Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-106001 EXPLOITDB text VERIFIED
CMS Touch - 'pages.php?Page_ID' SQL Injection
by indoushka
EIP-2026-106000 EXPLOITDB text VERIFIED
CMS Touch - 'news.php?News_ID' SQL Injection
by indoushka
EIP-2026-103641 EXPLOITDB text VERIFIED
Python - Interpreter Heap Memory Corruption (PoC)
by Debasish Mandal
EIP-2026-101904 EXPLOITDB text
OpenFiler 2.99.1 - Multiple Persistent Cross-Site Scripting Vulnerabilities
by Dolev Farhi
EIP-2026-101903 EXPLOITDB text
OpenFiler 2.99.1 - Arbitrary Code Execution
by Dolev Farhi
CVE-2014-1849 EXPLOITDB c VERIFIED
Foscam IP Camera Firmware - Predictable Credential Generation in DynDNS Feature
Foscam IP camera 11.37.2.49 and other versions, when using the Foscam DynDNS option, generates credentials based on predictable camera subdomain names, which allows remote attackers to spoof or hijack arbitrary cameras and conduct other attacks by modifying arbitrary camera records in the Foscam DNS server.
by Sergey Shekyan
CVE-2014-2934 EXPLOITDB text VERIFIED
Caldera 9.20 - SQL Injection via tr Parameter
Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to (1) costview2/jobs.php or (2) costview2/printers.php.
by Thomas Fischer
CVE-2014-2934 EXPLOITDB text VERIFIED
Caldera 9.20 - SQL Injection via tr Parameter
Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to (1) costview2/jobs.php or (2) costview2/printers.php.
by Thomas Fischer
CVE-2013-1300 EXPLOITDB ruby VERIFIED
Microsoft Windows - Privilege Escalation
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability."
by Metasploit
CVE-2014-0497 EXPLOITDB CRITICAL ruby VERIFIED
Adobe Flash Player Integer Underflow Remote Code Execution
Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.
by Metasploit
CVSS 9.8
EIP-2026-112580 EXPLOITDB text
TeamHelpdesk Customer Web Service (CWS) 8.3.5 & Technician Web Access (TWA) 8.3.5 - Remote User Credential Dump
by bhamb
EIP-2026-111494 EXPLOITDB text VERIFIED
PrestaShop - 'getSimilarManufacturer.php?id_manufacturer' SQL Injection
by indoushka
EIP-2026-103863 EXPLOITDB python VERIFIED
AssistMyTeam Team Helpdesk - Multiple Information Disclosure Vulnerabilities
by bhamb
CVE-2014-3206 EXPLOITDB CRITICAL text
Seagate BlackArmor NAS - Remote Code Execution via Session or Auth Name Parameter
Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php.
by Shayan S
CVSS 9.8
CVE-2014-3205 EXPLOITDB CRITICAL text
Seagate BlackArmor NAS 220 and 110 Firmware - Use of Hard-coded Credentials
backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '!~@##$$%FREDESWWSED' for a backdoor user.
by Shayan S
CVSS 9.8
EIP-2026-106239 EXPLOITDB text VERIFIED
Crime24 Stealer Panel 1.0 - Multiple Vulnerabilities
by Daisuke Dan
EIP-2026-104711 EXPLOITDB ruby VERIFIED
Alienvault Open Source SIEM (OSSIM) - SQL Injection / Remote Code Execution (Metasploit)
by Metasploit
CVE-2014-0113 EXPLOITDB ruby VERIFIED
Apache Struts 2.0.0-2.3.16.1 and struts2-core < 2.3.20 - Remote Code Execution via CookieInterceptor
CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.
by Metasploit
CVE-2014-3220 EXPLOITDB ruby
F5 BIG-IQ Cloud and Security 4.0.0-4.1.0 - Authenticated Arbitrary Password Change via User Name Parameter
F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page in mgmt/shared/authz/users/.
by Brandon Perry
EIP-2026-101862 EXPLOITDB text
Netgear DGN2200 1.0.0.29_1.7.29_HotS - Persistent Cross-Site Scripting
by Dolev Farhi
CVE-2014-9727 EXPLOITDB text
AVM Fritz!Box - Remote Command Execution via var:lang Parameter
AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm.
by 0x4148
CVE-2014-3792 EXPLOITDB html
Beetel 450TC2 Router Firmware TX6-0Q-005_retail - Cross-Site Request Forgery via Password Change
Cross-site request forgery (CSRF) vulnerability in Beetel 450TC2 Router with firmware TX6-0Q-005_retail allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the uiViewTools_Password and uiViewTools_PasswordConfirm parameters to Forms/tools_admin_1.
by shyamkumar somana
CVE-2013-5331 EXPLOITDB ruby VERIFIED
Adobe Flash Player <11.7.700.257, 11.8.x, 11.9.x - RCE
Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK & Compiler before 3.9.0.1380 allow remote attackers to execute arbitrary code via crafted .swf content that leverages an unspecified "type confusion," as exploited in the wild in December 2013.
by Metasploit
EIP-2026-109994 EXPLOITDB text
NULL NUKE CMS 2.2 - Multiple Vulnerabilities
by LiquidWorm
EIP-2026-102083 EXPLOITDB text
TRENDnet TEW-634GRU 1.00.23 - Multiple Vulnerabilities
by SirGod