Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-3691 EXPLOITDB HIGH text
AirLive POE-2600HD Firmware - Denial of Service via Long URL
AirLive POE-2600HD allows remote attackers to cause a denial of service (device reset) via a long URL.
by Sánchez_ Lopez_ Castillo
CVSS 7.5
EIP-2026-116375 EXPLOITDB python VERIFIED
Syslog Server 1.2.3 - Crash (PoC)
by npn
CVE-2013-3684 EXPLOITDB CRITICAL perl VERIFIED
NextGEN Gallery < 1.9.13 - Unrestricted Upload of File with Dangerous Type via ngggallery.php
NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload
by Marcos Garcia
CVSS 9.8
CVE-2013-3539 EXPLOITDB html VERIFIED
Ovislink Airlive Wl2600cam - CSRF
Cross-site request forgery (CSRF) vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users.
by Castillo
CVE-2013-3963 EXPLOITDB text VERIFIED
Grandstream GXV Device Firmware - Cross-Site Request Forgery in User Management
Cross-site request forgery (CSRF) vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models allows remote attackers to hijack the authentication of unspecified victims for requests that add users.
by Castillo
CVE-2013-3690 EXPLOITDB html VERIFIED
Brickcom 100Ap Device Firmware <= 3.1.0.8 - Cross-Site Request Forgery in User Management
Cross-site request forgery (CSRF) vulnerability in cgi-bin/users.cgi in Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.1.0.8 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add users.
by Castillo
CVE-2013-1606 EXPLOITDB text VERIFIED
Ubiquiti AirVision Firmware < 1.1.6 - Remote Code Execution via RTSP DESCRIBE Request
Buffer overflow in the ubnt-streamer RTSP service on the Ubiquiti UBNT AirCam with airVision firmware before 1.1.6 allows remote attackers to execute arbitrary code via a long rtsp: URI in a DESCRIBE request.
by Core Security
EIP-2026-119185 EXPLOITDB ruby VERIFIED
Synactis PDF In-The-Box - ConnectToSynactic Stack Buffer Overflow (Metasploit)
by Metasploit
EIP-2026-116560 EXPLOITDB python VERIFIED
WinRadius 2.11 - Denial of Service
by npn
EIP-2026-116208 EXPLOITDB python VERIFIED
Sami FTP Server 2.0.1 - RETR Denial of Service
by Chako
EIP-2026-114264 EXPLOITDB text
WordPress Plugin WP-SendSms 1.0 - Multiple Vulnerabilities
by expl0i13r
CVE-2013-3739 EXPLOITDB text VERIFIED
Network Weathermap < 0.97c - Path Traversal via Mapname Parameter
Directory traversal vulnerability in editor.php in Network Weathermap 0.97c and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the mapname parameter in a show_config action.
by Anthony Dubuissez
CVE-2013-3961 EXPLOITDB text
Simple PHP Agenda < 2.2.9 - Authenticated SQL Injection via edit_event.php eventid Parameter
SQL injection vulnerability in edit_event.php in Simple PHP Agenda before 2.2.9 allows remote authenticated users to execute arbitrary SQL commands via the eventid parameter.
by Anthony Dubuissez
EIP-2026-109834 EXPLOITDB text VERIFIED
NanoBB 0.7 - Multiple Vulnerabilities
by CWH Underground
EIP-2026-109500 EXPLOITDB text VERIFIED
mkCMS - 'index.php' Arbitrary PHP Code Execution
by CWH Underground
EIP-2026-107168 EXPLOITDB text VERIFIED
Fobuc Guestbook 0.9 - SQL Injection
by CWH Underground
CVE-2013-1488 EXPLOITDB ruby VERIFIED
Oracle JDK and JRE - Remote Code Execution via Reflection and JDBC Driver Manager
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James Forshaw during a Pwn2Own competition at CanSecWest 2013.
by Metasploit
CVE-2012-1533 EXPLOITDB ruby
Oracle Java SE <7.7 - Info Disclosure
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-3159.
by Rh0
CVE-2013-2094 EXPLOITDB HIGH c VERIFIED
Linux Kernel < 3.0.75 - Local Privilege Escalation via perf_event_open System Call
The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.
by Andrea Bittau
CVSS 8.4
EIP-2026-101579 EXPLOITDB text
Buffalo WZR-HP-G300NH2 - Cross-Site Request Forgery
by Prayas Kulshrestha
EIP-2026-111946 EXPLOITDB text VERIFIED
ScriptCase - 'scelta_categoria.php' SQL Injection
by Hossein Hezami
EIP-2026-109206 EXPLOITDB text VERIFIED
Lokboard - 'index_4.php' PHP Code Injection
by CWH Underground
CVE-2013-3575 EXPLOITDB text VERIFIED
HP Insight Diagnostics 9.4.0.4710 - Remote File Inclusion via path Parameter
hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary hpdiags/frontend2/help/ .html files via the path parameter.
by Markus Wulftange
CVE-2013-3574 EXPLOITDB text VERIFIED
HP Insight Diagnostics 9.4.0.4710 - Path Traversal and Arbitrary File Write via devicePath Parameter
Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full pathname in the argument to the devicePath (aka mount) parameter.
by Markus Wulftange
EIP-2026-106125 EXPLOITDB text
Concrete5 CMS 5.6.1.2 - Multiple Vulnerabilities
by expl0i13r