Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2014-6420 EXPLOITDB MEDIUM text
Livefyre LiveComments 3.0 - Stored Cross-Site Scripting via Uploaded Picture Name
Cross-site scripting (XSS) vulnerability in Livefyre LiveComments 3.0 allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded picture.
by Brij Kishore Mishra
CVSS 6.1
CVE-2014-6030 EXPLOITDB text
ClassApps SelectSurvey.NET < 4.125.002 - SQL Injection via SurveyID Parameter
Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET before 4.125.002 allow (1) remote attackers to execute arbitrary SQL commands via the SurveyID parameter to survey/ReviewReadOnlySurvey.aspx or (2) remote authenticated users to execute arbitrary SQL commands via the SurveyID parameter to survey/UploadImagePopupToDb.aspx.
by BillV-Lists
CVE-2014-5460 EXPLOITDB python VERIFIED
Tribulant Slideshow Gallery < 1.4.7 - Authenticated Arbitrary File Upload
Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/.
by Claudio Viviani
EIP-2026-103963 EXPLOITDB text VERIFIED
Laravel - 'Hash::make()' Password Truncation Security
by Pichaya Morimoto
EIP-2026-102303 EXPLOITDB text
USB&WiFi Flash Drive 1.3 iOS - Code Execution
by Vulnerability-Lab
EIP-2026-102139 EXPLOITDB text
ZTE ZXDSL-931VII - Configuration Dump
by L0ukanik0-s S0kniaku0l
CVE-2014-6287 EXPLOITDB CRITICAL text VERIFIED
Rejetto HTTP File Server <2.3c - RCE
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.
by Daniele Linguaglossa
CVSS 9.8
EIP-2026-105068 EXPLOITDB python
ALCASAR 2.8.1 - Remote Code Execution
by eF
CVE-2014-5468 EXPLOITDB HIGH ruby VERIFIED
Railo < 4.2.1.000 - Remote File Inclusion via Thumbnail CFM Request
A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a specially-crafted URL request to the thumbnail.cfm to specify a malicious PNG file, which could let a remote malicious user obtain sensitive information or execute arbitrary code.
by Metasploit
CVSS 8.8
CVE-2014-6037 EXPLOITDB ruby VERIFIED
ManageEngine EventLog Analyzer 9.0/8.2 - Remote Code Execution via ZIP Traversal
Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with .. (dot dot) sequences in its name, then accessing the executable via a direct request to the file under the web root. Fixed in Build 11072.
by Metasploit
CVE-2014-4865 EXPLOITDB text
CacheGuard OS 5.7.7 - Cross-Site Request Forgery in Password Admin Interface
Cross-site request forgery (CSRF) vulnerability in gui/password-wadmin.apl in CacheGuard OS 5.7.7 allows remote attackers to hijack the authentication of arbitrary users.
by William Costa
EIP-2026-102349 EXPLOITDB ruby VERIFIED
SolarWinds Storage Manager - Authentication Bypass (Metasploit)
by Metasploit
EIP-2026-102219 EXPLOITDB text
Briefcase 4.0 iOS - Code Execution / File Inclusion
by Vulnerability-Lab
CVE-2014-6436 EXPLOITDB CRITICAL perl VERIFIED
Aztech DSL5018EN DSL705E DSL705EU - Unauthenticated Remote Command Execution via Session Bypass
Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login.
by Eric Fajardo
CVSS 9.8
CVE-2014-6437 EXPLOITDB CRITICAL c VERIFIED
Aztech DSL5018EN DSL705E DSL705EU - Unauthenticated Sensitive Information Exposure via ROM File
Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remote attackers to obtain sensitive device configuration information via vectors involving the ROM file.
by Eric Fajardo
CVSS 9.8
CVE-2014-6435 EXPLOITDB HIGH perl VERIFIED
Aztech ADSL DSL5018EN-DSL705EU - DoS
cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices does not check for authentication, which allows remote attackers to cause a denial of service (WAN connectivity reset) via a direct request.
by Federick Joe P Fajardo
CVSS 7.5
EIP-2026-114197 EXPLOITDB text VERIFIED
WordPress Plugin Wordfence Security - Multiple Vulnerabilities
by Voxel@Night
EIP-2026-118257 EXPLOITDB text
Ammyy Admin 3.5 - Remote Code Execution (Metasploit)
by scriptjunkie
EIP-2026-116984 EXPLOITDB text
Comodo Internet Security - HIPS/Sandbox Escape
by Joxean Koret
EIP-2026-108352 EXPLOITDB text
Joomla! Component com_formmaker 3.4 - SQL Injection
by Claudio Viviani
EIP-2026-107178 EXPLOITDB text VERIFIED
Food Order Portal - 'admin_user_delete.php' Cross-Site Request Forgery
by KnocKout
EIP-2026-110345 EXPLOITDB text
OroCRM - Persistent Cross-Site Scripting
by Provensec
EIP-2026-108868 EXPLOITDB python
Joomla! Component Spider Contacts 1.3.6 - 'contacts_id' SQL Injection
by Claudio Viviani
EIP-2026-102279 EXPLOITDB text
Photorange 1.0 iOS - Local File Inclusion
by Vulnerability-Lab
EIP-2026-102221 EXPLOITDB text
ChatSecure IM 2.2.4 iOS - Persistent Cross-Site Scripting
by Vulnerability-Lab