Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2014-9179 EXPLOITDB text
WordPress SupportEzzy Ticket System 1.2.5 - XSS
Cross-site scripting (XSS) vulnerability in the SupportEzzy Ticket System plugin 1.2.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the "URL (optional)" field in a new ticket.
by Halil Dalabasmaz
CVE-2014-9312 EXPLOITDB HIGH text
Photo Gallery 1.2.5 - Info Disclosure
Unrestricted File Upload vulnerability in Photo Gallery 1.2.5.
by Kacper Szurek
CVSS 8.8
CVE-2014-8728 EXPLOITDB text
Subex ROC Fraud Mgmt <7.4 - SQL Injection
SQL injection vulnerability in the login page (login/login) in Subex ROC Fraud Management (aka Fraud Management System and FMS) 7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ranger_user[name] parameter.
by Anastasios Monachos
CVE-2014-8498 EXPLOITDB text
ManageEngine Password Manager Pro < 7.1 - Authenticated SQL Injection via BulkEditSearchResult.cc SEARCH_ALL Parameter
SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter.
by Pedro Ribeiro
CVE-2014-9004 EXPLOITDB text VERIFIED
vldPersonals < 2.7 - Cross-Site Scripting via Member Profile ID Parameter
Cross-site scripting (XSS) vulnerability in vldPersonals before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a member_profile action to index.php.
by Mr T
EIP-2026-115677 EXPLOITDB python VERIFIED
Microsoft Internet Explorer 11 - Denial of Service
by Behrooz Abbassi
CVE-2014-10013 EXPLOITDB text
Another WordPress Classifieds Plugin - SQL Injection via keywordphrase Parameter
SQL injection vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the keywordphrase parameter in a dosearch action.
by dill
CVE-2014-8607 EXPLOITDB text
XCloner 3.1.1 and 3.5.1 - Exposure of Sensitive Information via Command Line Arguments
The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! provides the MySQL username and password on the command line, which allows local users to obtain sensitive information via the ps command.
by Larry W. Cashdollar
CVE-2014-9005 EXPLOITDB text VERIFIED
vldPersonals <2.7.1 - SQL Injection
Multiple SQL injection vulnerabilities in vldPersonals before 2.7.1 allow remote attackers to execute arbitrary SQL commands via the (1) country, (2) gender1, or ((3) gender2 parameter in a search action to index.php.
by Mr T
EIP-2026-112001 EXPLOITDB text
Serenity Client Management Portal 1.0.1 - Multiple Vulnerabilities
by Halil Dalabasmaz
CVE-2014-8954 EXPLOITDB text VERIFIED
phpSound 1.0.5 - Stored Cross-Site Scripting via Playlist Title or Description
Multiple cross-site scripting (XSS) vulnerabilities in phpSound 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Description fields in a playlist or the (3) filter parameter in an explore action to index.php.
by Halil Dalabasmaz
CVE-2014-8596 EXPLOITDB text
php-fusion 7.02.07 - Authenticated SQL Injection via submit_id or status Parameter
Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to files/administration/submissions.php or (2) status parameter to files/administration/members.php.
by XLabs Security
CVE-2014-8499 EXPLOITDB text
ManageEngine Password Manager Pro < 7.1 - Authenticated SQL Injection via SEARCH_ALL Parameter
Multiple SQL injection vulnerabilities in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allow remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter to (1) SQLAdvancedALSearchResult.cc or (2) AdvancedSearchResult.cc.
by Pedro Ribeiro
CVE-2014-7868 EXPLOITDB text
ManageEngine OpManager 11.3-11.4, IT360 10.3-10.4, Social IT Plus 11.0 SQL Injection
Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) OPM_BVNAME parameter in a Delete operation to the APMBVHandler servlet or (2) query parameter in a compare operation to the DataComparisonServlet servlet.
by Pedro Ribeiro
CVE-2014-8516 EXPLOITDB CRITICAL ruby VERIFIED
Visual Mining NetCharts Server - Unrestricted File Upload and Remote Code Execution
Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.
by Metasploit
CVSS 9.8
EIP-2026-102138 EXPLOITDB text
ZTE ZXDSL 831CII - Insecure Direct Object Reference
by Paulos Yibelo
EIP-2026-101546 EXPLOITDB text
Barracuda - Multiple Unauthentication Logfile Downloads
by 4CKnowLedge
CVE-2014-7868 EXPLOITDB text
ManageEngine OpManager 11.3-11.4, IT360 10.3-10.4, Social IT Plus 11.0 SQL Injection
Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) OPM_BVNAME parameter in a Delete operation to the APMBVHandler servlet or (2) query parameter in a compare operation to the DataComparisonServlet servlet.
by Pedro Ribeiro
CVE-2014-125114 EXPLOITDB HIGH python VERIFIED
i-Ftp 2.20 - Stack-based Buffer Overflow via Schedule.xml Time Attribute
A stack-based buffer overflow vulnerability exists in i-Ftp version 2.20 due to improper handling of the Time attribute within Schedule.xml. By placing a specially crafted Schedule.xml file in the i-Ftp application directory, a remote attacker can trigger a buffer overflow during scheduled download parsing, potentially leading to arbitrary code execution or a crash.
by metacom
EIP-2026-119502 EXPLOITDB text
VMware Workstation 10.0.0.40273 - 'vmx86.sys' Arbitrary Kernel Read
by KoreLogic
EIP-2026-115414 EXPLOITDB python VERIFIED
i.Mage 1.11 - Local Crash (PoC)
by metacom
EIP-2026-115413 EXPLOITDB python VERIFIED
i.Hex 0.98 - Local Crash (PoC)
by metacom
CVE-2014-8998 EXPLOITDB ruby VERIFIED
X7 Chat <2.0.5.1 - Authenticated RCE
lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch.
by Metasploit
EIP-2026-102680 EXPLOITDB text
Minix 3.3.0 - Local Denial of Service (PoC)
by nitr0us
CVE-2014-3439 EXPLOITDB text
Symantec Endpoint Protection Manager <12.1 - RCE
ConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to write to arbitrary files via unspecified vectors.
by SEC Consult