Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-5447 EXPLOITDB ruby VERIFIED
IBM Forms Viewer <4.0.0.3, <8.0.1.1 - Buffer Overflow
Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary code via an XFDL form with a long fontname value.
by Metasploit
EIP-2026-116942 EXPLOITDB python VERIFIED
CCProxy 7.3 - Integer Overflow
by Mr.XHat
EIP-2026-109455 EXPLOITDB text VERIFIED
Middle School Homework Page 1.3 Beta 1 - Multiple Vulnerabilities
by AtT4CKxT3rR0r1ST
EIP-2026-108248 EXPLOITDB text VERIFIED
Joomla! Component com_aclsfgpl - 'index.php' Arbitrary File Upload
by TUNISIAN CYBER
EIP-2026-106576 EXPLOITDB text VERIFIED
Dredge School Administration System - '/DSM/loader.php?Id' SQL Injection
by AtT4CKxT3rR0r1ST
EIP-2026-106575 EXPLOITDB html VERIFIED
Dredge School Administration System - '/DSM/loader.php' Cross-Site Request Forgery (Admin Account Manipulation)
by AtT4CKxT3rR0r1ST
EIP-2026-106574 EXPLOITDB text VERIFIED
Dredge School Administration System - '/DSM/loader.php' Account Information Disclosure
by AtT4CKxT3rR0r1ST
EIP-2026-106573 EXPLOITDB text VERIFIED
Dredge School Administration System - '/DSM/Backup/processbackup.php' Database Backup Information Disclosure
by AtT4CKxT3rR0r1ST
CVE-2014-1619 EXPLOITDB text
Cubic CMS 5.1.1-5.2 - SQL Injection via Resource ID, Version ID, Login, or Pass Parameter
Multiple SQL injection vulnerabilities in Cubic CMS 5.1.1, 5.1.2, and 5.2 allow remote attackers to execute arbitrary SQL commands via the (1) resource_id or (2) version_id parameter to recursos/agent.php or (3) login or (4) pass parameter to login.usuario.
by Eugenio Delfa
CVE-2014-1636 EXPLOITDB text VERIFIED
Command School Student Management System 1.06.01 - SQL Injection
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
by AtT4CKxT3rR0r1ST
CVE-2014-1637 EXPLOITDB text VERIFIED
Command School Student Management System <1.06.01 - Info Disclosure
Command School Student Management System 1.06.01 does not properly restrict access to sw/backup/backup_ray2.php, which allows remote attackers to download a database backup via a direct request.
by AtT4CKxT3rR0r1ST
CVE-2014-1636 EXPLOITDB text VERIFIED
Command School Student Management System 1.06.01 - SQL Injection
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
by AtT4CKxT3rR0r1ST
CVE-2014-1636 EXPLOITDB text VERIFIED
Command School Student Management System 1.06.01 - SQL Injection
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
by AtT4CKxT3rR0r1ST
CVE-2014-1636 EXPLOITDB text VERIFIED
Command School Student Management System 1.06.01 - SQL Injection
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
by AtT4CKxT3rR0r1ST
CVE-2014-1636 EXPLOITDB text VERIFIED
Command School Student Management System 1.06.01 - SQL Injection
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
by AtT4CKxT3rR0r1ST
CVE-2014-1636 EXPLOITDB text VERIFIED
Command School Student Management System 1.06.01 - SQL Injection
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
by AtT4CKxT3rR0r1ST
CVE-2014-1636 EXPLOITDB text VERIFIED
Command School Student Management System 1.06.01 - SQL Injection
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
by AtT4CKxT3rR0r1ST
CVE-2014-1636 EXPLOITDB text VERIFIED
Command School Student Management System 1.06.01 - SQL Injection
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
by AtT4CKxT3rR0r1ST
CVE-2014-1636 EXPLOITDB text VERIFIED
Command School Student Management System 1.06.01 - SQL Injection
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
by AtT4CKxT3rR0r1ST
CVE-2014-1636 EXPLOITDB text VERIFIED
Command School Student Management System 1.06.01 - SQL Injection
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
by AtT4CKxT3rR0r1ST
CVE-2014-1636 EXPLOITDB text VERIFIED
Command School Student Management System 1.06.01 - SQL Injection
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
by AtT4CKxT3rR0r1ST
CVE-2014-1636 EXPLOITDB text VERIFIED
Command School Student Management System 1.06.01 - SQL Injection
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
by AtT4CKxT3rR0r1ST
CVE-2014-1915 EXPLOITDB html VERIFIED
Command School Student Management System 1.06.01 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to hijack the authentication of (1) administrators for requests that change the administrator password via an update action to sw/admin_change_password.php or (2) unspecified victims for requests that add a topic or blog entry to sw/add_topic.php. NOTE: vector 2 can be leveraged to bypass the authentication requirements for exploiting vector 1 in CVE-2014-1914.
by AtT4CKxT3rR0r1ST
CVE-2014-1915 EXPLOITDB html VERIFIED
Command School Student Management System 1.06.01 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to hijack the authentication of (1) administrators for requests that change the administrator password via an update action to sw/admin_change_password.php or (2) unspecified victims for requests that add a topic or blog entry to sw/add_topic.php. NOTE: vector 2 can be leveraged to bypass the authentication requirements for exploiting vector 1 in CVE-2014-1914.
by AtT4CKxT3rR0r1ST
CVE-2013-3214 EXPLOITDB CRITICAL ruby VERIFIED
vtiger CRM < 5.4.0 - PHP Code Injection via vtigerolservice.php
vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'.
by Metasploit
CVSS 9.8