Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2011-1566 EXPLOITDB ruby VERIFIED
7-Technologies IGSS <9.00.00.11059 - Path Traversal
Directory traversal vulnerability in dc.exe 9.00.00.11059 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to execute arbitrary programs via ..\ (dot dot backslash) sequences in opcodes (1) 0xa and (2) 0x17 to TCP port 12397.
by Metasploit
CVE-2013-4822 EXPLOITDB ruby VERIFIED
HP IMC and IMC Branch Intelligent Management System Software Module - Remote Code Execution
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1606.
by Metasploit
EIP-2026-116863 EXPLOITDB text VERIFIED
Avira Internet Security - 'avipbb.sys' Filter Bypass / Privilege Escalation
by Ahmad Moghimi
EIP-2026-101527 EXPLOITDB ruby
ARRIS DG860A - NVRAM Backup Password Disclosure
by Justin Oberdorf
EIP-2026-106192 EXPLOITDB text VERIFIED
Course Registration Management System - Cross-Site Scripting / SQL Injection
by Omar Kurt
CVE-2013-4295 EXPLOITDB text VERIFIED
Apache Shindig 2.5.0-beta1-2.5.0 - XML External Entity Injection in Gadget Renderer
The gadget renderer in Apache Shindig 2.5.0 for PHP allows remote attackers to obtain sensitive information via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
by Kousuke Ebihara
CVE-2011-4275 EXPLOITDB text VERIFIED
iTop 1.1.181 and 1.2.0-RC-282 - Cross-Site Scripting via Multiple Input Vectors
Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted company name, (2) a crafted database server name, (3) a crafted CSV file, (4) a crafted copy-and-paste action, (5) the auth_user parameter in a suggest_pwd action to UI.php, (6) the c[menu] parameter to UniversalSearch.php, (7) the description parameter in a SearchFormToAdd_document_list action to UI.php, (8) the category parameter in an errors action to audit.php, or (9) the suggest_pwd parameter to UI.php.
by Halim Cruzito
EIP-2026-108780 EXPLOITDB php VERIFIED
Joomla! Component Maian15 - 'name' Arbitrary File Upload
by SultanHaikal
EIP-2026-114307 EXPLOITDB text VERIFIED
WordPress Theme Area53 - Arbitrary File Upload
by Byakuya Kouta
EIP-2026-113414 EXPLOITDB text
WHMCompleteSolution (WHMCS) 5.2.8 - SQL Injection
by g00n
EIP-2026-119138 EXPLOITDB ruby
SikaBoom - Remote Buffer Overflow (Metasploit)
by Asesino04
EIP-2026-104758 EXPLOITDB php VERIFIED
PHP Point Of Sale - 'ofc_upload_image.php' Remote Code Execution
by Gabby
EIP-2026-104234 EXPLOITDB text
Elite Graphix ElitCMS 1.01 / PRO - Multiple Web Vulnerabilities
by Vulnerability-Lab
EIP-2026-114627 EXPLOITDB text
Zikula CMS 1.3.5 - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-114000 EXPLOITDB text VERIFIED
WordPress Plugin Realty - Blind SQL Injection
by Napsterakos
EIP-2026-113993 EXPLOITDB text VERIFIED
WordPress Plugin Quick Paypal Payments 3.0 - Presistant Cross-Site Scripting
by Zy0d0x
EIP-2026-113466 EXPLOITDB text
Woltlab Burning Board Regenbogenwiese 2007 Addon - SQL Injection
by Easy Laster
EIP-2026-113379 EXPLOITDB text VERIFIED
WebTester 5.x - Multiple Vulnerabilities
by X-Cisadane
CVE-2013-10036 EXPLOITDB HIGH python VERIFIED
Beetel Connection Manager PCW_BTLINDV1.0.0B04 - Buffer Overflow
A stack-based buffer overflow vulnerability exists in Beetel Connection Manager version PCW_BTLINDV1.0.0B04 when parsing the UserName parameter in the NetConfig.ini configuration file. A crafted .ini file containing an overly long UserName value can overwrite the Structured Exception Handler (SEH), leading to arbitrary code execution when the application processes the file.
by metacom
CVE-2013-3897 EXPLOITDB HIGH ruby VERIFIED
Internet Explorer 6-11 - Remote Code Execution via CDisplayPointer Use-After-Free
Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JavaScript code that uses the onpropertychange event handler, as exploited in the wild in September and October 2013, aka "Internet Explorer Memory Corruption Vulnerability."
by Metasploit
CVSS 8.8
CVE-2013-2333 EXPLOITDB ruby VERIFIED
HP Storage Data Protector <7.01 - RCE
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1680.
by Metasploit
EIP-2026-118247 EXPLOITDB html
Aladdin Knowledge Systems Ltd. PrivAgent - ActiveX Control Overflow
by blake
CVE-2013-5743 EXPLOITDB CRITICAL ruby
Zabbix 1.8-1.8.17 - SQL Injection
Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.
by Jason Kratzer
CVSS 9.8
EIP-2026-113681 EXPLOITDB text
WordPress Plugin Dexs PM System - (Authenticated) Persistent Cross-Site Scripting
by TheXero
EIP-2026-106524 EXPLOITDB python
Dolibarr ERP/CRM 3.4.0 - 'exportcsv.php?sondage' SQL Injection
by drone