Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2006-2465 EXPLOITDB python VERIFIED
mp3info 0.8.4 - Buffer Overflow via Long Command Line Argument
Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary code via a long command line argument. NOTE: if mp3info is not installed setuid or setgid in any reasonable context, then this issue might not be a vulnerability.
by jsacco
CVE-2013-6194 EXPLOITDB ruby VERIFIED
HP Storage Data Protector 6.2X - Remote Code Execution or Denial of Service
Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1905.
by Metasploit
CVE-2013-7246 EXPLOITDB html VERIFIED
DaumGame ActiveX Control 1.1.0.4 and 1.1.0.5 - Buffer Overflow via IconCreate Method
Buffer overflow in the IconCreate method in an ActiveX control in the DaumGame ActiveX plugin 1.1.0.4 and 1.1.0.5 allows remote attackers to execute arbitrary code via a long string, as exploited in the wild in January 2014.
by Trustwave's SpiderLabs
CVE-2013-5582 EXPLOITDB HIGH text
Ammyy Admin < 3.2 - Improper Authentication via Fixed Memory Location
Ammyy Admin 3.2 and earlier stores the client ID at a fixed memory location, which might make it easier for user-assisted remote attackers to bypass authentication by running a local program that extracts a field from the AA_v3.2.exe file.
by Bhadresh Patel
CVSS 7.8
EIP-2026-115907 EXPLOITDB perl
NCH Software Express Burn Plus 4.68 - '.EBP' Project File Buffer Overflow
by LiquidWorm
CVE-2013-6040 EXPLOITDB HIGH html
MW6 Aztec, DataMatrix, MaxiCode <4.0 - RCE
MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls before version 4.0 vulnerable to arbitrary code via a crafted HTML document. Latest versions (4.0) of MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls have resolved the issue
by Pedro Ribeiro
CVSS 8.1
CVE-2013-6040 EXPLOITDB HIGH html
MW6 Aztec, DataMatrix, MaxiCode <4.0 - RCE
MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls before version 4.0 vulnerable to arbitrary code via a crafted HTML document. Latest versions (4.0) of MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls have resolved the issue
by Pedro Ribeiro
CVSS 8.1
CVE-2013-6040 EXPLOITDB HIGH html
MW6 Aztec, DataMatrix, MaxiCode <4.0 - RCE
MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls before version 4.0 vulnerable to arbitrary code via a crafted HTML document. Latest versions (4.0) of MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls have resolved the issue
by Pedro Ribeiro
CVSS 8.1
EIP-2026-114606 EXPLOITDB text VERIFIED
ZenPhoto - SQL Injection
by KedAns-Dz
EIP-2026-114480 EXPLOITDB text VERIFIED
XOS Shop - 'goto' SQL Injection
by JoKeR_StEx
EIP-2026-114211 EXPLOITDB text VERIFIED
WordPress Plugin WP E-Commerce - Multiple Vulnerabilities
by KedAns-Dz
CVE-2014-1683 EXPLOITDB text VERIFIED
SkyBlueCanvas CMS <1.1 r248-04 - RCE
The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) name, (2) email, (3) subject, or (4) message parameter to index.php.
by Scott Parish
EIP-2026-110525 EXPLOITDB text VERIFIED
pChart 2.1.3 - Multiple Vulnerabilities
by Balazs Makany
EIP-2026-109262 EXPLOITDB text VERIFIED
Maian Uploader 4.0 - Multiple Vulnerabilities
by KedAns-Dz
CVE-2014-0793 EXPLOITDB text
StackIdeas Komento < 1.7.3 - Cross-Site Scripting via Website or Latitude Parameter
Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas Komento (com_komento) component before 1.7.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website or (2) latitude parameter in a comment to the default URI.
by High-Tech Bridge SA
CVE-2014-0794 EXPLOITDB text
JV Comment (com_jvcomment) < 3.0.3 - Authenticated SQL Injection via id Parameter
SQL injection vulnerability in the JV Comment (com_jvcomment) component before 3.0.3 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a comment.like action to index.php.
by High-Tech Bridge SA
CVE-2013-7248 EXPLOITDB text VERIFIED
Franklin Fueling Systems TS-550 evo <2.4.0 - Privilege Escalation
Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSA_REQUEST.
by Trustwave's SpiderLabs
CVE-2014-10020 EXPLOITDB text
Simple e-document 1.31 - SQL Injection via Username Parameter
SQL injection vulnerability in login.php in Simple e-document 1.31 allows remote attackers to execute arbitrary SQL commands via the username parameter.
by vinicius777
EIP-2026-111310 EXPLOITDB text
PizzaInn_Project - SQL Injection
by vinicius777
EIP-2026-109786 EXPLOITDB text
mySeatXT 0.2134 - SQL Injection
by vinicius777
CVE-2014-100020 EXPLOITDB text
iTechClassifieds 3.03.057 - SQL Injection via ChangeEmail.php PreviewNum Parameter
SQL injection vulnerability in ChangeEmail.php in iTechClassifieds 3.03.057 allows remote attackers to execute arbitrary SQL commands via the PreviewNum parameter. NOTE: the CatID parameter is already covered by CVE-2008-0685.
by vinicius777
EIP-2026-107450 EXPLOITDB text
godontologico 5 - SQL Injection
by vinicius777
EIP-2026-106699 EXPLOITDB text
Easy POS System - 'login.php' SQL Injection
by vinicius777
EIP-2026-105769 EXPLOITDB text
Cells Blog 3.3 - Reflected Cross-Site Scripting / Blind SQLite Injection
by vinicius777
EIP-2026-104967 EXPLOITDB text
Adult WebMaster PHP - Password Disclosure
by vinicius777