Exploitdb Exploits

50,083 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-114159 EXPLOITDB text
WordPress Plugin User Role Editor 3.12 - Cross-Site Request Forgery
by Henry Hoggard
EIP-2026-114084 EXPLOITDB text VERIFIED
WordPress Plugin Spider Event Calendar 1.3.0 - Multiple Vulnerabilities
by waraxe
EIP-2026-114083 EXPLOITDB text VERIFIED
WordPress Plugin Spider Catalog 1.4.6 - Multiple Vulnerabilities
by waraxe
EIP-2026-112962 EXPLOITDB text
Vanilla Forums 2.0.18.8 - Multiple Vulnerabilities
by Henry Hoggard
CVE-2013-3531 EXPLOITDB text
RadioCMS 2.2 - SQL Injection via meneger.php playlist_id Parameter
SQL injection vulnerability in meneger.php in RadioCMS 2.2 allows remote attackers to execute arbitrary SQL commands via the playlist_id parameter.
by Rooster(XEKA)
EIP-2026-105331 EXPLOITDB python
AVE.CMS 2.09 - 'index.php?module' Blind SQL Injection
by mr.pr0n
EIP-2026-101778 EXPLOITDB python
HP LaserJet Pro P1606dn - Webadmin Password Reset
by m3tamantra
EIP-2026-101130 EXPLOITDB text
Sony Playstation 3 (PS3) 4.31 - Save Game Preview '.SFO' Handling Local Command Execution
by Vulnerability-Lab
EIP-2026-109346 EXPLOITDB perl VERIFIED
Matterdaddy Market - Multiple Vulnerabilities
by KedAns-Dz
EIP-2026-113397 EXPLOITDB text VERIFIED
Weyal CMS - Multiple SQL Injections
by XroGuE
CVE-2013-10059 EXPLOITDB HIGH ruby VERIFIED
D-Link DIR-615H1 <8.04 - Command Injection
An authenticated OS command injection vulnerability exists in various D-Link routers (tested on DIR-615H1 running firmware version 8.04) via the tools_vct.htm endpoint. The web interface fails to sanitize input passed from the ping_ipaddr parameter to the tools_vct.htm diagnostic interface, allowing attackers to inject arbitrary shell commands using backtick encapsulation. With default credentials, an attacker can exploit this blind injection vector to execute arbitrary commands.
by Metasploit
CVSS 7.2
CVE-2013-10058 EXPLOITDB HIGH ruby VERIFIED
Linksys router <v2.0.03 - Command Injection
An authenticated OS command injection vulnerability exists in various Linksys router models (tested on WRT160Nv2) running firmware version v2.0.03 via the apply.cgi endpoint. The web interface fails to properly sanitize user-supplied input passed to the ping_size parameter during diagnostic operations. An attacker with valid credentials can inject arbitrary shell commands, enabling remote code execution.
by Metasploit
CVE-2013-10033 EXPLOITDB CRITICAL python
Kimai 0.9.2.x - Unauthenticated SQL Injection via db_restore.php dates[] Parameter
An unauthenticated SQL injection vulnerability exists in Kimai version 0.9.2.x via the db_restore.php endpoint. The flaw allows attackers to inject arbitrary SQL queries into the dates[] POST parameter, enabling file write via INTO OUTFILE under specific environmental conditions. This can lead to remote code execution by writing a PHP payload to the web-accessible temporary directory. The vulnerability has been confirmed in versions including 0.9.2.beta, 0.9.2.1294.beta, and 0.9.2.1306-3.
by drone
CVE-2013-3660 EXPLOITDB HIGH text VERIFIED
Windows - Local Privilege Escalation via EPATHOBJ::pprFlattenRec Pointer Initialization
The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."
by Tavis Ormandy
CVSS 7.8
EIP-2026-117726 EXPLOITDB python VERIFIED
Ophcrack 3.5.0 - Code Execution Local Buffer Overflow
by xis_one
CVE-2013-3661 EXPLOITDB text VERIFIED
Microsoft Windows - Denial of Service via EPATHOBJ::bFlatten Path Traversal
The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
by Tavis Ormandy
EIP-2026-113989 EXPLOITDB text VERIFIED
WordPress Plugin ProPlayer 4.7.9.1 - SQL Injection
by Ashiyane Digital Security Team
EIP-2026-103056 EXPLOITDB text VERIFIED
Acme thttpd HTTP Server - Directory Traversal
by Metropolis
CVE-2013-2131 EXPLOITDB c VERIFIED
rrdtool 1.4.7 - Denial of Service via Format String Specifiers in rrdtool.graph
Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdtool.graph function.
by Thomas Pollet
EIP-2026-110798 EXPLOITDB text VERIFIED
PHP-Charts 1.0 - Code Execution
by fizzle stick
CVE-2013-3294 EXPLOITDB text
Exponent CMS <2.2.0 - SQL Injection
Multiple SQL injection vulnerabilities in Exponent CMS before 2.2.0 release candidate 1 allow remote attackers to execute arbitrary SQL commands via the (1) src or (2) username parameter to index.php.
by High-Tech Bridge SA
EIP-2026-106591 EXPLOITDB text
Drupal Module CKEditor < 4.1WYSIWYG (Drupal 6.x/7.x) - Persistent Cross-Site Scripting
by r0ng
CVE-2013-0136 EXPLOITDB ruby VERIFIED
Mutiny < 5.0-1.11 - Authenticated Path Traversal and Arbitrary File Write via EditDocument Servlet
Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service (file deletion or renaming) via (1) the uploadPath parameter in an UPLOAD operation; the paths[] parameter in a (2) DELETE, (3) CUT, or (4) COPY operation; or the newPath parameter in a (5) CUT or (6) COPY operation.
by Metasploit
CVE-2013-2028 EXPLOITDB python
nginx 1.3.9-1.4.0 - Remote Code Execution via Chunked Transfer-Encoding
The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
by Mert SARICA
CVE-2013-2108 EXPLOITDB MEDIUM html VERIFIED
WordPress WP Cleanfix Plugin 2.4.4 - Cross-Site Request Forgery
WordPress WP Cleanfix Plugin 2.4.4 has CSRF
by Enigma Ideas
CVSS 5.4