Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-6937 EXPLOITDB python VERIFIED
VideoCharge Watermark Master 2.2.23 - Remote Code Execution via Long Name Attribute in .wstyle File
Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the name attribute of the cols element in a .wstyle file.
by Mike Czumak
CVE-2008-2286 EXPLOITDB ruby VERIFIED
Symantec Altiris Deployment Solution 6.8.x-6.9.x - SQL Injection via Notification Packet String Fields
SQL injection vulnerability in axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows remote attackers to execute arbitrary SQL commands via unspecified string fields in a notification packet.
by Metasploit
CVE-2013-6873 EXPLOITDB text VERIFIED
Testa Online Test Management System 2.0.0.2 - SQL Injection via test_id Parameter
SQL injection vulnerability in Testa Online Test Management System (OTMS) 2.0.0.2 allows remote attackers to execute arbitrary SQL commands via the test_id parameter.
by Ashiyane Digital Security Team
CVE-2014-1990 EXPLOITDB text
TOSHIBA TEC e-Studio 232, 233, 282, and 283 - Cross-Site Request Forgery in TopAccess
Cross-site request forgery (CSRF) vulnerability in TopAccess (aka the web-based management utility) on TOSHIBA TEC e-Studio 232, 233, 282, and 283 devices allows remote attackers to hijack the authentication of administrators for requests that change passwords.
by Hubert Gradek
EIP-2026-118060 EXPLOITDB ruby VERIFIED
VideoSpirit Pro 1.90 - Local Buffer Overflow (SEH)
by metacom
EIP-2026-118059 EXPLOITDB ruby VERIFIED
VideoSpirit Lite 1.77 - Local Buffer Overflow (SEH)
by metacom
CVE-2013-7409 EXPLOITDB perl
ALLPlayer 5.6.2-5.8.1 - Buffer Overflow via .m3u Playlist File
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .m3u (playlist) file.
by Mike Czumak
EIP-2026-116105 EXPLOITDB ruby VERIFIED
Provj 5.1.5.8 - 'm3u' Buffer Overflow (PoC)
by Necmettin COSKUN
EIP-2026-115379 EXPLOITDB ruby VERIFIED
Hanso Converter 2.4.0 - 'ogg' Buffer Overflow (Denial of Service)
by Necmettin COSKUN
CVE-2013-6618 EXPLOITDB text
Juniper Junos Authenticated RCE via J-Web PHP rsargs Parameter
jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action.
by Sense of Security
EIP-2026-114331 EXPLOITDB text
WordPress Theme Highlight Premium - Cross-Site Request Forgery / Arbitrary File Upload
by DevilScreaM
CVE-2013-4468 EXPLOITDB ruby VERIFIED
VICIDIAL dialer <2.8-403a, 2.7, 2.7RC1 - Command Injection
VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in the extension parameter in an OriginateVDRelogin action to manager_send.php.
by Metasploit
CVE-2013-4467 EXPLOITDB ruby VERIFIED
VICIDIAL < 2.7 - SQL Injection via Campaign Variable in SCRIPT_multirecording_AJAX.php
Multiple SQL injection vulnerabilities in the agent interface (agc/) in VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allow (1) remote attackers to execute arbitrary SQL commands via the campaign variable in SCRIPT_multirecording_AJAX.php, (2) remote authenticated users to execute arbitrary SQL commands via the server_ip parameter to manager_send.php, or (3) other unspecified vectors. NOTE: some of these details are obtained from third party information.
by Metasploit
CVE-2013-3528 EXPLOITDB text VERIFIED
Vanilla Forums <2.0.18.8 - Code Injection
Unspecified vulnerability in the update check in Vanilla Forums before 2.0.18.8 has unspecified impact and remote attack vectors, related to "object injection."
by EgiX
CVE-2013-6164 EXPLOITDB text
projeqtor 3.4.0 - SQL Injection via objectId Parameter
SQL injection vulnerability in view/objectDetail.php in Project'Or RIA 3.4.0 allows remote attackers to execute arbitrary SQL commands via the objectId parameter.
by Vicente Aguilera Diaz
CVE-2013-6364 EXPLOITDB HIGH text VERIFIED
Horde Groupware Webmail Edition - Cross-Site Request Forgery and Cross-Site Scripting in Saved Search
Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book
by Marcela Benetrix
CVSS 8.8
EIP-2026-107141 EXPLOITDB perl
Flatpress 1.0 - Remote Code Execution
by Wireghoul
CVE-2013-6058 EXPLOITDB text
appRain CMF < 3.0.2 - SQL Injection via PATH_INFO to blog-by-cat/
SQL injection vulnerability in appRain CMF 3.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to blog-by-cat/.
by High-Tech Bridge SA
CVE-2013-7382 EXPLOITDB ruby VERIFIED
VICIDIAL dialer <2.8-403a, 2.7, 2.7RC1 - Info Disclosure
VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier has a hardcoded password of donotedit for the (1) VDAD and (2) VDCL users, which makes it easier for remote attackers to obtain access.
by Metasploit
CVE-2013-4985 EXPLOITDB HIGH text VERIFIED
Vivotek IP7160 IP7361 IP8332 Firmware - Unauthenticated RTSP Authentication Bypass
Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream
by Core Security
CVSS 7.5
CVE-2013-5220 EXPLOITDB text
HOT HOTBOX Router Firmware 2.1.11 - Denial of Service via Crafted HTTP POST Data
goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial of service (device crash) via crafted HTTP POST data.
by Oz Elisyan
EIP-2026-100516 EXPLOITDB text VERIFIED
RASPcalendar 1.01 (ASP) - Admin Login
by Hackeri-AL UAH-Crew
EIP-2026-114335 EXPLOITDB php VERIFIED
WordPress Theme Kernel - Arbitrary File Upload
by link_satisi
EIP-2026-109449 EXPLOITDB text
Microweber 0.905 - Error-Based SQL Injection
by Zy0d0x
CVE-2013-7280 EXPLOITDB ruby VERIFIED
HansoTools Hanso Player <2.5.0 - Buffer Overflow
Buffer overflow in HansoTools Hanso Player 2.1.0, 2.5.0, and earlier allows remote attackers to cause a denial of service (crash) via a long string in a .m3u file.
by Necmettin COSKUN