Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-10051 EXPLOITDB CRITICAL ruby VERIFIED
InstantCMS < 1.6 - Remote PHP Code Execution via Search View Handler
A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval() within the search view handler. Specifically, user-supplied input passed via the look parameter is concatenated into a PHP expression and executed without proper sanitation. A remote attacker can exploit this flaw by sending a crafted HTTP GET request with a base64-encoded payload in the Cmd header, resulting in arbitrary PHP code execution within the context of the web server.
by Metasploit
CVSS 9.8
CVE-2013-7376 EXPLOITDB text
OpenX 2.8.10 - Cross-Site Request Forgery via Plugin Preferences and Settings
Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by requests that conduct directory traversal attacks via the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-3514.
by High-Tech Bridge SA
CVE-2013-3729 EXPLOITDB text
Kasseler CMS < 2 - Cross-Site Request Forgery via Admin PHP Parameters
Multiple cross-site request forgery (CSRF) vulnerabilities in Kasseler CMS before 2 r1232 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) groups[] parameter in a send action in the sendmail module or (2) query parameter in a sql_query action in the database module to admin.php, related to CVE-2013-3727.
by High-Tech Bridge SA
EIP-2026-104341 EXPLOITDB text
Mobile Atlas Creator 1.9.12 - Persistent Command Injection
by Vulnerability-Lab
EIP-2026-116700 EXPLOITDB ruby VERIFIED
ABBS Audio Media Player - '.LST' Local Buffer Overflow (Metasploit)
by Metasploit
EIP-2026-116167 EXPLOITDB python
Realtek Sound Manager AvRack - '.wav' Crash (PoC)
by Asesino04
CVE-2013-4787 EXPLOITDB bash VERIFIED
Android 1.6-4.2 - Unauthenticated Arbitrary Code Execution via APK Signature Bypass
Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrary code via an application package file (APK) that is modified in a way that does not violate the cryptographic signature, probably involving multiple entries in a Zip file with the same name in which one entry is validated but the other entry is installed, aka Android security bug 8219321 and the "Master Key" vulnerability.
by Bluebox Security
CVE-2013-4949 EXPLOITDB text VERIFIED
Machform 2 - Unauthenticated Arbitrary File Upload and Remote Code Execution via view.php
Unrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in the upload form's directory in data/.
by Yashar shahinzadeh
CVE-2013-4948 EXPLOITDB text VERIFIED
Machform 2 - SQL Injection via element_2 Parameter
SQL injection vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary SQL commands via the element_2 parameter.
by Yashar shahinzadeh
CVE-2013-3661 EXPLOITDB ruby VERIFIED
Microsoft Windows - Denial of Service via EPATHOBJ::bFlatten Path Traversal
The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
by Metasploit
CVE-2013-4694 EXPLOITDB text VERIFIED
Winamp <5.64 Build 3418 - Buffer Overflow
Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. NOTE: a second buffer overflow involving a long GUI Search field to ml_local.dll was also reported. However, since it is only exploitable by the user of the application, this issue would not cross privilege boundaries unless Winamp is running under a highly restricted environment such as a kiosk.
by Julien Ahrens
CVE-2013-4695 EXPLOITDB HIGH text
Winamp 5.63 - Arbitrary Code Execution via Invalid Pointer Dereference
Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Execution
by Julien Ahrens
CVSS 7.8
EIP-2026-116004 EXPLOITDB text VERIFIED
Opera 12.15 - vtable Corruption
by echo
EIP-2026-114217 EXPLOITDB text VERIFIED
WordPress Plugin WP Feed - 'nid' SQL Injection
by Iranian Exploit DataBase
CVE-2013-4117 EXPLOITDB text VERIFIED
Category Grid View Gallery 2.3.1 - Cross-Site Scripting via ID Parameter
Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter.
by Iranian Exploit DataBase
CVE-2013-4950 EXPLOITDB text VERIFIED
Machform 2 - Cross-Site Scripting via view.php element_2 Parameter
Cross-site scripting (XSS) vulnerability in view.php in Machform 2 allows remote attackers to inject arbitrary web script or HTML via the element_2 parameter.
by Yashar shahinzadeh
CVE-2013-4786 EXPLOITDB HIGH perl VERIFIED
Fujitsu M10 Firmware < 2290 - Unauthenticated Password Hash Exposure via IPMI RAKP HMAC
The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC.
by Dan Farmer
CVSS 7.5
CVE-2013-3299 EXPLOITDB html VERIFIED
RealNetworks RealPlayer <16.0.2.32 - DoS
RealNetworks RealPlayer 16.0.2.32 and earlier allows remote attackers to cause a denial of service (resource consumption or application crash) via an HTML document containing JavaScript code that constructs a long string.
by Akshaysinh Vaghela
CVE-2013-4743 EXPLOITDB CRITICAL python
Static HTTP Server 1.0 - Buffer Overflow
Static HTTP Server 1.0 has a Local Overflow
by Jacob Holcomb
CVSS 9.8
EIP-2026-116837 EXPLOITDB ruby
AudioCoder (.lst) - Local Buffer Overflow (Metasploit)
by Asesino04
EIP-2026-116735 EXPLOITDB python VERIFIED
Adrenalin Player 2.2.5.3 - '.wvx' Local Buffer Overflow (SEH)
by MrXors
EIP-2026-116487 EXPLOITDB python VERIFIED
VideoLAN VLC Media Player 2.0.7 - '.png' Crash (PoC)
by Kevin Fujimoto
CVE-2014-2671 EXPLOITDB text VERIFIED
Microsoft Windows Media Player 11.0.5721.5230 - Memory Corruption
Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted WAV file.
by Asesino04
EIP-2026-114965 EXPLOITDB python
AVS Media Player 4.1.11.100 - '.ac3' Denial of Service
by metacom
CVE-2013-2225 EXPLOITDB text
GLPI < 0.83.9 - Unauthenticated PHP Object Unserialization via _predefined_fields Parameter
inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php.
by Xavier Mehrenberger