Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-104217 EXPLOITDB text
csUpload Script Site - Authentication Bypass
by Satanic2000
CVE-2014-0160 EXPLOITDB HIGH python VERIFIED
OpenSSL 1.0.1-1.0.1f - Out-of-bounds Read via Heartbeat Extension
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
by Jared Stafford
CVSS 7.5
EIP-2026-118130 EXPLOITDB ruby VERIFIED
WinRAR - Filename Spoofing (Metasploit)
by Metasploit
EIP-2026-116902 EXPLOITDB perl VERIFIED
BlazeDVD Pro Player 6.1 - Stack Buffer Overflow Jump ESP
by Deepak Rathore
EIP-2026-108675 EXPLOITDB text VERIFIED
Joomla! Component Inneradmission - 'index.php' SQL Injection
by Lazmania61
CVE-2013-6799 EXPLOITDB c
Apple Mac OS X 10.9 - Denial of Service via Hard Link to Directory
Apple Mac OS X 10.9 allows local users to cause a denial of service (memory corruption or panic) by creating a hard link to a directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-0105.
by Maksymilian Arciemowicz
EIP-2026-102198 EXPLOITDB text
Bluetooth Text Chat 1.0 iOS - Code Execution
by Vulnerability-Lab
EIP-2026-101296 EXPLOITDB text
Halon Security Router (SR) 3.2-winter-r1 - Multiple Vulnerabilities
by Juan Manuel Garcia
EIP-2026-101286 EXPLOITDB ruby VERIFIED
Fritz!Box Webcm - Command Injection (Metasploit)
by Metasploit
CVE-2014-2314 EXPLOITDB ruby VERIFIED
Atlassian JIRA <6.0.4 - Path Traversal
Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors.
by Metasploit
EIP-2026-114405 EXPLOITDB text
XAMPP 3.2.1 & phpMyAdmin 4.1.6 - Multiple Vulnerabilities
by hackerDesk
EIP-2026-115953 EXPLOITDB text VERIFIED
Notepad++ DSpellCheck 1.2.12.0 - Denial of Service
by sajith
EIP-2026-115438 EXPLOITDB text VERIFIED
InfraRecorder 0.53 - Memory Corruption (Denial of Service)
by sajith
EIP-2026-115177 EXPLOITDB python VERIFIED
EagleGet 1.1.8.1 - Denial of Service
by Interference Security
EIP-2026-111592 EXPLOITDB text VERIFIED
Puntopy - 'novedad.php' SQL Injection
by Felipe Andrian Peixoto
EIP-2026-115567 EXPLOITDB perl
MA Lighting Technology grandMA onPC 6.808 - Remote Denial of Service
by LiquidWorm
CVE-2013-7196 EXPLOITDB text VERIFIED
PHPFox 3.7.3-3.7.5 - Authenticated Privacy Bypass via Modified val[item_id] Parameter
static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote authenticated users to bypass intended "Only Me" restrictions and comment on a private publication via a request with a modified val[item_id] parameter for the publication.
by Wesley Henrique
EIP-2026-102290 EXPLOITDB text
Private Photo+Video 1.1 Pro iOS - Persistent
by Vulnerability-Lab
CVE-2014-2340 EXPLOITDB text
XCloner < 3.1.1 - Cross-Site Request Forgery via Backup Creation
Cross-site request forgery (CSRF) vulnerability in the XCloner plugin before 3.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that create website backups via a request to wp-admin/plugins.php.
by High-Tech Bridge SA
CVE-2013-4011 EXPLOITDB ruby VERIFIED
IBM AIX 6.1/7.1 & VIOS 2.2.2.2-FP-26 SP-02 - Privilege Escalation
Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat.
by Metasploit
CVE-2014-3976 EXPLOITDB text
A10 Networks ACOS <2.7.0-p6, <2.7.1-P1_55 - Buffer Overflow
Buffer overflow in A10 Networks Advanced Core Operating System (ACOS) before 2.7.0-p6 and 2.7.1 before 2.7.1-P1_55 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long session id in the URI to sys_reboot.html. NOTE: some of these details are obtained from third party information.
by Francesco Perna
CVE-2014-2880 EXPLOITDB text
Oracle Identity Manager 11.1.1.5, 11.1.1.7, 11.1.2.1, 11.1.2.2 - Open Redirect via backUrl Parameter
Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backUrl parameter in a changepwd action to identity/faces/firstlogin.
by Giuseppe D'Amore
EIP-2026-105979 EXPLOITDB text
CMS Made Simple 1.11.10 - Multiple Cross-Site Scripting Vulnerabilities
by Blessen Thomas
EIP-2026-109025 EXPLOITDB text
Kloxo-MR 6.5.0 - Cross-Site Request Forgery
by Necmettin COSKUN
EIP-2026-109024 EXPLOITDB text
Kloxo 6.1.18 Stable - Cross-Site Request Forgery
by Necmettin COSKUN