Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-5967 EXPLOITDB text VERIFIED
AlienVault OSSIM < 4.3 - SQL Injection via RadarReport Date Parameter
Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the date_from parameter to (1) radar-iso27001-potential.php, (2) radar-iso27001-A12IS_acquisition-pot.php, (3) radar-iso27001-A11AccessControl-pot.php, (4) radar-iso27001-A10Com_OP_Mgnt-pot.php, or (5) radar-pci-potential.php in RadarReport/.
by Yu-Chi Ding
EIP-2026-103465 EXPLOITDB text VERIFIED
Evince PDF Reader 2.32.0.145 (Windows) / 3.4.0 (Linux) - Denial of Service
by Deva
CVE-2013-4987 EXPLOITDB text VERIFIED
PineApp Mail-SeCure <3.70 - Privilege Escalation
PineApp Mail-SeCure before 3.70 allows remote authenticated users to gain privileges by leveraging console access and providing shell metacharacters in a "system ping" command.
by Core Security
CVE-2013-5680 EXPLOITDB text VERIFIED
HylaFAX+ 5.2.4-5.5.3 - Heap-Based Buffer Overflow via Long USER Command
Heap-based buffer overflow in hfaxd in HylaFAX+ 5.2.4 through 5.5.3, when using LDAP authentication, might allow remote attackers to cause a denial of service (child hang) or execute arbitrary code via a long USER command.
by Dennis Jenkins
EIP-2026-115521 EXPLOITDB python VERIFIED
KMPlayer 3.7.0.109 - '.wav' Crash (PoC)
by xboz
CVE-2013-2586 EXPLOITDB text
XAMPP 1.8.1 - Cross-Site Scripting via WriteIntoLocalDisk Method
XAMPP 1.8.1 does not properly restrict access to xampp/lang.php, which allows remote attackers to modify xampp/lang.tmp and execute cross-site scripting (XSS) attacks via the WriteIntoLocalDisk method.
by Manuel García Cárdenas
CVE-2013-5748 EXPLOITDB text
simplerisk < 20130916-001 - Cross-Site Request Forgery via add_project Action
Cross-site request forgery (CSRF) vulnerability in management/prioritize_planning.php in SimpleRisk before 20130916-001 allows remote attackers to hijack the authentication of users for requests that add projects via an add_project action.
by Ryan Dewhurst
CVE-2013-4660 EXPLOITDB ruby VERIFIED
nodeca/js-yaml < 2.0.5 - Remote Code Execution via Unsafe YAML Tag Parsing
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation.
by Metasploit
EIP-2026-103385 EXPLOITDB python VERIFIED
Abuse HTTP Server - Remote Denial of Service
by Zico Ekel
CVE-2013-5697 EXPLOITDB text
mod_accounting < 0.5 - SQL Injection via Host Header
SQL injection vulnerability in mod_accounting.c in the mod_accounting module 0.5 and earlier for Apache allows remote attackers to execute arbitrary SQL commands via a Host header.
by Wireghoul
CVE-2013-4788 EXPLOITDB c
GNU C Library <2.17 - Buffer Overflow
The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.
by Hector Marco & Ismael Ripoll
EIP-2026-102039 EXPLOITDB text
Tenda W309R Router 5.07.46 - Configuration Disclosure
by SANTHO
EIP-2026-101530 EXPLOITDB text
Asus RT-N66U 3.0.0.4.374_720 - Cross-Site Request Forgery
by cgcai
EIP-2026-107242 EXPLOITDB text VERIFIED
FreeSMS - '/pages/crc_handler.php?scheduleid' SQL Injection
by Sarahma Security
EIP-2026-107241 EXPLOITDB text VERIFIED
FreeSMS - '/pages/crc_handler.php' Multiple Cross-Site Scripting Vulnerabilities
by Sarahma Security
EIP-2026-111292 EXPLOITDB text VERIFIED
Piwigo 2.5.2 - Cross-Site Scripting
by Arsan
EIP-2026-105248 EXPLOITDB text VERIFIED
ArticleSetup - Multiple Vulnerabilities
by DevilScreaM
EIP-2026-104404 EXPLOITDB text VERIFIED
Posnic Stock Management System 1.02 - Multiple Vulnerabilities
by Sarahma Security
EIP-2026-103425 EXPLOITDB perl VERIFIED
Blast XPlayer - Local Buffer Overflow (PoC)
by flux77
CVE-2013-6852 EXPLOITDB text
HP 2620-24-PoE+ Switch - Cross-Site Request Forgery via setPassword Method
Cross-site request forgery (CSRF) vulnerability in html/json.html on HP 2620 switches allows remote attackers to hijack the authentication of administrators for requests that change an administrative password via the setPassword method.
by Hubert Gradek
CVE-2013-5692 EXPLOITDB text
X2Engine X2CRM < 3.5 - Authenticated Path Traversal via Translation Manager File Parameter
Directory traversal vulnerability in X2Engine X2CRM before 3.5 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the file parameter to index.php/admin/translationManager.
by High-Tech Bridge SA
CVE-2013-5693 EXPLOITDB text
X2Engine X2CRM < 3.5 - Cross-Site Scripting via Model Parameter
Cross-site scripting (XSS) vulnerability in X2Engine X2CRM before 3.5 allows remote attackers to inject arbitrary web script or HTML via the model parameter to index.php/admin/editor.
by High-Tech Bridge SA
EIP-2026-103344 EXPLOITDB text
ZeroShell 'cgi-bin/kerbynet' - Local File Disclosure
by Yann CAM
CVE-2013-5118 EXPLOITDB text
Good for Enterprise <2.2.4.1659 - XSS
Cross-site scripting (XSS) vulnerability in the Good for Enterprise app before 2.2.4.1659 for iOS allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail message.
by Mario
CVE-2013-10049 EXPLOITDB CRITICAL ruby VERIFIED
Raidsonic IB-NAS5220 and IB-NAS4220 - Unauthenticated OS Command Injection via timeHandler.cgi timeZone Parameter
An OS command injection vulnerability exists in multiple Raidsonic NAS devices—specifically tested on IB-NAS5220 and IB-NAS4220—via the unauthenticated timeHandler.cgi endpoint exposed through the web interface. The CGI script fails to properly sanitize user-supplied input in the timeZone parameter of a POST request, allowing remote attackers to inject arbitrary shell commands.
by Metasploit