Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-4946 EXPLOITDB text
BMC Service Desk Express 10.2.1.95 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to inject arbitrary web script or HTML via the (1) SelTab parameter to QV_admin.aspx, the (2) CallBack parameter to QV_grid.aspx, or the (3) HelpPage parameter to commonhelp.aspx.
by Nuri Fattah
CVE-2013-4954 EXPLOITDB text VERIFIED
Genetech Solutions Pie-Register <1.31 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before 1.31 for WordPress, when "Allow New Registrations to set their own Password" is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pass1 or (2) pass2 parameter in a register action. NOTE: some of these details are obtained from third party information.
by gravitylover
CVE-2013-5314 EXPLOITDB text VERIFIED
Serendipity < 1.6.2 - Cross-Site Scripting via serendipity[htmltarget] Parameter
Cross-site scripting (XSS) vulnerability in serendipity_admin_image_selector.php in Serendipity 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the serendipity[htmltarget] parameter.
by Omar Kurt
CVE-2013-4620 EXPLOITDB text VERIFIED
OpenEMR 4.1.1 - Cross-Site Scripting via Office Comments Note Parameter
Cross-site scripting (XSS) vulnerability in interface/main/onotes/office_comments_full.php in OpenEMR 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the note parameter.
by Nate Drier
EIP-2026-100231 EXPLOITDB text VERIFIED
Corda Highwire - 'Highwire.ashx' Full Path Disclosure
by Adam Willard
EIP-2026-100230 EXPLOITDB text VERIFIED
Corda .NET Redirector - 'redirector.corda' Cross-Site Scripting
by Adam Willard
CVE-2013-5019 EXPLOITDB python VERIFIED
Ultra Mini HTTPD 1.21 - Buffer Overflow
Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote attackers to execute arbitrary code via a long resource name in an HTTP request.
by superkojiman
CVE-2013-5020 EXPLOITDB text VERIFIED
MiniBB < 3.0.1 - Cross-Site Scripting via forum_name, forum_group, forum_icon, or forum_desc Parameter
Multiple cross-site scripting (XSS) vulnerabilities in bb_admin.php in MiniBB before 3.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) forum_name, (2) forum_group, (3) forum_icon, or (4) forum_desc parameter. NOTE: the whatus vector is already covered by CVE-2008-2066.
by Netsparker
EIP-2026-111495 EXPLOITDB html VERIFIED
PrestaShop - Multiple Cross-Site Request Forgery Vulnerabilities
by EntPro Cyber Security Research Group
CVE-2013-2028 EXPLOITDB perl
nginx 1.3.9-1.4.0 - Remote Code Execution via Chunked Transfer-Encoding
The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
by kingcope
EIP-2026-115494 EXPLOITDB python
Jolix Media Player 1.1.0 - '.m3u' Denial of Service
by IndonesiaGokilTeam
EIP-2026-113027 EXPLOITDB text
vBulletin vBShout Mod - Persistent Cross-Site Scripting
by []0iZy5
EIP-2026-113016 EXPLOITDB text
vBulletin Advanced User Tagging Mod - Persistent Cross-Site Scripting
by []0iZy5
CVE-2013-4951 EXPLOITDB text VERIFIED
mintboard 0.3 - Cross-Site Scripting via Login or Signup Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Mintboard 0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) pass parameter in views/login.php or (3) name or (4) pass parameter in views/signup.php.
by Canberk BOLAT
EIP-2026-108024 EXPLOITDB text VERIFIED
iVote - 'details.php' SQL Injection
by Ashiyane Digital Security Team
CVE-2013-3482 EXPLOITDB ruby VERIFIED
ERDAS ER Viewer < 13.0.1.1301 - Stack-Based Buffer Overflow via Long String in ERS File
Stack-based buffer overflow in the rf_report_error function in ermapper_u.dll in Intergraph ERDAS ER Viewer before 13.0.1.1301 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in an ERS file.
by Metasploit
EIP-2026-116962 EXPLOITDB c VERIFIED
Cisco WebEx One-Click Client Password Encryption - Information Disclosure
by Brad Antoniewicz
CVE-2013-2160 EXPLOITDB text VERIFIED
Apache CXF 2.5.0-2.5.9, 2.6.0-2.6.6, 2.7.0-2.7.3 - Denial of Service via Crafted XML
The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of (1) elements, (2) attributes, (3) nested constructs, and possibly other vectors.
by SEC Consult
CVE-2010-1183 EXPLOITDB text
Oracle Solaris - Arbitrary File Write via Symlink Attack on /tmp/CLEANUP
Certain patch-installation scripts in Oracle Solaris allow local users to append data to arbitrary files via a symlink attack on the /tmp/CLEANUP temporary file, related to use of Update Manager.
by Larry W. Cashdollar
EIP-2026-102195 EXPLOITDB text VERIFIED
Air Drive Plus - Multiple Input Validation Vulnerabilities
by Benjamin Kunz Mejri
CVE-2013-2729 EXPLOITDB CRITICAL python
Adobe Reader/Acrobat <9.5.5, <10.1.7, <11.0.03 - RCE
Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2727.
by feliam
CVSS 9.8
EIP-2026-110311 EXPLOITDB text VERIFIED
OpenNetAdmin 13.03.01 - Remote Code Execution
by Mandat0ry
EIP-2026-101614 EXPLOITDB text
D-Link - OS-Command Injection via UPnP Interface
by m-1-k-3
EIP-2026-111230 EXPLOITDB html VERIFIED
phpVibe 3.1 - Information Disclosure / Remote File Inclusion
by indoushka
CVE-2013-3515 EXPLOITDB text
OpenX < 2.8.10 - Cross-Site Scripting via Package or Group Parameter
Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) package parameter to www/admin/plugin-index.php or the (2) group parameter to www/admin/plugin-settings.php.
by High-Tech Bridge SA