Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-4011 EXPLOITDB bash VERIFIED
IBM AIX 6.1/7.1 & VIOS 2.2.2.2-FP-26 SP-02 - Privilege Escalation
Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat.
by Kristian Erik Hermansen
CVE-2013-0810 EXPLOITDB HIGH ruby VERIFIED
Windows XP/Vista/Server 2003/2008 RCE via Crafted Screensaver in Theme File
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2 allow remote attackers to execute arbitrary code via a crafted screensaver in a theme file, aka "Windows Theme File Remote Code Execution Vulnerability."
by Metasploit
CVSS 8.1
CVE-2013-3205 EXPLOITDB ruby VERIFIED
Microsoft Internet Explorer <9 - Code Injection
Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
by Metasploit
CVE-2013-5917 EXPLOITDB text
NOSpam PTI 2.1 - SQL Injection via comment_post_ID Parameter
SQL injection vulnerability in wp-comments-post.php in the NOSpam PTI plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the comment_post_ID parameter.
by Alexandro Silva
EIP-2026-112047 EXPLOITDB text VERIFIED
SilverStripe CMS - Multiple HTML Injection Vulnerabilities
by Benjamin Kunz Mejri
CVE-2013-5696 EXPLOITDB ruby VERIFIED
GLPI < 0.84.2 - Cross-Site Request Forgery and SQL Injection via Install Script
inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 action or (2) execute arbitrary PHP code via an update_1 action.
by Metasploit
EIP-2026-102566 EXPLOITDB text VERIFIED
Blue Coat ProxySG 5.x and Security Gateway OS - Denial of Service
by anonymous
CVE-2013-3568 EXPLOITDB HIGH ruby VERIFIED
Cisco Linksys WRT110 Firmware - Cross-Site Request Forgery
Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT110 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.
by Metasploit
CVSS 8.8
EIP-2026-116269 EXPLOITDB html
SolarWinds Server and Application Monitor - ActiveX 'Pepco32c' Buffer Overflow
by blake
EIP-2026-116241 EXPLOITDB python VERIFIED
ShareKM - Remote Denial of Service
by Yuda Prawira
EIP-2026-116239 EXPLOITDB text VERIFIED
Share KM 1.0.19 - Remote Denial of Service
by Yuda Prawira
CVE-2013-5961 EXPLOITDB text VERIFIED
Lazy SEO 1.1.9 - Unauthenticated Arbitrary File Upload and Remote Code Execution via lazyseo.php
Unrestricted file upload vulnerability in lazyseo.php in the Lazy SEO plugin 1.1.9 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in lazy-seo/.
by Ashiyane Digital Security Team
EIP-2026-101273 EXPLOITDB python
FiberHome Modem Router HG-110 - Authentication Bypass To Remote Change DNS Servers
by Javier Perez
EIP-2026-108769 EXPLOITDB text VERIFIED
Joomla! Component JVideoClip 1.5.1 - 'uid' SQL Injection
by SixP4ck3r
CVE-2013-10044 EXPLOITDB HIGH ruby
OpenEMR < 4.1.1 Patch 14 - SQL Injection
An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator credentials and subsequently escalate privileges. Once elevated, the attacker can exploit an unrestricted file upload flaw to achieve remote code execution, resulting in full compromise of the application and its host system.
by xistence
CVSS 8.8
CVE-2013-5091 EXPLOITDB text
vtiger CRM < 5.4.0 - Authenticated SQL Injection via onlyforuser Parameter
SQL injection vulnerability in CalendarCommon.php in vTiger CRM 5.4.0 and possibly earlier allows remote authenticated users to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php. NOTE: this issue might be a duplicate of CVE-2011-4559.
by High-Tech Bridge SA
EIP-2026-109566 EXPLOITDB text VERIFIED
Monstra CMS 1.2.0 - 'login' SQL Injection
by linc0ln.dll
EIP-2026-109420 EXPLOITDB text VERIFIED
MentalJS - Sandbox Security Bypass
by Rafay Baloch
EIP-2026-104784 EXPLOITDB ruby VERIFIED
Western Digital Arkeia < 10.0.10 - Remote Code Execution (Metasploit)
by xistence
EIP-2026-114015 EXPLOITDB text VERIFIED
WordPress Plugin RokMicroNews - 'thumb.php' Multiple Vulnerabilities
by MustLive
EIP-2026-114014 EXPLOITDB text VERIFIED
WordPress Plugin RokIntroScroller - 'thumb.php' Multiple Vulnerabilities
by MustLive
EIP-2026-100150 EXPLOITDB text
AspxCommerce 2.0 - Arbitrary File Upload
by SANTHO
EIP-2026-118766 EXPLOITDB html
McKesson - ActiveX File/Environmental Variable Enumeration
by blake
EIP-2026-116398 EXPLOITDB perl VERIFIED
TeraCopy 2.3 - 'default.mo' Language File Integer Overflow
by LiquidWorm
EIP-2026-114016 EXPLOITDB text VERIFIED
WordPress Plugin RokNewsPager - 'thumb.php' Multiple Vulnerabilities
by MustLive