Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-4759 EXPLOITDB html VERIFIED
Magnolia Form module <1.4.7-2.0.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the Magnolia Form module 1.x before 1.4.7 and 2.x before 2.0.2 for Magnolia CMS allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) fullname, or (3) email parameter to magnoliaPublic/demo-project/members-area/registration.html.
by High-Tech Bridge
CVE-2013-2574 EXPLOITDB HIGH text VERIFIED
FOSCAM IP Camera FI8620 - Info Disclosure
An Access vulnerability exists in FOSCAM IP Camera FI8620 due to insufficient access restrictions in the /tmpfs/ and /log/ directories, which could let a malicious user obtain sensitive information.
by Core Security
CVSS 7.5
CVE-2013-7471 EXPLOITDB CRITICAL ruby VERIFIED
D-Link DIR-300, DIR-600 < 2.17b01, DIR-645 < 1.04b11, DIR-845 < 1.02b03, DIR-865 - OS Command Injection
An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request.
by Metasploit
CVSS 9.8
CVE-2013-3520 EXPLOITDB ruby VERIFIED
VMware vCenter Chargeback Manager < 2.5.1 - Remote Code Execution via Unsafe Upload Handling
VMware vCenter Chargeback Manager (aka CBM) before 2.5.1 does not proper handle uploads, which allows remote attackers to execute arbitrary code via unspecified vectors.
by Metasploit
EIP-2026-117975 EXPLOITDB perl VERIFIED
Super Player 3500 - '.m3u' Local Stack Buffer Overflow
by jun
CVE-2013-2577 EXPLOITDB text VERIFIED
XnView < 2.04 - Remote Code Execution via Crafted PCT File
Buffer overflow in XnView before 2.04 allows remote attackers to execute arbitrary code via a crafted PCT file.
by Core Security
CVE-2013-3174 EXPLOITDB text
Microsoft Windows - Remote Code Execution via Crafted GIF File
DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability."
by Andrés Gómez Ramírez
CVE-2013-2576 EXPLOITDB text VERIFIED
Artweaver < 3.1.6 - Buffer Overflow via Crafted AWD File
Buffer overflow in Artweaver before 3.1.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AWD file.
by Core Security
EIP-2026-106403 EXPLOITDB text
Dell Kace 1000 SMA 5.4.742 - SQL Injection
by Vulnerability-Lab
CVE-2013-2121 EXPLOITDB ruby VERIFIED
Redhat Openstack < 1.2.0 - Code Injection
Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.
by Metasploit
EIP-2026-102274 EXPLOITDB text
Photo Server 2.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2013-4890 EXPLOITDB python
Samsung PS50C7700 Television Firmware - Denial of Service via Long URI to TCP Port 5600
The DMCRUIS/0.1 web server on the Samsung PS50C7700 TV allows remote attackers to cause a denial of service (daemon crash) via a long URI to TCP port 5600.
by Malik Mesellem
CVE-2013-4730 EXPLOITDB ruby VERIFIED
pcman's ftp server 2.0.7 - Unauthenticated Buffer Overflow via USER Command
Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command.
by MSJ
CVE-2011-4166 EXPLOITDB ruby VERIFIED
HP Managed Printing Administration <2.6.4 - Path Traversal
Directory traversal vulnerability in the MPAUploader.Uploader.1.UploadFiles method in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data.
by Metasploit
CVE-2013-1017 EXPLOITDB ruby VERIFIED
Apple QuickTime < 7.7.4 - Remote Code Execution via Crafted Dref Atoms
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted dref atoms in a movie file.
by Metasploit
EIP-2026-116477 EXPLOITDB text VERIFIED
VbsEdit 5.9.3 - '.smi' Buffer Overflow (PoC)
by d3b4g
EIP-2026-113756 EXPLOITDB text VERIFIED
WordPress Plugin FlagEm - 'cID' Cross-Site Scripting
by IeDb ir
EIP-2026-109509 EXPLOITDB text
MLM (Multi Level Marketing) Script - Multiple Vulnerabilities
by 3spi0n
EIP-2026-106057 EXPLOITDB text VERIFIED
Collabtive - Multiple Vulnerabilities
by Enrico Cinquini
EIP-2026-102536 EXPLOITDB text
Sybase EAServer 6.3.1 - Multiple Vulnerabilities
by SEC Consult
EIP-2026-101550 EXPLOITDB text
Barracuda LB / SVF / WAF / WEF - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-101547 EXPLOITDB text
Barracuda CudaTel 2.6.02.040 - SQL Injection
by Vulnerability-Lab
EIP-2026-119359 EXPLOITDB text
Dell PacketTrap PSA 7.1 - Multiple Cross-Site Scripting Vulnerabilities
by Vulnerability-Lab
EIP-2026-119358 EXPLOITDB text
Dell PacketTrap MSP RMM 6.6.x - Multiple Cross-Site Scripting Vulnerabilities
by Vulnerability-Lab
CVE-2013-4679 EXPLOITDB c
Symantec Workspace Virtualization <6.4.1953.0 - Privilege Escalation
Symantec Workspace Virtualization before 6.x before 6.4.1953.0, when a virtual application layer is configured, allows local users to gain privileges via an application that performs crafted interaction with the operating system.
by MJ0011