Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-114337 EXPLOITDB text VERIFIED
WordPress Theme LineNity 1.20 - Local File Inclusion
by felipe andrian
CVE-2014-2995 EXPLOITDB text
twitget < 3.3.1 - Authenticated Cross-Site Scripting via twitget_consumer_key Parameter
Multiple cross-site scripting (XSS) vulnerabilities in twitget.php in the Twitget plugin before 3.3.3 for WordPress allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors, as demonstrated by the twitget_consumer_key parameter to wp-admin/options-general.php.
by Tom Adams
CVE-2014-2598 EXPLOITDB text
WordPress Quick Page/Post Redirect <5.0.5 - CSRF
Cross-site request forgery (CSRF) vulnerability in the Quick Page/Post Redirect plugin before 5.0.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the quickppr_redirects[request][] parameter in the redirect-updates page to wp-admin/admin.php.
by Tom Adams
EIP-2026-108094 EXPLOITDB text VERIFIED
Jigowatt PHP Event Calendar - 'day_view.php' SQL Injection
by Daniel Godoy
EIP-2026-103722 EXPLOITDB python
WhatsApp < 2.11.7 - Remote Crash
by Jaime Sánchez
CVE-2014-0358 EXPLOITDB text VERIFIED
Xangati XSR <11 - Xangati XNR <7 - Path Traversal
Multiple directory traversal vulnerabilities in Xangati XSR before 11 and XNR before 7 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the file parameter in a getUpgradeStatus action to servlet/MGConfigData, (2) the download parameter in a download action to servlet/MGConfigData, (3) the download parameter in a port_svc action to servlet/MGConfigData, (4) the file parameter in a getfile action to servlet/Installer, or (5) the binfile parameter to servlet/MGConfigData.
by Jan Kadijk
CVE-2014-0358 EXPLOITDB text VERIFIED
Xangati XSR <11 - Xangati XNR <7 - Path Traversal
Multiple directory traversal vulnerabilities in Xangati XSR before 11 and XNR before 7 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the file parameter in a getUpgradeStatus action to servlet/MGConfigData, (2) the download parameter in a download action to servlet/MGConfigData, (3) the download parameter in a port_svc action to servlet/MGConfigData, (4) the file parameter in a getfile action to servlet/Installer, or (5) the binfile parameter to servlet/MGConfigData.
by Jan Kadijk
EIP-2026-102268 EXPLOITDB text
PDF Album 1.7 iOS - Local File Inclusion
by Vulnerability-Lab
EIP-2026-101966 EXPLOITDB text
Sagem Fast 3304-V2 - Authentication Bypass (1)
by Yassin Aboukir
CVE-2014-0358 EXPLOITDB text VERIFIED
Xangati XSR <11 - Xangati XNR <7 - Path Traversal
Multiple directory traversal vulnerabilities in Xangati XSR before 11 and XNR before 7 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the file parameter in a getUpgradeStatus action to servlet/MGConfigData, (2) the download parameter in a download action to servlet/MGConfigData, (3) the download parameter in a port_svc action to servlet/MGConfigData, (4) the file parameter in a getfile action to servlet/Installer, or (5) the binfile parameter to servlet/MGConfigData.
by Jan Kadijk
EIP-2026-109453 EXPLOITDB text VERIFIED
Microweber CMS 0.93 - Cross-Site Request Forgery
by sajith
CVE-2014-2341 EXPLOITDB text
CubeCart < 5.2.9 - Session Fixation via PHPSESSID Parameter
Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter.
by absane
EIP-2026-101314 EXPLOITDB html VERIFIED
ICOMM 610 Wireless Modem - Cross-Site Request Forgery
by Blessen Thomas
CVE-2014-100011 EXPLOITDB text
Sendy 1.1.9.1 - SQL Injection via Send-To c Parameter
SQL injection vulnerability in /send-to in Sendy 1.1.9.1 allows remote attackers to execute arbitrary SQL commands via the c parameter.
by delme
EIP-2026-104578 EXPLOITDB c
Apple Mac OSX (Lion) Kernel xnu-1699.32.7 except xnu-1699.24.8 NFS Mount - Local Privilege Escalation
by Kenzley Alphonse
CVE-2014-2849 EXPLOITDB ruby VERIFIED
Sophos Web Appliance Firmware < 3.8.2 - Authenticated Admin Password Change
The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.
by Metasploit
CVE-2014-2579 EXPLOITDB text
XCloner < 3.5 - Cross-Site Request Forgery via Administrator Password Change or Database Backup
Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.5 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrator password via the config task to index2.php or (2) when the enable_db_backup and sql_mem options are enabled, access the database backup functionality via the dbbackup_comp parameter in the generate action to index2.php. NOTE: vector 2 might be a duplicate of CVE-2014-2340, which is for the XCloner Wordpress plugin. NOTE: remote attackers can leverage CVE-2014-2996 with vector 2 to execute arbitrary commands.
by High-Tech Bridge SA
CVE-2014-1761 EXPLOITDB HIGH ruby VERIFIED
Microsoft Word <2013 - Memory Corruption
Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014.
by Metasploit
CVSS 7.8
CVE-2014-2850 EXPLOITDB ruby VERIFIED
Sophos Web Appliance Firmware < 3.8.2 - Authenticated OS Command Injection via Network Interface Address Parameter
The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.
by Metasploit
CVE-2014-2996 EXPLOITDB text
XCloner < 3.5 - Authenticated Command Injection via dbbackup_comp Parameter
XCloner Standalone 3.5 and earlier, when enable_db_backup and sql_mem are enabled, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the dbbackup_comp parameter in a generate action to index2.php. NOTE: it is not clear whether this issue crosses privilege boundaries, since administrators might already have the privileges to execute code. NOTE: this can be leveraged by remote attackers using CVE-2014-2579.
by High-Tech Bridge SA
CVE-2014-2540 EXPLOITDB text
OrbitScripts Orbit Open Ad Server <1.1.1 - SQL Injection
SQL injection vulnerability in OrbitScripts Orbit Open Ad Server before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the site_directory_sort_field parameter to guest/site_directory.
by High-Tech Bridge SA
CVE-2014-2268 EXPLOITDB ruby VERIFIED
vtiger CRM < Security Patch 2 - Unauthenticated Remote Code Execution via Install Module Re-Installation
views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the db_name parameter.
by Metasploit
CVE-2014-0160 EXPLOITDB HIGH python VERIFIED
OpenSSL 1.0.1-1.0.1f - Out-of-bounds Read via Heartbeat Extension
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
by Fitzl Csaba
CVSS 7.5
EIP-2026-111640 EXPLOITDB text VERIFIED
Quick.CMS 5.4 - Multiple Vulnerabilities
by Shpend Kurtishaj
EIP-2026-106741 EXPLOITDB text VERIFIED
eazyCMS - 'index.php' SQL Injection
by Renzi