Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-102754 EXPLOITDB python
Uptime Agent 5.0.1 - Stack Overflow
by Denis Andzakovic
EIP-2026-102351 EXPLOITDB text
Ametys CMS 3.5.2 - 'lang' XPath Injection
by LiquidWorm
EIP-2026-102061 EXPLOITDB text
TP-Link TD-8840t - Cross-Site Request Forgery
by mohammed al-saggaf
CVE-2013-7043 EXPLOITDB text
Cisco Scientific Atlanta DPR2320R2 Firmware 2.0.2r1262-090417 - Cross-Site Request Forgery via Multiple Endpoints
Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Scientific Atlanta DPR2320R2 routers with software 2.0.2r1262-090417 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via the Password parameter to goform/RgSecurity; (2) reboot the device via the Restart parameter to goform/restart; (3) modify Wi-Fi settings, as demonstrated by the WpaPreSharedKey parameter to goform/wlanSecurity; or (4) modify parental controls via the ParentalPassword parameter to goform/RgParentalBasic.
by sajith
EIP-2026-101101 EXPLOITDB python
TP-Link TL-WR740N / TL-WR740ND 150M Wireless Lite N Router - HTTP Denial of Service
by Dino Causevic
CVE-2013-0640 EXPLOITDB HIGH text VERIFIED
Adobe Reader/Acrobat <9.5.4-10.1.6-11.0.02 - RCE
Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, as exploited in the wild in February 2013.
by w3bd3vil & abh1sek
CVSS 7.8
CVE-2013-0074 EXPLOITDB HIGH ruby VERIFIED
Microsoft Silverlight <5.1.20125.0 - RCE
Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability."
by Metasploit
CVSS 7.8
CVE-2013-3918 EXPLOITDB HIGH ruby VERIFIED
Microsoft Windows - Remote Code Execution via InformationCardSigninHelper ActiveX Control
The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted web page that is accessed by Internet Explorer, as exploited in the wild in November 2013, aka "InformationCardSigninHelper Vulnerability."
by Metasploit
CVSS 8.8
EIP-2026-110451 EXPLOITDB text
Palo Alto Networks Pan-OS 5.0.8 - Multiple Vulnerabilities
by Thomas Pollet
CVE-2013-4212 EXPLOITDB ruby VERIFIED
Apache Roller < 5.0.2 - Remote Code Execution via OGNL Injection in getText Methods
Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated by the pageTitle parameter in the !getPageTitle sub-URL to roller-ui/login.rol, which uses a subclass of UIAction, aka "OGNL Injection."
by Metasploit
EIP-2026-113701 EXPLOITDB text VERIFIED
WordPress Plugin dzs-videogallery - Arbitrary File Upload
by link_satisi
CVE-2014-5007 EXPLOITDB CRITICAL ruby VERIFIED
ManageEngine Desktop Central 7.0-9.0 - Path Traversal & Arbitrary File Write via AgentLogUploader
Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. (dot dot) in the filename parameter.
by Metasploit
CVSS 9.8
EIP-2026-116334 EXPLOITDB perl VERIFIED
Static HTTP Server 1.0 - Denial of Service
by GalaxyAndroid
EIP-2026-102077 EXPLOITDB text
TP-Link WR740N/WR740ND - Multiple Cross-Site Request Forgery Vulnerabilities
by Samandeep Singh
CVE-2013-2751 EXPLOITDB ruby VERIFIED
NETGEAR ReadyNAS <4.1.12 & <4.2.24 - Code Injection
Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow."
by Metasploit
EIP-2026-118021 EXPLOITDB perl VERIFIED
Total Video Player 1.3.1 - 'Settings.ini' Local Buffer Overflow (SEH)
by Mike Czumak
CVE-2013-7409 EXPLOITDB perl
ALLPlayer 5.6.2-5.8.1 - Buffer Overflow via .m3u Playlist File
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .m3u (playlist) file.
by Mike Czumak
CVE-2013-6936 EXPLOITDB text VERIFIED
MyBB Ajax forum stat Plugin 2.0 - SQL Injection via tooltip or usertooltip Parameter
Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter.
by IeDb ir
EIP-2026-101918 EXPLOITDB perl
Pirelli Discus DRG A125g - Remote Change WiFi Password
by Sebastián Magof
EIP-2026-101917 EXPLOITDB text
Pirelli Discus DRG A125g - Remote Change SSID Value
by Sebastián Magof
EIP-2026-101915 EXPLOITDB perl
Pirelli Discus DRG A125g - Local Password Disclosure
by Sebastián Magof
EIP-2026-115002 EXPLOITDB perl VERIFIED
Boilsoft RM TO MP3 Converter 1.72 - '.wav' Crash (PoC)
by Akin Tosunlar
CVE-2013-6797 EXPLOITDB html VERIFIED
Blue Wrench Video Widget < 2.0.0 - Cross-Site Request Forgery via bw_url Parameter
Cross-site request forgery (CSRF) vulnerability in bluewrench-video-widget.php in the Blue Wrench Video Widget plugin before 2.0.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that embed arbitrary URLs via the bw_url parameter in the bw-videos page to wp-admin/admin.php, as demonstrated by embedding a URL to a JavaScript file.
by Haider Mahmood
EIP-2026-109141 EXPLOITDB text
LimeSurvey 2.00+ (build 131107) - Multiple Vulnerabilities
by LiquidWorm
EIP-2026-107816 EXPLOITDB text VERIFIED
ImpressPages CMS 3.8 - Persistent Cross-Site Scripting
by sajith