Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2014-9633 EXPLOITDB c
COMODO Backup <4.4.1.23 - Privilege Escalation
The bdisk.sys driver in COMODO Backup before 4.4.1.23 allows remote attackers to gain privileges via a crafted device handle, which triggers a NULL pointer dereference.
by Parvez Anwar
EIP-2026-110790 EXPLOITDB text
PHP Webquest 2.6 - SQL Injection
by jordan root
EIP-2026-109312 EXPLOITDB text
Mangallam CMS - SQL Injection
by Vulnerability-Lab
CVE-2015-1374 EXPLOITDB text VERIFIED
ferretCMS 1.0.4-alpha - Cross-Site Request Forgery in admin.php
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to hijack the authentication of administrators for requests that conduct (1) cross-site scripting (XSS), (2) SQL injection, or (3) unrestricted file upload attacks.
by Steffen Rösemann
CVE-2014-9226 EXPLOITDB text
Symantec SCSP <5.2.9, SDCS:SA <6.0 MP1 - Auth Bypass
The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors.
by SEC Consult
EIP-2026-104459 EXPLOITDB text
SWFupload 2.5.0 - Cross Frame Scripting (XFS)
by MindCracker
CVE-2015-1478 EXPLOITDB text
CMSJunkie J-ClassifiedsManager - Cross-Site Scripting via View Parameter
Cross-site scripting (XSS) vulnerability in the CMSJunkie J-ClassifiedsManager component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the view parameter to /classifieds.
by Sarath Nair
CVE-2015-1480 EXPLOITDB text
ZOHO ManageEngine ServiceDesk Plus <9.0 build 9031 - Info Disclosure
ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via a (1) getTicketData action to servlet/AJaxServlet or a direct request to (2) swf/flashreport.swf, (3) reports/flash/details.jsp, or (4) reports/CreateReportTable.jsp.
by Rewterz - Research Group
EIP-2026-102496 EXPLOITDB text
ManageEngine EventLog Analyzer 9.0 - Directory Traversal / Cross-Site Scripting
by Ertebat Gostar Co
EIP-2026-100752 EXPLOITDB text
Barracuda Networks Cloud Series - Filter Bypass
by Vulnerability-Lab
CVE-2014-0997 EXPLOITDB HIGH text VERIFIED
Android < 5.0.1 - Denial of Service via Crafted 802.11 Probe Response Frame
WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android releases before 5.0.1 and 5.0.2 does not properly handle exceptions, which allows remote attackers to cause a denial of service (reboot) via a crafted 802.11 probe response frame.
by Core Security
CVSS 7.5
CVE-2012-0261 EXPLOITDB ruby VERIFIED
op5 Monitor/Appliance <1.6.2/<5.5.3 - Command Injection
license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action.
by Metasploit
CVE-2015-1400 EXPLOITDB text
NPDS Revolution 13 - SQL Injection via Search Query Parameter
SQL injection vulnerability in search.php in NPDS Revolution 13 allows remote attackers to execute arbitrary SQL commands via the query parameter.
by Narendra Bhati
EIP-2026-115421 EXPLOITDB python
IceCream Ebook Reader 1.41 - Crash (PoC)
by Kapil Soni
CVE-2015-1362 EXPLOITDB ruby
Exif Pilot 4.7.2 - Buffer Overflow via Long Maker Element in XML File
Buffer overflow in the Customize 35mm tab in Two Pilots Exif Pilot 4.7.2 allows remote attackers to execute arbitrary code via a long string in the maker element in an XML file.
by Osanda Malith Jayathissa
CVE-2015-1476 EXPLOITDB text
xlinkerz ecommerceMajor - SQL Injection
Multiple SQL injection vulnerabilities in xlinkerz ecommerceMajor allow remote attackers to execute arbitrary SQL commands via the (1) productbycat parameter to product.php, or (2) username or (3) password parameter to __admin/index.php.
by Manish Tanwar
EIP-2026-102501 EXPLOITDB text
ManageEngine ServiceDesk Plus 9.0 - User Enumeration
by Muhammad Ahmed Siddiqui
CVE-2015-1479 EXPLOITDB text
ZOHO ManageEngine SDP <9.0.9031 - SQL Injection
SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via the site parameter.
by Muhammad Ahmed Siddiqui
EIP-2026-101200 EXPLOITDB text
Cisco Ironport Appliances - Privilege Escalation
by Glafkos Charalambous
EIP-2026-115110 EXPLOITDB text VERIFIED
Crystal Player 1.99 - Memory Corruption
by Kapil Soni
CVE-2015-1364 EXPLOITDB text
Free Reprintables ArticleFR <3.0.5 - SQL Injection
SQL injection vulnerability in the getProfile function in system/profile.functions.php in Free Reprintables ArticleFR 3.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter to register/.
by TranDinhTien
EIP-2026-105243 EXPLOITDB text
ArticleFR CMS 3.0.5 - Arbitrary File Upload
by TranDinhTien
CVE-2015-2055 EXPLOITDB python
Zhone GPON 2520 R4.0.2.566b - Denial of Service via Old Password Parameter
Zhone GPON 2520 with firmware R4.0.2.566b allows remote attackers to cause a denial of service via a long string in the oldpassword parameter.
by Kaczinski Ramirez
CVE-2015-1375 EXPLOITDB text
Pixabay Images <2.4 - Code Injection
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.
by Hans-Martin Muench
CVE-2015-1366 EXPLOITDB text
pixabay_images < 2.3 - Cross-Site Scripting via image_user Parameter
Cross-site scripting (XSS) vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the image_user parameter.
by Hans-Martin Muench