Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-119429 EXPLOITDB text
Soitec SmartEnergy 1.4 - SCADA Login SQL Injection / Authentication Bypass
by LiquidWorm
EIP-2026-115604 EXPLOITDB python
Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite)
by s-dz
EIP-2026-115603 EXPLOITDB python
Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite)
by s-dz
EIP-2026-115475 EXPLOITDB python
jaangle 0.98i.977 - Denial of Service
by s-dz
CVE-2014-10021 EXPLOITDB python
WP Symposium 14.11 - Unauthenticated Arbitrary File Upload via UploadHandler.php
Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in server/php/.
by Claudio Viviani
EIP-2026-113689 EXPLOITDB python
WordPress Plugin Download Manager 2.7.4 - Remote Code Execution
by Claudio Viviani
EIP-2026-111741 EXPLOITDB text
ResourceSpace 6.4.5976 - Cross-Site Scripting / SQL Injection / Insecure Cookie Handling
by Adler Freiheit
EIP-2026-110919 EXPLOITDB php VERIFIED
PHPads 213607 - Authentication Bypass / Password Change
by Shaker msallm
CVE-2014-9258 EXPLOITDB text
GLPI < 0.85 - Authenticated SQL Injection via Dropdown Condition Parameter
SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter.
by Kacper Szurek
CVE-2014-8791 EXPLOITDB ruby VERIFIED
Tuleap < 7.7 - Authenticated PHP Object Injection via Project Registration Data Parameter
project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter.
by Metasploit
CVE-2014-9218 EXPLOITDB text
phpMyAdmin <4.0.10.7-4.2.13.1 - DoS
libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long password.
by Javer Nieto & Andres Rojas
EIP-2026-116545 EXPLOITDB python VERIFIED
Winamp 5.666 build 3516 - Corrupted .flv Crash (PoC)
by Drozdova Liudmila
EIP-2026-115484 EXPLOITDB python VERIFIED
JetAudio 8.1.3 - '.mp4' Crash (PoC)
by Drozdova Liudmila
CVE-2015-0107 EXPLOITDB MEDIUM text
IBM Maximo Asset Management 7.1-7.1.1.8, 7.5 < 7.5.0.7 IFIX003, 7.6 < 7.6.0.0 IFIX002 - Authenticated Path Traversal
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors.
by Jakub Palaczynski
CVSS 6.5
CVE-2014-5462 EXPLOITDB text VERIFIED
OpenEMR < 4.1.2 - Authenticated SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in OpenEMR 4.1.2 (Patch 7) and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) layout_id parameter to interface/super/edit_layout.php; (2) form_patient_id, (3) form_drug_name, or (4) form_lot_number parameter to interface/reports/prescriptions_report.php; (5) payment_id parameter to interface/billing/edit_payment.php; (6) id parameter to interface/forms_admin/forms_admin.php; (7) form_pid or (8) form_encounter parameter to interface/billing/sl_eob_search.php; (9) sortby parameter to interface/logview/logview.php; form_facility parameter to (10) procedure_stats.php, (11) pending_followup.php, or (12) pending_orders.php in interface/orders/; (13) patient, (14) encounterid, (15) formid, or (16) issue parameter to interface/patient_file/deleter.php; (17) search_term parameter to interface/patient_file/encounter/coding_popup.php; (18) text parameter to interface/patient_file/encounter/search_code.php; (19) form_addr1, (20) form_addr2, (21) form_attn, (22) form_country, (23) form_freeb_type, (24) form_partner, (25) form_name, (26) form_zip, (27) form_state, (28) form_city, or (29) form_cms_id parameter to interface/practice/ins_search.php; (30) form_pid parameter to interface/patient_file/problem_encounter.php; (31) patient, (32) form_provider, (33) form_apptstatus, or (34) form_facility parameter to interface/reports/appointments_report.php; (35) db_id parameter to interface/patient_file/summary/demographics_save.php; (36) p parameter to interface/fax/fax_dispatch_newpid.php; or (37) patient_id parameter to interface/patient_file/reminder/patient_reminders.php.
by Portcullis
CVE-2014-9528 EXPLOITDB text
HumHub <0.10.0-rc.1 - SQL Injection
SQL injection vulnerability in the actionIndex function in protected/modules_core/notification/controllers/ListController.php in HumHub 0.10.0-rc.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the from parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks via a request that causes an error.
by Jos Wetzels_ Emiel Florijn
EIP-2026-107680 EXPLOITDB text
Humhub 0.10.0-rc.1 - Multiple Persistent Cross-Site Scripting Vulnerabilities
by Jos Wetzels_ Emiel Florijn
EIP-2026-103062 EXPLOITDB python VERIFIED
Apache James Server 2.3.2 - Remote Command Execution
by Jakub Palaczynski
CVE-2014-8386 EXPLOITDB ruby
Advantech AdamView < 4.3 - Remote Code Execution via Crafted GNI File Parameters
Multiple stack-based buffer overflows in Advantech AdamView 4.3 and earlier allow remote attackers to execute arbitrary code via a crafted (1) display properties or (2) conditional bitmap parameter in a GNI file.
by Muhamad Fadzil Ramli
CVE-2014-8810 EXPLOITDB text
WP Symposium <14.11 - SQL Injection
SQL injection vulnerability in ajax/mail_functions.php in the WP Symposium plugin before 14.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tray parameter in a getMailMessage action.
by Kacper Szurek
EIP-2026-107122 EXPLOITDB perl
Flat Calendar 1.1 - HTML Injection
by ZoRLu Bugrahan
EIP-2026-113550 EXPLOITDB text
WordPress Plugin Ajax Store Locator 1.2 - Arbitrary File Download
by Claudio Viviani
EIP-2026-110511 EXPLOITDB text
PBBoard CMS - Persistent Cross-Site Scripting
by Manish Tanwar
EIP-2026-107731 EXPLOITDB text
IceHrm 7.1 - Multiple Vulnerabilities
by LiquidWorm
EIP-2026-107208 EXPLOITDB text VERIFIED
Free Article Submissions 1.0 - SQL Injection
by BarrabravaZ