Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-116817 EXPLOITDB text
Asseco SEE iBank FX Client 2.0.9.3 - Local Privilege Escalation
by LiquidWorm
CVE-2014-0980 EXPLOITDB text VERIFIED
Publish-It PUI Buffer Overflow (SEH)
Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote attackers to execute arbitrary code via a crafted PUI file.
by Core Security
EIP-2026-110789 EXPLOITDB text VERIFIED
PHP Webcam Video Conference - Multiple Vulnerabilities
by vinicius777
EIP-2026-108182 EXPLOITDB text VERIFIED
Joomla! 3.2.1 - SQL Injection
by killall-9
CVE-2013-7051 EXPLOITDB HIGH text
D-Link DIR-100 Firmware 4.03B07 - Unauthenticated Authentication Bypass via cli.cgi
D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters
by Felix Richter
CVSS 8.8
EIP-2026-119380 EXPLOITDB text
IBM Business Process Manager - User Account Reconfiguration
by 0in
CVE-2008-1461 EXPLOITDB c VERIFIED
XnView 1.92.1 - Buffer Overflow via Long Filename Argument
Buffer overflow in XnView 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long filename argument on the command line. NOTE: it is unclear whether there are common handler configurations in which this argument is controlled by an attacker.
by Sylvain THUAL
EIP-2026-114336 EXPLOITDB php VERIFIED
WordPress Theme Kiddo - Arbitrary File Upload
by TUNISIAN CYBER
EIP-2026-114320 EXPLOITDB text
WordPress Theme Dandelion - Arbitrary File Upload
by TheBlackMonster
CVE-2014-10023 EXPLOITDB text
TopicsViewer 3.0 Beta 1 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in TopicsViewer 3.0 Beta 1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) edit_block.php, (2) edit_cat.php, (3) edit_note.php, or (4) rmv_topic.php in admincp/.
by AtT4CKxT3rR0r1ST
EIP-2026-112170 EXPLOITDB text VERIFIED
Singapore 0.9.9b Beta - Image Gallery Remote File Inclusion / Cross-Site Scripting
by TUNISIAN CYBER
EIP-2026-111347 EXPLOITDB text
Plogger 1.0 (RC1) - Multiple Vulnerabilities
by killall-9
EIP-2026-110458 EXPLOITDB text
Pandora Fms 5.0RC1 - Remote Command Injection
by xistence
CVE-2014-1665 EXPLOITDB MEDIUM text
owncloud < 6.0.1 - Authenticated Stored Cross-Site Scripting via Uploaded Filename
Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.
by absane
CVSS 5.4
EIP-2026-108314 EXPLOITDB python
Joomla! Component com_community 2.6 - Code Execution
by Matias Fontanini
EIP-2026-108104 EXPLOITDB text VERIFIED
Job Site 1.0 - Multiple Vulnerabilities
by AtT4CKxT3rR0r1ST
CVE-2014-1836 EXPLOITDB text VERIFIED
ImpressCMS < 1.3.6 - Path Traversal and Arbitrary File Deletion via Image Path Parameter
Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action.
by Pedro Ribeiro
EIP-2026-106940 EXPLOITDB text
Eventy Online Scheduler 1.8 - Multiple Vulnerabilities
by AtT4CKxT3rR0r1ST
EIP-2026-105588 EXPLOITDB text
Booking Calendar - Multiple Vulnerabilities
by AtT4CKxT3rR0r1ST
CVE-2009-3548 EXPLOITDB ruby VERIFIED
Apache Tomcat 5.5.0-5.5.28 and 6.0.0-6.0.20 - Unauthenticated Privilege Escalation via Default Blank Admin Password
The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
by Metasploit
CVE-2014-1684 EXPLOITDB python
VLC Media Player < 2.1.3 - Denial of Service via ASF File Packet Size Handling
The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero minimum and maximum data packet size in an ASF file.
by Saif
CVE-2014-1683 EXPLOITDB ruby VERIFIED
SkyBlueCanvas CMS <1.1 r248-04 - RCE
The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) name, (2) email, (3) subject, or (4) message parameter to index.php.
by Metasploit
CVE-2012-0394 EXPLOITDB ruby VERIFIED
Apache Struts 2.0.0-2.3.16 - Remote Code Execution via DebuggingInterceptor
The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself.
by Metasploit
EIP-2026-101811 EXPLOITDB text
Inteno DG301 - Command Injection
by Juan J. Guelfo
CVE-2013-7055 EXPLOITDB CRITICAL text
D-Link DIR-100 4.03B07 - Insufficiently Protected Credentials
D-Link DIR-100 4.03B07 has PPTP and poe information disclosure
by Felix Richter
CVSS 9.8