Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-105669 EXPLOITDB python
C.P.Sub 4.5 - Authentication Bypass
by Chako
CVE-2013-2460 EXPLOITDB ruby VERIFIED
Oracle Java SE <7 Update 21 - Info Disclosure
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "insufficient access checks" in the tracing component.
by Metasploit
EIP-2026-103466 EXPLOITDB python VERIFIED
FileCOPA FTP Server - Remote Denial of Service
by Chako
CVE-2013-2218 EXPLOITDB text VERIFIED
libvirt 1.0.6 - Denial of Service via virConnectListAllInterfaces Double Free
Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service (libvirtd crash) via a filtering flag that causes an interface to be skipped, as demonstrated by the "virsh iface-list --inactive" command.
by Daniel P. Berrange
CVE-2013-1414 EXPLOITDB text
FortiOS < 4.3.13 and 5.x < 5.0.2 - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of administrators for requests that modify (1) settings or (2) policies, or (3) restart the device via a rebootme action to system/maintenance/shutdown.
by Sven Wurth
EIP-2026-101552 EXPLOITDB text
Barracuda SSL VPN 680Vx 2.3.3.193 - Multiple Script Injection Vulnerabilities
by LiquidWorm
CVE-2013-4730 EXPLOITDB python
pcman's ftp server 2.0.7 - Unauthenticated Buffer Overflow via USER Command
Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command.
by Chako
EIP-2026-118314 EXPLOITDB python VERIFIED
Bifrost 1.2d - Remote Buffer Overflow
by Mohamed Clay
EIP-2026-118313 EXPLOITDB python VERIFIED
Bifrost 1.2.1 - Remote Buffer Overflow
by Mohamed Clay
CVE-2013-4147 EXPLOITDB text VERIFIED
YARD RADIUS 1.1.2 - Format String Vulnerability in Log and Version Functions
Multiple format string vulnerabilities in Yet Another Radius Daemon (YARD RADIUS) 1.1.2 allow context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in a request in the (1) log_msg function in log.c or (2) version or (3) build_version function in version.c.
by Hamid Zamani
CVE-2013-4692 EXPLOITDB MEDIUM text VERIFIED
Xorbin Analog Flash Clock 1.0 - XSS
Xorbin Analog Flash Clock 1.0 extension for Joomia has XSS
by Prakhar Prasad
CVSS 6.1
CVE-2013-4692 EXPLOITDB MEDIUM text VERIFIED
Xorbin Analog Flash Clock 1.0 - XSS
Xorbin Analog Flash Clock 1.0 extension for Joomia has XSS
by Prakhar Prasad
CVSS 6.1
EIP-2026-105283 EXPLOITDB text VERIFIED
Atomy Maxsite - 'index.php' Arbitrary File Upload
by Iranian_Dark_Coders_Team
EIP-2026-101695 EXPLOITDB text
eFile Wifi Transfer Manager 1.0 - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-114227 EXPLOITDB text VERIFIED
WordPress Plugin WP Private Messages - 'msgid' SQL Injection
by IeDb ir
EIP-2026-109833 EXPLOITDB text VERIFIED
Nameko - 'nameko.php' Cross-Site Scripting
by Andrea Menin
CVE-2013-10052 EXPLOITDB HIGH ruby VERIFIED
ZPanel - Local Privilege Escalation via zsudo Sudoers Misconfiguration
ZPanel includes a helper binary named zsudo, intended to allow restricted privilege escalation for administrative tasks. However, when misconfigured in /etc/sudoers, zsudo can be invoked by low-privileged users to execute arbitrary commands as root. This flaw enables local attackers with shell access to escalate privileges by writing a payload to a writable directory and executing it via zsudo. The vulnerability is particularly impactful in post-exploitation scenarios following web server compromise, where the attacker inherits access to zsudo.
by Metasploit
CVE-2013-3956 EXPLOITDB ruby VERIFIED
Novell Client - Local Privilege Escalation via NICM.SYS IOCTL 0x143B6B
The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted 0x143B6B IOCTL call.
by Metasploit
EIP-2026-116840 EXPLOITDB python VERIFIED
AudioCoder 0.8.22 - '.lst' Direct RETN Buffer Overflow
by Onying
EIP-2026-114970 EXPLOITDB perl VERIFIED
Baby FTP Server 1.24 - Denial of Service (1)
by Chako
CVE-2013-3639 EXPLOITDB text VERIFIED
Xaraya < 2.4.0 - Cross-Site Scripting via id/interface/name/tabmodule Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Xaraya 2.4.0-b1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) interface, (3) name, or (4) tabmodule parameter to index.php.
by High-Tech Bridge
EIP-2026-110797 EXPLOITDB python VERIFIED
PHP-Charts 1.0 - 'index.php?type' Remote Code Execution
by infodox
EIP-2026-106664 EXPLOITDB text VERIFIED
e107 Advanced Medal System Plugin - SQL Injection
by Life Wasted
EIP-2026-103989 EXPLOITDB text VERIFIED
Motion - Multiple Vulnerabilities
by xistence
CVE-2013-3792 EXPLOITDB text VERIFIED
Oracle VM VirtualBox < 4.2.18 - Denial of Service in Core
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.18, 4.0.20, 4.1.28, and 4.2.18 allows local users to affect availability via unknown vectors related to Core.
by Thomas Dreibholz