Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-111277 EXPLOITDB text
Pina CMS - Multiple Vulnerabilities
by Shadman Tanjim
CVE-2014-1206 EXPLOITDB python
Open Web Analytics < 1.5.5 - SQL Injection via Password Reset Email Parameter
SQL injection vulnerability in the password reset page in Open Web Analytics (OWA) before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owa_email_address parameter in a base.passwordResetRequest action to index.php.
by Dana James Traversie
EIP-2026-109546 EXPLOITDB php VERIFIED
MODx Evogallery Module - 'Uploadify.php' Arbitrary File Upload
by TUNISIAN CYBER
EIP-2026-106126 EXPLOITDB text
Concrete5 CMS 5.6.2.1 - 'index.php?cID' SQL Injection
by killall-9
EIP-2026-102260 EXPLOITDB text
My PDF Creator & DE DM 1.4 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2018-25269 EXPLOITDB MEDIUM text
ICEWARP 11.0.0.0 Cross-Site Scripting via Email HTML Injection
ICEWARP 10.3.4 and 11.0.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML elements into emails by embedding base64-encoded payloads in object and embed tags. Attackers can craft emails containing data URIs with embedded scripts that execute in the client when the email is viewed, compromising user sessions and stealing sensitive information.
by Usman Saeed
CVSS 6.1
EIP-2026-108593 EXPLOITDB text VERIFIED
Joomla! Component com_wire_immogest - 'index.php' SQL Injection
by MR.XpR
CVE-2014-1597 EXPLOITDB text VERIFIED
synetics i-doit pro <1.2.5 - SQL Injection
SQL injection vulnerability in the CMDB web application in synetics i-doit pro before 1.2.5 and i-doit open allows remote attackers to execute arbitrary SQL commands via the objID parameter to the default URI.
by Stephan Rickauer
CVE-2025-34037 EXPLOITDB CRITICAL php VERIFIED
Linksys E-Series - Command Injection
An OS command injection vulnerability exists in various models of E-Series Linksys routers via the /tmUnblock.cgi and /hndUnblock.cgi endpoints over HTTP on port 8080. The CGI scripts improperly process user-supplied input passed to the ttcp_ip parameter without sanitization, allowing unauthenticated attackers to inject shell commands. This vulnerability was reported to be exploited in the wild by the "TheMoon" worm  in 2014 to deploy a MIPS ELF payload, enabling arbitrary code execution on the router. Additionally, this vulnerability may affect other Linksys products to include, but not limited to, WAG/WAP/WES/WET/WRT-series router models and Wireless-N access points and routers. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-06 UTC.
by Rew
CVE-2013-2347 EXPLOITDB python
HP Storage Data Protector 6.2X - Remote Code Execution via Crafted EXEC_BAR Packet
The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary commands or cause a denial of service via a crafted EXEC_BAR packet to TCP port 5555, aka ZDI-CAN-1885.
by Chris Graham
CVE-2014-10031 EXPLOITDB python VERIFIED
Qualcomm Eudora WorldMail 9.0.333.0 - Remote Code Execution via IMAPd UID Command
Buffer overflow in the IMAPd service in Qualcomm Eudora WorldMail 9.0.333.0 allows remote attackers to execute arbitrary code via a long string in a UID command.
by Muhammad Alharmeel
CVE-2014-2030 EXPLOITDB HIGH perl
ImageMagick - Stack-based Buffer Overflow in WritePSDImage Function
Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947.
by Mike Czumak
CVSS 8.8
EIP-2026-104719 EXPLOITDB ruby VERIFIED
Dexter (CasinoLoader) - SQL Injection (Metasploit)
by Metasploit
EIP-2026-104221 EXPLOITDB python VERIFIED
Dexter (CasinoLoader) Panel - SQL Injection
by bwall
EIP-2026-102263 EXPLOITDB text
Office Assistant Pro 2.2.2 iOS - Local File Inclusion
by Vulnerability-Lab
EIP-2026-102256 EXPLOITDB text
mbDriveHD 1.0.7 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-102230 EXPLOITDB text
File Hub 1.9.1 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-102081 EXPLOITDB text
Trendchip HG520 ADSL2+ Wireless Modem - Cross-Site Request Forgery
by Dhruv Shah
CVE-2010-2343 EXPLOITDB ruby VERIFIED
D.R. Software Audio Converter 8.1, 2007, and 8.05 - Stack-based Buffer Overflow via PLS Playlist File
Stack-based buffer overflow in D.R. Software Audio Converter 8.1, 2007, and 8.05 allows remote attackers to execute arbitrary code via a crafted pls playlist file.
by Metasploit
CVE-2014-1219 EXPLOITDB text
CA 2E Web Option r8.1.2 - Session Hijacking via Predictable Session Token Substring
CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a session via a modified SSNID parameter to web2edoc/close.htm.
by Mike Emery
EIP-2026-111771 EXPLOITDB text VERIFIED
Rhino - Cross-Site Scripting / Password Reset
by Slotleet
EIP-2026-104638 EXPLOITDB perl VERIFIED
MyBB 1.6.12 - 'misc.php' Remote Denial of Service
by Amir
CVE-2014-0050 EXPLOITDB ruby VERIFIED
Apache Commons FileUpload <1.3.1 - DoS
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.
by Trustwave's SpiderLabs
EIP-2026-102253 EXPLOITDB text
jDisk (stickto) 2.0.3 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-101863 EXPLOITDB text
Netgear DGN2200 N300 Wireless Router - Multiple Vulnerabilities
by Andrew Horton