Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2014-1202 EXPLOITDB text
SoapUI < 4.6.4 - Remote Code Execution via WSDL Import
The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.
by Barak Tawily
EIP-2026-111089 EXPLOITDB text
PHPJabbers Job Listing Script - Multiple Vulnerabilities
by HackXBack
CVE-2014-10015 EXPLOITDB text
PHPJabbers Event Booking Calendar 2.0 - SQL Injection via cid Parameter
SQL injection vulnerability in load-calendar.php in PHPJabbers Event Booking Calendar 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by HackXBack
EIP-2026-111087 EXPLOITDB text
PHPJabbers Car Rental Script - Multiple Vulnerabilities
by HackXBack
CVE-2014-10010 EXPLOITDB text
PHPJabbers Appointment Scheduler 2.0 - Path Traversal via Backup Controller ID Parameter
Directory traversal vulnerability in PHPJabbers Appointment Scheduler 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a pjActionDownload action to the pjBackup controller.
by HackXBack
CVE-2013-7139 EXPLOITDB text
Horizon Quick Content Management System <= 4.0 - SQL Injection via Download Category Parameter
SQL injection vulnerability in download.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote to execute arbitrary SQL commands via the category parameter.
by High-Tech Bridge SA
CVE-2013-7137 EXPLOITDB CRITICAL text
burden < 1.8.1 - Unauthenticated Authentication Bypass via Remember Me Cookie
The "remember me" functionality in login.php in Burden before 1.8.1 allows remote attackers to bypass authentication and gain privileges by setting the burden_user_rememberme cookie to 1.
by High-Tech Bridge SA
CVSS 9.8
EIP-2026-105305 EXPLOITDB html
Auto Classifieds Script 2.0 - Cross-Site Request Forgery (Add Admin)
by HackXBack
CVE-2013-6017 EXPLOITDB text VERIFIED
Atmail < 7.1.6 - Stored Cross-Site Scripting via Email Body
Cross-site scripting (XSS) vulnerability in Atmail Webmail Server before 7.2 allows remote attackers to inject arbitrary web script or HTML via the body of an e-mail message, as demonstrated by the SRC attribute of an IFRAME element.
by Zhao Liang
CVE-2013-2251 EXPLOITDB CRITICAL text VERIFIED
Apache Archiva 1.3-1.3.8 - Remote Code Execution via OGNL Expression Injection
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
by Takeshi Terada
CVSS 9.8
CVE-2013-5880 EXPLOITDB text VERIFIED
Oracle Demantra Demand Management <12.2.2 - Info Disclosure
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 12.2.0, 12.2.1, and 12.2.2 allows remote attackers to affect confidentiality via unknown vectors related to DM Others.
by Oracle
CVE-2012-4530 EXPLOITDB text
Linux kernel <3.7.2 - Info Disclosure
The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
by halfdog
EIP-2026-101730 EXPLOITDB html
Feixun Wireless Router FWR-604H - Remote Code Execution
by Arash Abedian
CVE-2013-7204 EXPLOITDB text
Conceptronic CIPCAMPTIWL Camera 1.0-21.37.2.49 - CSRF
Cross-site request forgery (CSRF) vulnerability in set_users.cgi in Conceptronic CIPCAMPTIWL Camera 1.0 with firmware 21.37.2.49 allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users.
by Felipe Molina
CVE-2014-0659 EXPLOITDB ruby VERIFIED
Cisco RVS4000, WRVS4400N, and WAP4410N Firmware - Remote Code Execution via Test Interface
The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote attackers to read credential and configuration data, and execute arbitrary commands, via requests to the test interface on TCP port 32764, aka Bug IDs CSCum37566, CSCum43693, CSCum43700, and CSCum43685.
by Metasploit
CVE-2014-10038 EXPLOITDB text VERIFIED
domphp < 0.83 - SQL Injection via agenda/indexdate.php ids Parameter
SQL injection vulnerability in agenda/indexdate.php in DomPHP 0.83 and earlier allows remote attackers to execute arbitrary SQL commands via the ids parameter.
by Houssamix
CVE-2014-1671 EXPLOITDB text VERIFIED
Dell KACE K1000 <5.4.76847 - SQL Injection
Multiple SQL injection vulnerabilities in Dell KACE K1000 5.4.76847 and possibly earlier allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the macAddress element in a (1) getUploadPath or (2) getKBot SOAP request to service/kbot_service.php; the ID parameter to (3) userui/advisory_detail.php or (4) userui/ticket.php; and the (5) ORDER[] parameter to userui/ticket_list.php.
by Rohan Stelling
CVE-2014-10037 EXPLOITDB text
domphp < 0.83 - Path Traversal via URL Parameter
Directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impact via a .. (dot dot) in the url parameter to photoalbum/index.php.
by Houssamix
EIP-2026-108199 EXPLOITDB text VERIFIED
Joomla! Component Almond Classifieds - Arbitrary File Upload
by DevilScreaM
CVE-2014-1618 EXPLOITDB text VERIFIED
UAEPD Shopping Cart Script - SQL Injection
Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) p_id parameter to products.php or id parameter to (3) page.php or (4) news.php.
by AtT4CKxT3rR0r1ST
CVE-2014-1618 EXPLOITDB text VERIFIED
UAEPD Shopping Cart Script - SQL Injection
Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) p_id parameter to products.php or id parameter to (3) page.php or (4) news.php.
by AtT4CKxT3rR0r1ST
EIP-2026-107011 EXPLOITDB text VERIFIED
EZGenerator - Local File Disclosure / Cross-Site Request Forgery
by AtT4CKxT3rR0r1ST
EIP-2026-105646 EXPLOITDB html VERIFIED
Built2Go PHP Shopping - Cross-Site Request Forgery (Admin Password)
by AtT4CKxT3rR0r1ST
CVE-2025-46002 EXPLOITDB MEDIUM text VERIFIED
simogeo filemanager <= 2.5.0 - Directory Traversal via filemanager.php Endpoint
An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint.
by AtT4CKxT3rR0r1ST
CVSS 6.5
CVE-2013-4988 EXPLOITDB ruby VERIFIED
IcoFX < 2.5 - Remote Code Execution via Long idCount in ICONDIR Structure
Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary code via a long idCount value in an ICONDIR structure in an ICO file. NOTE: some of these details are obtained from third party information.
by Metasploit