Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-6874 EXPLOITDB perl VERIFIED
Light Alloy < 4.7.3 - Remote Code Execution via Long URL in .m3u File
Stack-based buffer overflow in Vortex Light Alloy before 4.7.4 allows remote attackers to execute arbitrary code via a long URL in a .m3u file.
by Mike Czumak
CVE-2013-5912 EXPLOITDB text VERIFIED
Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 - Remote Code Execution via VhttpdMgr
VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 build 2995 allows remote attackers to execute arbitrary code via a URL in the fileName parameter during an importFile action.
by Eduardo Gonzalez
EIP-2026-114351 EXPLOITDB php VERIFIED
WordPress Theme Suco - 'themify-ajax.php' Arbitrary File Upload
by DevilScreaM
EIP-2026-110874 EXPLOITDB text
PHP-Nuke 8.2.4 - Multiple Vulnerabilities
by Sojobo dev team
CVE-2013-6831 EXPLOITDB text VERIFIED
PineApp Mail-SeCure 3.70 and earlier on 5099SK - Privilege Escalation via Sudoers Misconfiguration
PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms has a sudoers file that does not properly restrict user specifications, which allows local users to gain privileges via a sudo command that leverages access to the qmailq account.
by Ruben Garrote García
EIP-2026-115495 EXPLOITDB text
JPEGView 1.0.29 - Crash (PoC)
by Debasish Mandal
EIP-2026-104079 EXPLOITDB text VERIFIED
SKIDATA Freemotion.Gate - Web Services Multiple Command Execution Vulnerabilities
by Dennis Kelly
CVE-2013-4547 EXPLOITDB text VERIFIED
nginx 0.8.41-1.4.3 and 1.5.x < 1.5.7 - URI Restriction Bypass via Unescaped Space Character
nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.
by Ivan Fratric
CVE-2013-6796 EXPLOITDB text VERIFIED
DeepOfix < 3.3 - Unauthenticated Authentication Bypass via Empty Password
The SMTP server in DeepOfix 3.3 and earlier allows remote attackers to bypass authentication via an empty password, which triggers an LDAP anonymous bind.
by Gerardo Vazquez_ Eduardo Arriols
CVE-2013-5030 EXPLOITDB text
Ruckus Wireless Zoneflex 2942 <9.6.0.0.267 - Auth Bypass
Ruckus Wireless Zoneflex 2942 devices with firmware 9.6.0.0.267 allow remote attackers to bypass authentication, and subsequently access certain configuration/ and maintenance/ scripts, by constructing a crafted URI after receiving an authentication error for an arbitrary login attempt.
by myexploit
CVE-2013-10034 EXPLOITDB CRITICAL text
Kaseya KServer <6.3.0.2 - File Upload
An unrestricted file upload vulnerability exists in Kaseya KServer versions prior to 6.3.0.2. The uploadImage.asp endpoint allows unauthenticated users to upload files to arbitrary paths via a crafted filename parameter in a multipart/form-data POST request. Due to the lack of authentication and input sanitation, an attacker can upload a file with an .asp extension to a web-accessible directory, which can then be invoked to execute arbitrary code with the privileges of the IUSR account. The vulnerability enables remote code execution without prior authentication and was resolved in version 6.3.0.2 by removing the vulnerable uploadImage.asp endpoint.
by Security-Assessment.com
EIP-2026-114341 EXPLOITDB text
WordPress Theme Make A Statement (MaS) - Cross-Site Request Forgery
by DevilScreaM
EIP-2026-114326 EXPLOITDB text
WordPress Theme Euclid 1.x - Cross-Site Request Forgery
by DevilScreaM
EIP-2026-114323 EXPLOITDB text
WordPress Theme Dimension - Cross-Site Request Forgery
by DevilScreaM
EIP-2026-114304 EXPLOITDB text
WordPress Theme Amplus - Cross-Site Request Forgery
by DevilScreaM
EIP-2026-112743 EXPLOITDB text VERIFIED
TomatoCart 1.1.8.2 - 'class' Local File Inclusion
by Esac
CVE-2013-6225 EXPLOITDB CRITICAL text
LiveZilla 5.0.1.4 - Remote Code Execution via Path Traversal
LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability
by Curesec Research Team
CVSS 9.8
CVE-2014-5007 EXPLOITDB CRITICAL text
ManageEngine Desktop Central 7.0-9.0 - Path Traversal & Arbitrary File Write via AgentLogUploader
Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. (dot dot) in the filename parameter.
by Security-Assessment.com
CVSS 9.8
CVE-2013-6117 EXPLOITDB text
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 - Unauthenticated Authentication Bypass via TCP Port 37777
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.
by Jake Reynolds
CVE-2013-3623 EXPLOITDB ruby VERIFIED
Supermicro Onboard IPMI CGI Vulnerability Scanner
Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allow remote attackers to execute arbitrary code via the (1) sess_sid or (2) ACT parameter.
by Metasploit
EIP-2026-109150 EXPLOITDB php VERIFIED
Limonade Framework - 'limonade.php' Local File Disclosure
by Yashar shahinzadeh
EIP-2026-102243 EXPLOITDB text
Google Gmail IOS Mobile Application - Persistent Cross-Site Scripting
by Ali Raza
EIP-2026-115082 EXPLOITDB python VERIFIED
CoolPlayer+ Portable 2.19.4 - Local Buffer Overflow
by Mike Czumak
EIP-2026-102112 EXPLOITDB text
WBR-3406 Wireless Broadband NAT Router - Web-Console Password Change Bypass / Cross-Site Request Forgery
by Yakir Wizman
EIP-2026-101342 EXPLOITDB html VERIFIED
LevelOne WBR-3406TX Router - Cross-Site Request Forgery
by Yakir Wizman