Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2014-1664 EXPLOITDB text VERIFIED
Citrix GoToMeeting <5.0.799.1238 - Info Disclosure
The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens via an application that reads the system log file.
by Claudio J. Lacayo
EIP-2026-113227 EXPLOITDB text VERIFIED
Web Video Streamer - Multiple Vulnerabilities
by Eric Sesterhenn
EIP-2026-107796 EXPLOITDB text VERIFIED
Imageview - 'upload.php' Arbitrary File Upload
by TUNISIAN CYBER
CVE-2014-2013 EXPLOITDB text VERIFIED
MuPDF < 1.3 - Remote Code Execution via XPS ContextColor Path Attribute
Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the ContextColor value of the Fill attribute in a Path element.
by Jean-Jamil Khalife
EIP-2026-106541 EXPLOITDB text VERIFIED
Doodle4Gift - Multiple Vulnerabilities
by Dr.NaNo
EIP-2026-105019 EXPLOITDB php
AfterLogic Pro and Lite 7.1.1.1 - Persistent Cross-Site Scripting
by Saeed reza Zamanian
CVE-2014-10018 EXPLOITDB text
Teracom T2-B-Gawv1.4U10Y-BI - Cross-Site Scripting via essid Parameter
Cross-site scripting (XSS) vulnerability in webconfig/wlan/country.html/country in the Teracom T2-B-Gawv1.4U10Y-BI modem allows remote attackers to inject arbitrary web script or HTML via the essid parameter.
by Rakesh S
EIP-2026-101569 EXPLOITDB python
BLUE COM Router 5360/52018 - Password Reset
by KAI
CVE-2013-6343 EXPLOITDB python
ASUS RT-N56U and RT-AC66U Firmware 3.0.0.4.374_979 - Remote Code Execution via apps_name or apps_flag Parameter
Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_flag parameter to APP_Installation.asp.
by Jacob Holcomb
EIP-2026-113791 EXPLOITDB text VERIFIED
WordPress Plugin Global Flash Gallery - 'swfupload.php' Arbitrary File Upload
by Ashiyane Digital Security Team
EIP-2026-115376 EXPLOITDB python
haneWIN DNS Server 1.5.3 - Denial of Service
by sajith
EIP-2026-105547 EXPLOITDB text VERIFIED
BloofoxCMS 0.5.0 - Multiple Vulnerabilities
by AtT4CKxT3rR0r1ST
EIP-2026-105546 EXPLOITDB text VERIFIED
BloofoxCMS 0.5.0 - 'fileurl' Local File Inclusion
by AtT4CKxT3rR0r1ST
EIP-2026-105541 EXPLOITDB text VERIFIED
BloofoxCMS - '/bloofox/index.php?Username' SQL Injection
by AtT4CKxT3rR0r1ST
EIP-2026-105540 EXPLOITDB text VERIFIED
BloofoxCMS - '/bloofox/admin/index.php?Username' SQL Injection
by AtT4CKxT3rR0r1ST
EIP-2026-105539 EXPLOITDB html VERIFIED
BloofoxCMS - '/admin/index.php' Cross-Site Request Forgery (Add Admin)
by AtT4CKxT3rR0r1ST
EIP-2026-100560 EXPLOITDB php
SmarterMail Enterprise and Standard 11.x - Persistent Cross-Site Scripting
by Saeed reza Zamanian
CVE-2013-7219 EXPLOITDB text VERIFIED
Joomla! com_sexypolling <1.0.9 - SQL Injection
SQL injection vulnerability in vote.php in the 2Glux Sexy Polling (com_sexypolling) component before 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the answer_id[] parameter.
by High-Tech Bridge
EIP-2026-111097 EXPLOITDB text
PHPJabbers Vacation Rental Script 3.0 - Multiple Vulnerabilities
by HackXBack
EIP-2026-111096 EXPLOITDB text
PHPJabbers Vacation Packages Listing 2.0 - Multiple Vulnerabilities
by HackXBack
EIP-2026-111092 EXPLOITDB html
PHPJabbers Property Listing Script 2.0 - Cross-Site Request Forgery (Add Admin)
by HackXBack
EIP-2026-111090 EXPLOITDB html
PHPJabbers Pet Listing Script 1.0 - Multiple Vulnerabilities
by HackXBack
EIP-2026-111088 EXPLOITDB text
PHPJabbers Hotel Booking System 3.0 - Multiple Vulnerabilities
by HackXBack
CVE-2013-6872 EXPLOITDB text
Collabtive < 1.2 - Authenticated SQL Injection via managetimetracker.php id Parameter
SQL injection vulnerability in managetimetracker.php in Collabtive before 1.2 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a projectpdf action.
by Yogesh Phadtare
CVE-2014-10001 EXPLOITDB text
PHPJabbers Appointment Scheduler 2.0 - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Appointment Scheduler 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks via the i18n[1][name] parameter in a pjActionCreate action to the pjAdminServices controller or (2) add an administrator via a pjActionCreate action to the pjAdminUsers controller.
by HackXBack