CVE-2017-11469 EXPLOITDB HIGH
IDERA Uptime Monitor 7.8 - Path Traversal
get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the file_name parameter.
CVSS 7.5
CVE-2017-11470 EXPLOITDB CRITICAL
IDERA Uptime Monitor 7.8 - SQL Injection
IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatifGadget/getxenmetrics.php via the element parameter.
CVSS 9.8
CVE-2012-2171 EXPLOITDB
IBM DS Storage Manager Host Software < 10.83 - SQL Injection
SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to the ModuleServlet URI.
CVE-2012-2202 EXPLOITDB python
IBM Lotus Protector For Mail Security - Path Traversal
Directory traversal vulnerability in javatester_init.php in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the template parameter.
CVE-2011-4835 EXPLOITDB
Homeseer Hs2 - Path Traversal
Directory traversal vulnerability in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to access arbitrary files via unspecified vectors.
CVE-2018-9021 EXPLOITDB CRITICAL python
Broadcom Privileged Access Manager - Improper Privilege Management
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests.
CVSS 9.8
CVE-2016-6598 EXPLOITDB CRITICAL
BMC Track-It! <11.4 - Code Injection
BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010. This service contains a method that allows uploading a file to an arbitrary path on the machine that is running Track-It!. This can be used to upload a file to the web root and achieve code execution as NETWORK SERVICE or SYSTEM.
CVSS 9.8
CVE-2014-4874 EXPLOITDB
BMC Track-It! 11.3.0.355 - Info Disclosure
BMC Track-It! 11.3.0.355 allows remote authenticated users to read arbitrary files by visiting the TrackItWeb/Attachment page.
CVE-2014-4873 EXPLOITDB
BMC Track-It! 11.3.0.355 - SQL Injection
SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It! 11.3.0.355 allows remote authenticated users to execute arbitrary SQL commands via crafted POST data.
CVE-2007-2987 EXPLOITDB html
Zenturi Programchecker - Memory Corruption
Multiple buffer overflows in certain ActiveX controls in sasatl.dll in Zenturi ProgramChecker allow remote attackers to execute arbitrary code via unspecified vectors, possibly involving the (1) DebugMsgLog or (2) DoFileProperties methods.
CVE-2008-0623 EXPLOITDB html
Yahoo Music Jukebox - Memory Corruption
Stack-based buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in Yahoo! Music Jukebox 2.2.2.056 allows remote attackers to execute arbitrary code via a long argument to the AddImage method.
CVE-2009-1523 EXPLOITDB
Mortbay Jetty < 6.1.16 - Path Traversal
Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.
CVE-1999-1529 EXPLOITDB
Trend Micro Interscan Viruswall - Buffer Overflow
A buffer overflow exists in the HELO command in Trend Micro Interscan VirusWall SMTP gateway 3.23/3.3 for NT, which may allow an attacker to execute arbitrary code.
CVE-1999-1529 EXPLOITDB perl
Trend Micro Interscan Viruswall - Buffer Overflow
A buffer overflow exists in the HELO command in Trend Micro Interscan VirusWall SMTP gateway 3.23/3.3 for NT, which may allow an attacker to execute arbitrary code.
CVE-1999-1082 EXPLOITDB
Jana Proxy Web Server 1.40 - Path Traversal
Directory traversal vulnerability in Jana proxy web server 1.40 allows remote attackers to ready arbitrary files via a "......" (modified dot dot) attack.
CVE-2009-4790 EXPLOITDB c
Sysax Multi Server 4.5 - Path Traversal
Multiple directory traversal vulnerabilities in Sysax Multi Server 4.5 allow remote authenticated users to read or modify arbitrary files via crafted FTP commands. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2012-3807 EXPLOITDB CRITICAL
Samsung Kies <2.5.0.12094 - Code Injection
Samsung Kies before 2.5.0.12094_27_11 has arbitrary file execution.
CVSS 9.8
CVE-2012-3808 EXPLOITDB HIGH
Samsung Kies <2.5.0.12094_27_11 - Code Injection
Samsung Kies before 2.5.0.12094_27_11 has arbitrary file modification.
CVSS 7.5
CVE-2012-3809 EXPLOITDB HIGH
Samsung Kies <2.5.0.12094 - Path Traversal
Samsung Kies before 2.5.0.12094_27_11 has arbitrary directory modification.
CVSS 7.5
CVE-2009-1376 EXPLOITDB
Pidgin < 2.5.5 - Numeric Error
Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.
CVE-2009-1978 EXPLOITDB shell
Oracle Secure Backup 10.2.0.3 - RCE
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the July 2009 Oracle CPU. Oracle has not commented on claims from an independent researcher that this vulnerability allows remote authenticated users to execute arbitrary code with SYSTEM privileges via vectors involving property_box.php.
By Source
All 50,123 Exploitdb 50,123 Writeup 46,583 Nomisec 21,106 Metasploit 3,189 Github 2,211 Vulncheck_xdb 900 Inthewild 518 Gitlab 438 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,723 c 3,550 perl 2,854 html 2,053 php 1,332 bash 459 java 359 javascript 256 c++ 245 shell 67 go 41 postscript 25 xml 24