Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2015-3898 EXPLOITDB MEDIUM text VERIFIED
Bonita BPM Portal <6.5.3 - Open Redirect
Multiple open redirect vulnerabilities in Bonita BPM Portal before 6.5.3 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirectUrl parameter to (1) bonita/login.jsp or (2) bonita/loginservice.
by High-Tech Bridge SA
CVSS 6.1
CVE-2015-3001 EXPLOITDB text
SysAid Help Desk <15.2 - Auth Bypass
SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.
by Pedro Ribeiro
EIP-2026-101755 EXPLOITDB python
GeoVision (GeoHttpServer) Webcams - Remote File Disclosure
by Viktor Minin
CVE-2015-2805 EXPLOITDB text
Alcatel-Lucent OmniSwitch Firmware < 6.4.5.r02 - Cross-Site Request Forgery via User Creation
Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request.
by RedTeam Pentesting
CVE-2015-4137 EXPLOITDB text VERIFIED
Milw0rm Clone Script 1.0 - SQL Injection via Related.php Program Parameter
SQL injection vulnerability in related.php in Milw0rm Clone Script 1.0 allows remote attackers to execute arbitrary SQL commands via the program parameter.
by Pancaker
EIP-2026-115676 EXPLOITDB html VERIFIED
Microsoft Internet Explorer 11 - Crash (PoC) (2)
by Pawel Wylecial
EIP-2026-114256 EXPLOITDB text
WordPress Plugin Wp-ImageZoom 1.1.0 - Multiple Vulnerabilities
by T3N38R15
EIP-2026-114222 EXPLOITDB text VERIFIED
WordPress Plugin WP Mobile Edition - Local File Inclusion
by Ali Khalil
EIP-2026-110490 EXPLOITDB text VERIFIED
Pasworld - 'detail.php' Blind SQL Injection
by Sebastian khan
EIP-2026-102062 EXPLOITDB text
TP-Link TD-W8950ND ADSL2+ - Remote DNS Change
by Todor Donev
EIP-2026-101650 EXPLOITDB text
D-Link DSL-526B ADSL2+ AU_2.01 - Remote DNS Change
by Todor Donev
EIP-2026-101648 EXPLOITDB text
D-Link DSL-2780B DLink_1.01.14 - Remote DNS Change
by Todor Donev
EIP-2026-101644 EXPLOITDB text
D-Link DSL-2730B AU_2.01 - Authentication Bypass DNS Change
by Todor Donev
EIP-2026-102313 EXPLOITDB text VERIFIED
WiFi HD 8.1 - Directory Traversal / Denial of Service
by Wh1t3Rh1n0 (Michael Allen)
EIP-2026-101576 EXPLOITDB text
Broadlight Residential Gateway DI3124 - Remote DNS Change
by Todor Donev
EIP-2026-116673 EXPLOITDB html VERIFIED
1 Click Extract Audio 2.3.6 - Activex Buffer Overflow
by metacom
EIP-2026-116672 EXPLOITDB html VERIFIED
1 Click Audio Converter 2.3.6 - Activex Local Buffer Overflow
by metacom
EIP-2026-113999 EXPLOITDB text VERIFIED
WordPress Plugin Really Simple Guest Post 1.0.6 - Local File Inclusion
by Kuroi'SH
CVE-2012-3577 EXPLOITDB php VERIFIED
Nmedia Member Conversation < 1.4 - Unauthenticated Arbitrary File Upload via doupload.php
Unrestricted file upload vulnerability in doupload.php in the Nmedia Member Conversation plugin before 1.4 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/user_uploads.
by Sammy FORGIT
CVE-2015-4153 EXPLOITDB text
zM Ajax Login & Register < 1.0.9 - Path Traversal via Template Parameter
Directory traversal vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to include and execute arbitrary php files via a relative path in the template parameter in a load_template action to wp-admin/admin-ajax.php.
by Panagiotis Vagenas
EIP-2026-117370 EXPLOITDB python VERIFIED
Jildi FTP Client 1.5.6 - Local Buffer Overflow (SEH)
by Zahid Adeel
CVE-2015-4465 EXPLOITDB text
Zanematthew ZM Ajax Login & Register < 1.0.9 - XSS
Cross-site scripting (XSS) vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by Panagiotis Vagenas
EIP-2026-103951 EXPLOITDB ruby
JDownloader 2 Beta - Directory Traversal
by PizzaHatHacker
EIP-2026-101117 EXPLOITDB text
ZTE AC 3633R USB Modem - Multiple Vulnerabilities
by Vishnu
EIP-2026-116529 EXPLOITDB text VERIFIED
WebDrive 12.2 (B4172) - Buffer Overflow (PoC)
by Vulnerability-Lab