Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-113669 EXPLOITDB text VERIFIED
WordPress Plugin cp-multi-view-calendar 1.1.4 - SQL Injection
by i0akiN SEC-LABORATORY
CVE-2015-2208 EXPLOITDB text
phpMoAdmin 1.1.2 - Remote Code Execution via Object Parameter
The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the object parameter.
by @u0x
EIP-2026-101965 EXPLOITDB text
Sagem F@st 3304-V2 - Local File Inclusion
by Loudiyi Mohamed
EIP-2026-113617 EXPLOITDB text
WordPress Plugin Calculated Fields Form 1.0.10 - SQL Injection
by Ibrahim Raafat
CVE-2014-9463 EXPLOITDB HIGH text VERIFIED
vbseo - Authenticated Remote Code Execution via HTTP Referer Header
functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php.
by Net.Edit0r
CVSS 8.8
CVE-2014-8687 EXPLOITDB CRITICAL python VERIFIED
Seagate Business NAS <2015.00322 - RCE
Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session tokens.
by OJ Reeves
CVSS 9.8
EIP-2026-117590 EXPLOITDB python VERIFIED
Microsoft Word 2007 - RTF Object Confusion (ASLR + DEP Bypass)
by R-73eN
EIP-2026-107447 EXPLOITDB python
GoAutoDial CE 2.0 - Arbitrary File Upload
by R-73eN
CVE-2015-1497 EXPLOITDB ruby
Persistent Systems Radia Client Automation <9.1 - RCE
radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitrary commands via a crafted request to TCP port 3465.
by Ben Turner
EIP-2026-118037 EXPLOITDB text
Ubisoft Uplay 5.0 - Insecure File Permissions Privilege Escalation
by LiquidWorm
EIP-2026-117125 EXPLOITDB text
Electronic Arts Origin Client 9.5.5 - Multiple Privilege Escalation Vulnerabilities
by LiquidWorm
CVE-2015-1187 EXPLOITDB CRITICAL ruby VERIFIED
D-Link Routers - Remote Code Execution via ping.ccp
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.
by Metasploit
CVSS 9.8
CVE-2015-5895 EXPLOITDB text
SQLite < 3.8.10.1 - Multiple Unspecified Vulnerabilities
Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors.
by Andras Kabai
EIP-2026-103029 EXPLOITDB python VERIFIED
VFU 4.10-1.1 - Move Entry Buffer Overflow
by Bas van den Berg
CVE-2015-1497 EXPLOITDB ruby VERIFIED
Persistent Systems Radia Client Automation <9.1 - RCE
radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitrary commands via a crafted request to TCP port 3465.
by Metasploit
CVE-2015-2183 EXPLOITDB text
ZeusCart 4 - Authenticated SQL Injection via Admin Backend Parameters
Multiple SQL injection vulnerabilities in the administrative backend in ZeusCart 4 allow remote administrators to execute arbitrary SQL commands via the id parameter in a (1) disporders detail or (2) subadminmgt edit action or (3) cid parameter in an editcurrency action to admin/.
by Steffen Rösemann
CVE-2015-2182 EXPLOITDB text
ZeusCart 4 - Cross-Site Scripting via schltr or brand Parameter
Multiple cross-site scripting (XSS) vulnerabilities in ZeusCart 4 allow remote attackers to inject arbitrary web script or HTML via the (1) schltr parameter in a brands action or (2) brand parameter in a viewbrands action to index.php. NOTE: The search parameter vector is already covered by CVE-2010-5322.
by Steffen Rösemann
CVE-2010-5322 EXPLOITDB text
ZeusCart < 4.0 - Cross-Site Scripting via Search Parameter
Cross-site scripting (XSS) vulnerability in ZeusCart 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action to index.php.
by Steffen Rösemann
CVE-2015-2184 EXPLOITDB text
ZeusCart 4 - Exposure of Sensitive Information via phpinfo Function
ZeusCart 4 allows remote attackers to obtain configuration information via a getphpinfo action to admin/, which calls the phpinfo function.
by Steffen Rösemann
CVE-2013-5572 EXPLOITDB ruby
Zabbix 2.0.5 - Authenticated LDAP Bind Password Exposure via HTML Source Code
Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldap_bind_password value in the HTML source code.
by Pablo González
CVE-2015-2084 EXPLOITDB text
Easy Social Icons < 1.2.2 - Cross-Site Request Forgery via Image File Parameter
Cross-site request forgery (CSRF) vulnerability in the Easy Social Icons plugin before 1.2.3 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the image_file parameter in an edit action in the cnss_social_icon_add page to wp-admin/admin.php.
by Eric Flokstra
EIP-2026-113302 EXPLOITDB php
WeBid 1.1.1 - Unrestricted Arbitrary File Upload
by CWH Underground
CVE-2015-2147 EXPLOITDB CRITICAL text
Phpbugtracker < 1.6.0 - SQL Injection
Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters.
by Steffen Rösemann
CVSS 9.8
CVE-2015-2102 EXPLOITDB text
ClipBucket 2.7 RC3 (2.7.0.4.v2929-rc3) - SQL Injection via Item Parameter
SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 (2.7.0.4.v2929-rc3) allows remote attackers to execute arbitrary SQL commands via the item parameter.
by CWH Underground
CVE-2015-2198 EXPLOITDB text
Beehive Forum 1.4.4 - Cross-Site Scripting via Edit Preferences Parameters
Multiple cross-site scripting (XSS) vulnerabilities in edit_prefs.php in Beehive Forum 1.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) homepage_url, (2) pic_url, or (3) avatar_url parameter, which are not properly handled in an error message.
by Halil Dalabasmaz