Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-102251 EXPLOITDB text
iShare Your Moving Library 1.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-100941 EXPLOITDB text VERIFIED
ZamFoo - Multiple Remote Command Execution Vulnerabilities
by Al-Shabaab
CVE-2014-2847 EXPLOITDB text
CIS Manager CMS - SQL Injection via TroncoID Parameter
SQL injection vulnerability in default.asp in CIS Manager CMS allows remote attackers to execute arbitrary SQL commands via the TroncoID parameter.
by felipe andrian
CVE-2014-2560 EXPLOITDB HIGH text
PhonerLite < 2.15 - Password Hash Disclosure via SIP Digest Leak
The PhonerLite phone before 2.15 provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.
by Jason Ostrom
CVSS 7.5
EIP-2026-107618 EXPLOITDB text
Horde Webmail 5.1 - Open Redirect
by felipe andrian
EIP-2026-105090 EXPLOITDB text
Alienvault 4.5.0 - (Authenticated) SQL Injection (Metasploit)
by Brandon Perry
CVE-2014-2674 EXPLOITDB HIGH text
Ajax Pagination (twitter Style) <1.1 - Path Traversal
Directory traversal vulnerability in the Ajax Pagination (twitter Style) plugin 1.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the loop parameter in an ajax_navigation action to wp-admin/admin-ajax.php.
by Glyn Wintle
CVSS 7.5
CVE-2008-5191 EXPLOITDB ruby VERIFIED
SePortal 2.4 - SQL Injection via poll_id or sp_id Parameter
Multiple SQL injection vulnerabilities in SePortal 2.4 allow remote attackers to execute arbitrary SQL commands via the (1) poll_id parameter to poll.php and the (2) sp_id parameter to staticpages.php.
by Metasploit
EIP-2026-104766 EXPLOITDB text
plexusCMS 0.5 - Cross-Site Scripting / Remote Shell / Credentials Leak
by neglomaniac
CVE-2014-0644 EXPLOITDB text
EMC Cloud Tiering Appliance 10-SP1 - XML External Entity Injection via API Login Request
EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file.
by Brandon Perry
EIP-2026-102304 EXPLOITDB text
Vanctech File Commander 1.1 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-102284 EXPLOITDB text
PhotoWIFI Lite 1.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-100882 EXPLOITDB text VERIFIED
Primo Interactive CMS - 'pcm.cgi' Remote Command Execution
by Felipe Andrian Peixoto
EIP-2026-116843 EXPLOITDB python VERIFIED
AudioCoder 0.8.29 - Memory Corruption (SEH)
by sajith
EIP-2026-100125 EXPLOITDB text
ASP-Nuke 2.0.7 - 'gotourl.asp' Open Redirect
by felipe andrian
CVE-2014-1216 EXPLOITDB ruby VERIFIED
FitNesse Wiki <20140201 - Command Injection
FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page.
by SecPod Research
EIP-2026-102252 EXPLOITDB text
iStArtApp FileXChange 6.2 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-109153 EXPLOITDB text VERIFIED
LinEx - Password Reset
by N B Sri Harsha
EIP-2026-108772 EXPLOITDB text
Joomla! Component Kunena 3.0.4 - Persistent Cross-Site Scripting
by Qoppa
CVE-2014-2879 EXPLOITDB text
SonicWALL Email Security Appliance < 7.4.5 - Authenticated Cross-Site Scripting via Upload Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the uploadPatch parameter to the System/Advanced page (settings_advanced.html) or (2) the uploadLicenses parameter in the License management (settings_upload_dlicense.html) page.
by Vulnerability-Lab
EIP-2026-102254 EXPLOITDB text
Lazybone Studios WiFi Music 1.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-102240 EXPLOITDB text
FTP Drive + HTTP 1.0.4 iOS - Code Execution
by Vulnerability-Lab
EIP-2026-102227 EXPLOITDB text
ePhone Disk 1.0.2 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-102224 EXPLOITDB text
Easy FileManager 1.1 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2013-6720 EXPLOITDB python
IBM Tealeaf CX 7.x, 8.x-8.6, 8.7-8.8 - Authenticated Path Traversal via Log Parameter
Directory traversal vulnerability in download.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to bypass intended access restrictions via a .. (dot dot) in the log parameter, as demonstrated using a crafted request for a customer-support file, as demonstrated by a log file.
by drone