Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-110769 EXPLOITDB text VERIFIED
PHP Ticket System Beta 1 - 'get_all_created_by_user.php?id' SQL Injection
by HauntIT
CVE-2013-6231 EXPLOITDB HIGH text
SpagoBI < 4.1 - Privilege Escalation via AdapterHTTP Script
SpagoBI before 4.1 has Privilege Escalation via an error in the AdapterHTTP script
by Christian Catalano
CVSS 8.8
CVE-2014-9304 EXPLOITDB text
Plex Media Server < 0.9.9.2 - Server-Side Request Forgery and Authentication Bypass via X-Plex-Url Header
Plex Media Server before 0.9.9.3 allows remote attackers to bypass the web server whitelist, conduct SSRF attacks, and execute arbitrary administrative actions via multiple crafted X-Plex-Url headers to system/proxy, which are inconsistently processed by the request handler in the backend web server.
by SEC Consult
EIP-2026-101847 EXPLOITDB text
MICROSENS Profi Line Switch 10.3.1 - Privilege Escalation
by SEC Consult
CVE-2014-100031 EXPLOITDB text
Ganesha Digital Library 4.2 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in Ganesha Digital Library (GDL) 4.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) download.php or (2) main.php.
by ByEge
EIP-2026-102217 EXPLOITDB text
Bluetooth Photo Share Pro 2.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2013-5015 EXPLOITDB ruby VERIFIED
Symantec Endpoint Protection Manager 11.0-11.0.7405.1424 and 12.1-12.1.4023.4080 - Authenticated SQL Injection
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
by Metasploit
CVE-2013-5014 EXPLOITDB ruby VERIFIED
Symantec Endpoint Protection Manager < 11.0.7405.1424 and 12.1 < 12.1.4023.4080 - XML External Entity Injection
The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
by Metasploit
EIP-2026-115883 EXPLOITDB perl VERIFIED
Music AlarmClock 2.1.0 - '.m3u' Crash (PoC)
by Gabor Seljan
EIP-2026-115331 EXPLOITDB perl VERIFIED
Gold MP4 Player 3.3 - Buffer Overflow (PoC) (SEH)
by Gabor Seljan
CVE-2014-2211 EXPLOITDB text VERIFIED
POSH < 3.2.1 - SQL Injection via RSS URL Parameter
SQL injection vulnerability in portal/addtoapplication.php in POSH (aka Posh portal or Portaneo) 3.0 before 3.3.0 allows remote attackers to execute arbitrary SQL commands via the rssurl parameter.
by Anthony BAUBE
CVE-2014-4613 EXPLOITDB MEDIUM text
Piwigo < 2.6.2 - Cross-Site Request Forgery via User Addition in Administration Panel
Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php.
by killall-9
CVSS 6.5
EIP-2026-102616 EXPLOITDB python
GoAhead Web Server 3.1.x - Denial of Service
by Alaeddine MESBAHI
EIP-2026-117701 EXPLOITDB text VERIFIED
Notepad++ CCompletion Plugin 1.19 - Local Stack Buffer Overflow
by tishion
EIP-2026-116488 EXPLOITDB text VERIFIED
VideoLAN VLC Media Player 2.1.3 - '.avs' Crash (PoC)
by kw4
CVE-2014-100012 EXPLOITDB text VERIFIED
Sendy 1.1.8.4 - SQL Injection via i Parameter
SQL injection vulnerability in /app in Sendy 1.1.8.4 allows remote attackers to execute arbitrary SQL commands via the i parameter.
by Hurley
EIP-2026-102314 EXPLOITDB text
WiFiles HD 1.3 iOS - Local File Inclusion
by Vulnerability-Lab
EIP-2026-102289 EXPLOITDB text
Private Camera Pro 5.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2014-1677 EXPLOITDB HIGH text
Technicolor TC7200 - Info Disclosure
Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information.
by Jeroen - IT Nerdbox
CVSS 7.5
CVE-2014-1912 EXPLOITDB python
Python <2.7.7, <3.3.4, <3.4rc1 - Buffer Overflow
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.
by Sha0
EIP-2026-102481 EXPLOITDB python
Ganib Project Management 2.3 - SQL Injection
by drone
CVE-2013-5014 EXPLOITDB python VERIFIED
Symantec Endpoint Protection Manager < 11.0.7405.1424 and 12.1 < 12.1.4023.4080 - XML External Entity Injection
The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
by Chris Graham
CVE-2013-5015 EXPLOITDB python VERIFIED
Symantec Endpoint Protection Manager 11.0-11.0.7405.1424 and 12.1-12.1.4023.4080 - Authenticated SQL Injection
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
by Chris Graham
CVE-2013-5019 EXPLOITDB python VERIFIED
Ultra Mini HTTPD 1.21 - Buffer Overflow
Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote attackers to execute arbitrary code via a long resource name in an HTTP request.
by OJ Reeves
CVE-2014-100015 EXPLOITDB python VERIFIED
SolidWorks Workgroup PDM 2014 - Unauthenticated Path Traversal and Arbitrary File Write via File Upload
Directory traversal vulnerability in pdmwService.exe in SolidWorks Workgroup PDM 2014 allows remote attackers to write to arbitrary files via a .. (dot dot) in the filename in a file upload.
by Mohamed Shetta