Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-3827 EXPLOITDB text VERIFIED
Oracle GlassFish Server <12.1.2 - Info Disclosure
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container.
by Alex Kouzemtchenko
EIP-2026-103272 EXPLOITDB text
DornCMS Application 1.4 - Multiple Web Vulnerabilities
by Vulnerability-Lab
EIP-2026-102302 EXPLOITDB text
UbiDisk File Manager 2.0 iOS - Multiple Web Vulnerabilities
by Vulnerability-Lab
EIP-2026-102265 EXPLOITDB text
OliveOffice Mobile Suite 2.0.3 iOS - Local File Inclusion
by Vulnerability-Lab
EIP-2026-102259 EXPLOITDB text
My File Explorer 1.3.1 iOS - Multiple Web Vulnerabilities
by Vulnerability-Lab
CVE-2013-5147 EXPLOITDB text
iPhone OS < 6.1.4 - Passcode Lock Bypass via Race Condition
Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card.
by Vulnerability-Lab
EIP-2026-101341 EXPLOITDB python VERIFIED
Level One Enterprise Access Point (Multiple Devices) - 'backupCfg.cgi' Security Bypass
by Richard Weinberger
CVE-2013-5977 EXPLOITDB text VERIFIED
Cart66 Lite Plugin < 1.5.1.15 - Cross-Site Request Forgery
Cross-site request forgery (CSRF) vulnerability in Cart66Product.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allows remote attackers to hijack the authentication of administrators for requests that (1) create or modify products or conduct cross-site scripting (XSS) attacks via the (2) Product name or (3) Price description field in a product save action via a request to wp-admin/admin.php.
by absane
EIP-2026-117338 EXPLOITDB python VERIFIED
Internet Haut Debit Mobile PCW_MATMARV1.0.0B03 - Local Buffer Overflow (SEH)
by metacom
CVE-2013-5978 EXPLOITDB MEDIUM text VERIFIED
Cart66 Lite Plugin < 1.5.1.14 - Cross-Site Scripting via Product Name or Price Description
Multiple cross-site scripting (XSS) vulnerabilities in products.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) Product name or (2) Price description fields via a request to wp-admin/admin.php. NOTE: This issue may only cross privilege boundaries if used in combination with CVE-2013-5977.
by absane
CVSS 6.1
EIP-2026-112428 EXPLOITDB text VERIFIED
StatusNet/Laconica 0.7.4/0.8.2/0.9.0beta3 - Arbitrary File Reading
by spiderboy
EIP-2026-105168 EXPLOITDB python
aMSN 0.98.9 Web App - Multiple Vulnerabilities
by drone
CVE-2013-6366 EXPLOITDB ruby VERIFIED
VMware Hyperic HQ 4.6.6 - Authenticated Remote Code Execution via Groovy Script Console
The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote authenticated administrators to execute arbitrary code via a Runtime.getRuntime().exec call.
by Metasploit
CVE-2013-6027 EXPLOITDB python VERIFIED
D-Link DIR-100 - Authenticated Stack-Based Buffer Overflow via Ping Diagnostic Parameter
Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/runtime/diagnostic/pingIp parameter to Tools/tools_misc.xgi.
by Craig Heffner
CVE-2011-3918 EXPLOITDB text
Android < 4.0.3 - Denial of Service via Zygote Process Fork Request
The Zygote process in Android 4.0.3 and earlier accepts fork requests from processes with arbitrary UIDs, which allows remote attackers to cause a denial of service (reboot loop) via a crafted application.
by Luca Verderame
CVE-2013-6129 EXPLOITDB perl VERIFIED
vBulletin 4.1 and 5 - Unauthenticated Administrative Account Creation via install/upgrade.php
The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid, htmldata[password], htmldata[confirmpassword], and htmldata[email] parameters, as exploited in the wild in October 2013.
by Joshua Rogers
CVE-2013-6826 EXPLOITDB html VERIFIED
FortiAnalyzer < 5.0.5 - Cross-Site Request Forgery via csrf_token Parameter
cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks.
by William Costa
EIP-2026-105476 EXPLOITDB text VERIFIED
Bilboplanet - 'auth.php' SQL Injection
by Omar Kurt
CVE-2013-4034 EXPLOITDB xml VERIFIED
IBM Cognos Business Intelligence 8.4.1-10.2.1.1 - Authenticated XML External Entity Injection
IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
by IBM
EIP-2026-118684 EXPLOITDB html
Indusoft Thin Client 7.1 - ActiveX Buffer Overflow
by blake
CVE-2013-7409 EXPLOITDB text
ALLPlayer 5.6.2-5.8.1 - Buffer Overflow via .m3u Playlist File
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .m3u (playlist) file.
by metacom
EIP-2026-114630 EXPLOITDB text VERIFIED
Ziteman CMS - Login Page SQL Injection
by Ashiyane Digital Security Team
EIP-2026-104282 EXPLOITDB text
Imperva SecureSphere Web Application Firewall MX 9.5.6 - Blind SQL Injection
by Giuseppe D'Amore
EIP-2026-101062 EXPLOITDB python
ONO Hitron CDE-30364 Router - Denial of Service
by Matias Mingorance Svensson
CVE-2013-1743 EXPLOITDB text VERIFIED
Bugzilla 4.1.x-4.2.x < 4.2.7 and 4.3.x-4.4.x < 4.4.1 - Cross-Site Scripting via Tabular Report Field Values
Multiple cross-site scripting (XSS) vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the (1) summary or (2) real name field. NOTE: this issue exists because of an incomplete fix for CVE-2012-4189.
by Mateusz Goik