Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2014-5006 EXPLOITDB ruby VERIFIED
ManageEngine Desktop Central < 9.0 - Remote Code Execution via File Upload Path Traversal
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter to mdm/mdmLogUploader.
by Metasploit
CVE-2014-5005 EXPLOITDB ruby VERIFIED
ManageEngine Desktop Central < 9.0 - Remote Code Execution via File Upload Path Traversal
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter in an LFU action to statusUpdate.
by Metasploit
EIP-2026-114237 EXPLOITDB text VERIFIED
WordPress Plugin WP Support Plus Responsive Ticket System 2.0 - Multiple Vulnerabilities
by Fikri Fadzil
EIP-2026-110476 EXPLOITDB text
Parallels Plesk Sitebuilder 9.5 - Multiple Vulnerabilities
by alieye
EIP-2026-103058 EXPLOITDB python
ALCASAR 2.8 - Remote Code Execution
by eF
EIP-2026-100005 EXPLOITDB text
PHP Stock Management System 1.02 - Multiple Vulnerabilities
by jsass
CVE-2014-2008 EXPLOITDB text
mpay24 < 1.6 - SQL Injection via TID Parameter
SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter.
by Wireghoul
EIP-2026-114598 EXPLOITDB text
Zen Cart 1.5.3 - Multiple Vulnerabilities
by smash
EIP-2026-114359 EXPLOITDB text VERIFIED
WordPress Theme Urban City - 'download.php' Arbitrary File Download
by Ashiyane Digital Security Team
EIP-2026-114325 EXPLOITDB text VERIFIED
WordPress Theme Epic - 'download.php' Arbitrary File Download
by Ashiyane Digital Security Team
EIP-2026-114308 EXPLOITDB text VERIFIED
WordPress Theme Authentic - 'download.php' Arbitrary File Download
by Ashiyane Digital Security Team
EIP-2026-114305 EXPLOITDB text VERIFIED
WordPress Theme Antioch - 'download.php' Arbitrary File Download
by Ashiyane Digital Security Team
EIP-2026-114302 EXPLOITDB text
WordPress Theme Acento - 'view-pdf.php?File' Arbitrary File Download
by alieye
EIP-2026-114283 EXPLOITDB text VERIFIED
WordPress Plugin Xhanch My Twitter - Cross-Site Request Forgery
by Voxel@Night
EIP-2026-114244 EXPLOITDB html VERIFIED
WordPress Plugin WP to Twitter - Authentication Bypass
by Voxel@Night
EIP-2026-114180 EXPLOITDB text VERIFIED
WordPress Plugin W3 Total Cache - 'admin.php' Cross-Site Request Forgery
by Voxel@Night
EIP-2026-113929 EXPLOITDB html VERIFIED
WordPress Plugin Ninja Forms 2.7.7 - Authentication Bypass
by Voxel@Night
EIP-2026-113612 EXPLOITDB text
WordPress Plugin Bulk Delete Users by Email 1.0 - Cross-Site Request Forgery
by Fikri Fadzil
EIP-2026-113008 EXPLOITDB text
vBulletin 5.1.x - Persistent Cross-Site Scripting
by smash
CVE-2014-6050 EXPLOITDB MEDIUM text
phpmyfaq < 2.8.13 - CAPTCHA Bypass via Request Replay
phpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA protection mechanism by replaying the request.
by smash
CVSS 5.3
EIP-2026-110373 EXPLOITDB text VERIFIED
osCommerce 2.3.4 - Multiple Vulnerabilities
by smash
CVE-2014-2009 EXPLOITDB text
mpay24 < 1.5.1 - Unauthenticated Sensitive Information Exposure via Direct Request to API Log
The mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to obtain credentials, the installation path, and other sensitive information via a direct request to api/curllog.log.
by Wireghoul
EIP-2026-108864 EXPLOITDB python
Joomla! Component Spider Calendar 3.2.6 - SQL Injection
by Claudio Viviani
EIP-2026-105277 EXPLOITDB text VERIFIED
Atmail Webmail 7.2 - Multiple Vulnerabilities
by smash
EIP-2026-104291 EXPLOITDB text
Jenkins 1.578 - Multiple Vulnerabilities
by JoeV