Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-0632 EXPLOITDB CRITICAL ruby VERIFIED
Adobe ColdFusion 9.0-9.0.2, 10 - Unauthenticated Authentication Bypass and Remote Code Execution via RDS Component
administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in January 2013.
by Metasploit
CVSS 9.8
CVE-2013-6492 EXPLOITDB text VERIFIED
Piranha Configuration Tool 0.8.6 - Unauthenticated Configuration Access via HTTP POST Request
The Piranha Configuration Tool in Piranha 0.8.6 does not properly restrict access to webpages, which allows remote attackers to bypass authentication and read or modify the LVS configuration via an HTTP POST request.
by Andreas Schiermeier
EIP-2026-102277 EXPLOITDB text
Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-111324 EXPLOITDB text VERIFIED
PlaySms 0.9.9.2 - Cross-Site Request Forgery
by Saadi Siddiqui
EIP-2026-103763 EXPLOITDB text
Air Gallery 1.0 Air Photo Browser - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2013-4579 EXPLOITDB python VERIFIED
Linux kernel < 3.12 - Info Disclosure
The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations.
by Mathy Vanhoef
EIP-2026-110350 EXPLOITDB php VERIFIED
osCMax - Arbitrary File Upload / Full Path Information Disclosure
by KedAns-Dz
EIP-2026-100771 EXPLOITDB text VERIFIED
CGILua 3.0 - SQL Injection
by aceeeeeeeer .
EIP-2026-113955 EXPLOITDB php VERIFIED
WordPress Plugin PhotoSmash Galleries - 'bwbps-uploader.php' Arbitrary File Upload
by Ashiyane Digital Security Team
CVE-2013-7319 EXPLOITDB text VERIFIED
WordPress Download Mgr <2.5.9 - XSS
Cross-site scripting (XSS) vulnerability in the Download Manager plugin before 2.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title field.
by Jeroen - IT Nerdbox
EIP-2026-110417 EXPLOITDB text VERIFIED
Ovidentia 7.9.6 - Multiple Vulnerabilities
by sajith
EIP-2026-102286 EXPLOITDB text
Print n Share 5.5 iOS - Multiple Web Vulnerabilities
by Vulnerability-Lab
EIP-2026-102229 EXPLOITDB text
Feetan Inc WireShare 1.9.1 iOS - Persistent
by Vulnerability-Lab
EIP-2026-118278 EXPLOITDB text VERIFIED
Apple Safari For Windows - PhishingAlert Security Bypass
by Jackmasa
EIP-2026-113945 EXPLOITDB php
WordPress Plugin page-flip-image-gallery - Arbitrary File Upload
by Ashiyane Digital Security Team
EIP-2026-113706 EXPLOITDB text VERIFIED
WordPress Plugin Easy Career Openings - 'jobid' SQL Injection
by Iranian_Dark_Coders_Team
EIP-2026-113699 EXPLOITDB text VERIFIED
WordPress Plugin DZS Video Gallery 3.1.3 - Remote File Disclosure / Local File Disclosure
by aceeeeeeeer .
EIP-2026-109856 EXPLOITDB text VERIFIED
NeoBill 0.9-alpha - 'language' Local File Inclusion
by KedAns-Dz
EIP-2026-109855 EXPLOITDB php VERIFIED
NeoBill - '/modules/nullregistrar/PHPwhois/example.php?query' Remote Code Execution
by KedAns-Dz
EIP-2026-109854 EXPLOITDB php VERIFIED
NeoBill - '/install/include/solidstate.php' Multiple SQL Injections
by KedAns-Dz
CVE-2013-6985 EXPLOITDB text VERIFIED
Enorth Webpublisher CMS < 5.0 - SQL Injection via thisday Parameter
SQL injection vulnerability in m_worklog/log_searchday.jsp in Enorth Webpublisher CMS, possibly 5.0 and earlier, allows remote attackers to execute arbitrary SQL commands via the thisday parameter.
by xin.wang
EIP-2026-106740 EXPLOITDB python
Eaton Network Shutdown Module 3.21 - Remote PHP Code Injection
by Filip Waeytens
EIP-2026-105612 EXPLOITDB text
BoxBilling 3.6.11 - 'mod_notification' Persistent Cross-Site Scripting
by LiquidWorm
CVE-2013-7091 EXPLOITDB text VERIFIED
Zimbra 7.2.2-8.0.2 - Path Traversal
Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. NOTE: this can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API.
by rubina119
CVE-2013-5945 EXPLOITDB CRITICAL python
D-Link DSR Series Firmware - SQL Injection via Login Password Parameter
Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua.
by 0_o
CVSS 9.8