Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-116497 EXPLOITDB python VERIFIED
VirusChaser 8.0 - Stack Buffer Overflow
by wh1ant
EIP-2026-110267 EXPLOITDB text
OpenCart 1.5.6.1 - 'openbay' Multiple SQL Injections
by Saadi Siddiqui
CVE-2014-2531 EXPLOITDB text VERIFIED
InterWorx Web Control Panel <5.0.14 - SQL Injection
SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search action to the (1) NodeWorx , (2) SiteWorx, or (3) Resellers interface, as demonstrated by the "or" key in a pgn8state object in an i object in a JSON object.
by Eric Flokstra
CVE-2013-6719 EXPLOITDB python
IBM Tealeaf CX 7.x, 8.x-8.6, 8.7-8.8 - Authenticated OS Command Injection via testconn_host Parameter
delivery.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the testconn_host parameter.
by drone
CVE-2014-2668 EXPLOITDB text VERIFIED
Apache CouchDB < 1.5.0 - Denial of Service via /_uuids Count Parameter
Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids.
by Krusty Hack
CVE-2013-2143 EXPLOITDB ruby VERIFIED
Red Hat Satellite and Katello < 1.5.0-14 - Authenticated Privilege Escalation via users/update_roles
The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.
by Metasploit
CVE-2014-1982 EXPLOITDB text
Allied Telesis AT-RG634A, iMG624A, iMG616LH, iMG646BD - Unauthenticated Remote Code Execution via CLI Interface
The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html.
by Groundworks Technologies
EIP-2026-100789 EXPLOITDB text VERIFIED
DotItYourself - 'dot-it-yourself.cgi' Remote Command Execution
by Felipe Andrian Peixoto
EIP-2026-100756 EXPLOITDB text VERIFIED
Beheer Systeem - 'pbs.cgi' Remote Command Execution
by Felipe Andrian Peixoto
EIP-2026-115373 EXPLOITDB python VERIFIED
Haihaisoft Universal Player 1.5.8 - '.m3u' / '.pls '/ '.asx' Buffer Overflow (SEH)
by Gabor Seljan
EIP-2026-115371 EXPLOITDB python VERIFIED
Haihaisoft HUPlayer 1.0.4.8 - '.m3u' / '.pls' / '.asx' Buffer Overflow (SEH)
by Gabor Seljan
CVE-2014-1903 EXPLOITDB ruby VERIFIED
FreePBX <2.9.0.14, <2.10.1.15, <2.11.0.23, <12.0.1alpha22 - RCE
admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php.
by Metasploit
EIP-2026-111618 EXPLOITDB text
qEngine CMS 6.0.0 - Multiple Vulnerabilities
by LiquidWorm
EIP-2026-111617 EXPLOITDB text VERIFIED
qEngine 4.1.6/6.0.0 - 'task.php' Local File Inclusion
by Gjoko Krstic
EIP-2026-108989 EXPLOITDB text
Kemana Directory 1.5.6 - Remote Code Execution
by LiquidWorm
EIP-2026-108988 EXPLOITDB text
Kemana Directory 1.5.6 - kemana_admin_passwd Cookie User Password Hash Disclosure
by LiquidWorm
EIP-2026-108987 EXPLOITDB text
Kemana Directory 1.5.6 - Database Backup Disclosure
by LiquidWorm
EIP-2026-108986 EXPLOITDB text
Kemana Directory 1.5.6 - 'task.php' Local File Inclusion
by LiquidWorm
EIP-2026-108985 EXPLOITDB text
Kemana Directory 1.5.6 - 'qvc_init()' Cookie Poisoning CAPTCHA Bypass
by LiquidWorm
EIP-2026-107396 EXPLOITDB text VERIFIED
Getsimple CMS 3.3.1 - Persistent Cross-Site Scripting
by Jeroen - IT Nerdbox
EIP-2026-105753 EXPLOITDB text
Cart Engine 3.0.0 - Remote Code Execution
by LiquidWorm
EIP-2026-105752 EXPLOITDB text
Cart Engine 3.0.0 - Database Backup Disclosure
by LiquidWorm
EIP-2026-105751 EXPLOITDB text
Cart Engine 3.0.0 - 'task.php' Local File Inclusion
by LiquidWorm
CVE-2014-2671 EXPLOITDB python VERIFIED
Microsoft Windows Media Player 11.0.5721.5230 - Memory Corruption
Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted WAV file.
by TUNISIAN CYBER
CVE-2014-2671 EXPLOITDB python VERIFIED
Microsoft Windows Media Player 11.0.5721.5230 - Memory Corruption
Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted WAV file.
by TUNISIAN CYBER