Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-2171 EXPLOITDB ruby VERIFIED
FreeBSD 9 Address Space Manipulation Privilege Escalation
The vm_map_lookup function in sys/vm/vm_map.c in the mmap implementation in the kernel in FreeBSD 9.0 through 9.1-RELEASE-p4 does not properly determine whether a task should have write access to a memory location, which allows local users to bypass filesystem write permissions and consequently gain privileges via a crafted application that leverages read permissions, and makes mmap and ptrace system calls.
by Metasploit
EIP-2026-105398 EXPLOITDB text VERIFIED
Barnraiser Prairie - 'get_file.php' Directory Traversal
by prairie
CVE-2013-10054 EXPLOITDB CRITICAL ruby VERIFIED
LibrettoCMS 1.1.7 - Unauthenticated RCE
An unauthenticated arbitrary file upload vulnerability exists in LibrettoCMS version 1.1.7 (and possibly earlier) contains an unauthenticated arbitrary file upload vulnerability in its File Manager plugin. The upload handler located at adm/ui/js/ckeditor/plugins/pgrfilemanager/php/upload.php fails to properly validate file extensions, allowing attackers to upload files with misleading extensions and subsequently rename them to executable .php scripts. This enables remote code execution on the server without authentication.
by Metasploit
CVE-2013-3576 EXPLOITDB ruby VERIFIED
HP System Management Homepage - Authenticated OS Command Injection via PATH_INFO to smhutil/snmpchp.php.en
ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATH_INFO to smhutil/snmpchp.php.en.
by Metasploit
CVE-2008-3158 EXPLOITDB ruby
Novell Client for Windows 4.91 SP4 - Buffer Overflow
Unspecified vulnerability in NWFS.SYS in Novell Client for Windows 4.91 SP4 has unknown impact and attack vectors, possibly related to IOCTL requests that overwrite arbitrary memory.
by Metasploit
EIP-2026-117470 EXPLOITDB python
Mediacoder PMP Edition 0.8.17 - '.m3u' Local Buffer Overflow
by metacom
EIP-2026-117452 EXPLOITDB python VERIFIED
Mediacoder - '.m3u' Local Buffer Overflow (SEH)
by metacom
EIP-2026-117450 EXPLOITDB python VERIFIED
Mediacoder (.lst) - Local Buffer Overflow (SEH)
by metacom
EIP-2026-117444 EXPLOITDB text VERIFIED
McAfee Data Loss Prevention - Multiple Information Disclosure Vulnerabilities
by Jamie Ooi
EIP-2026-116841 EXPLOITDB python
AudioCoder 0.8.22 - '.m3u' Direct RETN Buffer Overflow
by Onying
EIP-2026-116812 EXPLOITDB python
aSc Timetables 2013 - Local Stack Buffer Overflow
by Dark-Puzzle
EIP-2026-116054 EXPLOITDB python VERIFIED
PEiD 0.95 - Memory Corruption (PoC)
by Debasish Mandal
CVE-2013-4953 EXPLOITDB text VERIFIED
Top Games Script 1.2 - SQL Injection
SQL injection vulnerability in play.php in Top Games Script 1.2 allows remote attackers to execute arbitrary SQL commands via the gid parameter.
by AtT4CKxT3rR0r1ST
EIP-2026-111386 EXPLOITDB text
PodHawk 1.85 - Arbitrary File Upload
by CWH Underground
CVE-2007-3519 EXPLOITDB text VERIFIED
phpEventCalendar < 0.2.3 - SQL Injection via eventdisplay.php id Parameter
SQL injection vulnerability in eventdisplay.php in phpEventCalendar 0.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by AtT4CKxT3rR0r1ST
CVE-2013-4952 EXPLOITDB text
elemata_cms RC 3.0 - SQL Injection via id Parameter
SQL injection vulnerability in functions/global.php in Elemata CMS RC 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by CWH Underground
EIP-2026-106060 EXPLOITDB python
Collabtive 1.0 - 'manageuser.php' SQL Injection
by drone
CVE-2013-5321 EXPLOITDB text
AlienVault OSSIM 4.1 - SQL Injection
Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) sensor parameter in a Query action to forensics/base_qry_main.php; the (2) tcp_flags[] or (3) tcp_port[0][4] parameter to forensics/base_stat_alerts.php; the (4) ip_addr[1][8] or (5) port_type parameter to forensics/base_stat_ports.php; or the (6) sortby or (7) rvalue parameter in a search action to vulnmeter/index.php.
by Glafkos Charalambous
EIP-2026-103256 EXPLOITDB ruby VERIFIED
ZPanel 10.0.0.2 htpasswd Module - 'Username' Command Execution (Metasploit)
by Metasploit
CVE-2012-6495 EXPLOITDB ruby VERIFIED
MoinMoin < 1.9.6 - Authenticated Path Traversal and Arbitrary File Write via Twikidraw and Anywikidraw Actions
Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code.
by Metasploit
EIP-2026-102082 EXPLOITDB text
TRENDnet TE100-P1U Print Server Firmware 4.11 - Authentication Bypass
by Chako
CVE-2013-3307 EXPLOITDB HIGH text
Linksys E1000/E1200/E3200 - Command Injection
Linksys E1000 devices through 2.1.02, E1200 devices before 2.0.05, and E3200 devices through 1.0.04 allow OS command injection via shell metacharacters in the apply.cgi ping_ip parameter on TCP port 52000.
by m-1-k-3
CVSS 8.3
EIP-2026-101443 EXPLOITDB perl
Seowonintech Devices - Remote Command Execution
by Todor Donev
EIP-2026-100804 EXPLOITDB text VERIFIED
FtpLocate - HTML Injection
by Chako
EIP-2026-116731 EXPLOITDB python
Adrenalin Player 2.2.5.3 - '.asx' Local Buffer Overflow (SEH)
by Onying