Exploitdb Exploits

50,121 exploits tracked across all sources.

Sort: Activity Stars
CVE-2021-25157 EXPLOITDB MEDIUM python
Aruba Instant <8.7.1.0 - Info Disclosure
A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
CVSS 4.9
CVE-2021-25158 EXPLOITDB MEDIUM python
Aruba Instant <8.5.0.11 - Info Disclosure
A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
CVSS 5.9
CVE-2021-25159 EXPLOITDB MEDIUM python
Aruba Instant <8.3.0.14-8.7.1.1 - RCE
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
CVSS 6.5
CVE-2021-25160 EXPLOITDB MEDIUM python
Aruba Instant <8.3.0.14-8.7.1.1 - RCE
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
CVSS 4.9
CVE-2021-25161 EXPLOITDB MEDIUM python
Arubanetworks Instant < 6.4.4.8-4.2.4.18 - XSS
A remote cross-site scripting (xss) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
CVSS 6.1
CVE-2005-0435 EXPLOITDB perl
AWStats 6.3-6.4 - Info Disclosure
awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog.
CVE-2009-4146 EXPLOITDB
FreeBSD 7.1-8.0 - Privilege Escalation
The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1, 7.2, and 8.0 does not clear the LD_PRELOAD environment variable, which allows local users to gain privileges by executing a setuid or setguid program with a modified LD_PRELOAD variable containing an untrusted search path that points to a Trojan horse library, a different vector than CVE-2009-4147.
CVE-2002-2087 EXPLOITDB c
Borland Software Interbase - Buffer Overflow
Buffer overflow in Borland InterBase 6.0 allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_drop, (2) gds_lock_mgr, or (3) gds_inet_server.
CVE-1999-0032 EXPLOITDB c
SGI Irix - Buffer Overflow
Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option.
CVE-2022-47075 EXPLOITDB HIGH python
Smart Office Web <20.28 - Info Disclosure
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx.
CVSS 7.5
CVE-2012-1921 EXPLOITDB
Sitecom Wlm-2501 - CSRF
Cross-site request forgery (CSRF) vulnerability in goform/admin/formWlEncrypt in Sitecom WLM-2501 allows remote attackers to hijack the authentication of administrators for requests that change the router passphrase via the pskValue parameter.
CVE-2006-5954 EXPLOITDB
Netvios < 2.0 - SQL Injection
SQL injection vulnerability in page.asp in NetVIOS 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the NewsID parameter.
CVE-2008-6376 EXPLOITDB
Nexusjnr Jbook - SQL Injection
SQL injection vulnerability in main.asp in Jbook allows remote attackers to execute arbitrary SQL commands via the password (pass parameter).
CVE-2012-2589 EXPLOITDB javascript
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4344. Reason: This candidate is a duplicate of CVE-2012-4344. Notes: All CVE users should reference CVE-2012-4344 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
CVE-2006-2696 EXPLOITDB
Easy-content Forums - XSS
Cross-site scripting (XSS) vulnerabilities in Easy-Content Forums 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) startletter parameter in userview.asp and the (2) catid parameter in topics.asp.
CVE-2009-0427 EXPLOITDB
DMXReady Member Directory Manager <1.1 - SQL Injection
SQL injection vulnerability in CategoryManager/upload_image_category.asp in DMXReady Member Directory Manager 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2008-0738 EXPLOITDB
Shoppingtree Candypress Store < 4.1 - SQL Injection
Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and earlier 4.1.x versions, allow remote attackers to execute arbitrary SQL commands via the (1) idcust parameter to (a) ajax_getTiers.asp and (b) ajax_getCust.asp in ajax/, and the (2) tableName parameter to (c) ajax/ajax_tableFields.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-2687 EXPLOITDB
Site2Nite Boat Classifieds - SQL Injection
SQL injection vulnerability in printdetail.asp in Site2Nite Boat Classifieds allows remote attackers to execute arbitrary SQL commands via the Id parameter.
CVE-2006-2793 EXPLOITDB
Aspsitem < 2.0 - SQL Injection
SQL injection vulnerability in Anket.asp in ASPSitem 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter.
CVE-2008-2688 EXPLOITDB
Pilotcart Pilot Cart - SQL Injection
SQL injection vulnerability in pilot.asp in ASPilot Pilot Cart 7.3 allows remote attackers to execute arbitrary SQL commands via the article parameter in a kb action.
CVE-2006-6807 EXPLOITDB
Softwebs Nepal Ananda Real Estate <3.4 - SQL Injection
SQL injection vulnerability in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the agent parameter.
CVE-2008-5632 EXPLOITDB
Active Time Billing 3.2 - SQL Injection
SQL injection vulnerability in Account.asp in Active Time Billing 3.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
CVE-2010-1759 EXPLOITDB html
Apple Safari < 4.0.5 - Resource Management Error
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Node.normalize method.
CVE-2013-4710 EXPLOITDB ruby
Android <4.1.x - RCE
Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636.
CVE-2012-2995 EXPLOITDB
Trend Micro InterScan Messaging Security Suite 7.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allow remote attackers to inject arbitrary web script or HTML via (1) the wrsApprovedURL parameter to addRuleAttrWrsApproveUrl.imss or (2) the src parameter to initUpdSchPage.imss.
By Source
All 50,121 Exploitdb 50,121 Writeup 46,733 Nomisec 21,197 Metasploit 3,189 Github 2,248 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,738 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 260 c++ 247 shell 68 go 41 postscript 25 xml 24