Exploitdb Exploits

50,083 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-2107 EXPLOITDB html VERIFIED
Mail On Update < 5.1.0 - Cross-Site Request Forgery via mailonupdate_mailto Parameter
Cross-site request forgery (CSRF) vulnerability in the Mail On Update plugin before 5.2.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change the "List of alternative recipients" via the mailonupdate_mailto parameter in the mail-on-update page to wp-admin/options-general.php. NOTE: a third party claims that 5.2.1 and 5.2.2 are also vulnerable, but the issue might require a separate CVE identifier since this might reflect an incomplete fix.
by Henri Salo
CVE-2013-0145 EXPLOITDB python VERIFIED
Serva32 2.1.0 - Buffer Overflow via TFTP Read Request
Buffer overflow in the TFTPD service in Serva32 2.1.0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long string in a read request.
by Sapling
EIP-2026-114252 EXPLOITDB text VERIFIED
WordPress Plugin wp-FileManager - 'path' Arbitrary File Download
by ByEge
CVE-2013-3081 EXPLOITDB text VERIFIED
jojo-cms < 1.2.2 - SQL Injection via X-Forwarded-For Header
SQL injection vulnerability in the checkEmailFormat function in plugins/jojo_core/classes/Jojo.php in Jojo before 1.2.2 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header to /articles/test/.
by High-Tech Bridge SA
CVE-2013-3082 EXPLOITDB text VERIFIED
jojo-cms < 1.2.2 - Cross-Site Scripting via Forgot Password Search Parameter
Cross-site scripting (XSS) vulnerability in plugins/jojo_core/forgot_password.php in Jojo before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter to forgot-password/.
by High-Tech Bridge SA
CVE-2013-0726 EXPLOITDB ruby VERIFIED
ERDAS ER Viewer <13.00.0001 - Buffer Overflow
Stack-based buffer overflow in the ERM_convert_to_correct_webpath function in ermapper_u.dll in ERDAS ER Viewer before 13.00.0001 allows remote attackers to execute arbitrary code via a crafted pathname in an ERS file.
by Metasploit
EIP-2026-116134 EXPLOITDB text VERIFIED
Quick Search 1.1.0.189 - Buffer Overflow (SEH)
by ariarat
EIP-2026-114253 EXPLOITDB text VERIFIED
WordPress Plugin wp-FileManager - Arbitrary File Download
by ByEge
EIP-2026-113418 EXPLOITDB text
WHMCS 4.x - 'invoicefunctions.php?id' SQL Injection
by Ahmed Aboul-Ela
CVE-2013-2754 EXPLOITDB text
umi.cms < 2.9 - Cross-Site Request Forgery via Admin User Addition
Cross-site request forgery (CSRF) vulnerability in Umisoft UMI.CMS before 2.9 build 21905 allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via a request to admin/users/add/user/do/.
by High-Tech Bridge SA
EIP-2026-110230 EXPLOITDB text VERIFIED
Open Flash Chart - 'get-data' Cross-Site Scripting
by Deepankar Arora
EIP-2026-107927 EXPLOITDB text VERIFIED
Invision Power Board 1.x?/2.x/3.x - Admin Takeover
by John JEAN
EIP-2026-107337 EXPLOITDB text VERIFIED
Gallery Server Pro - Arbitrary File Upload
by Drew Calcott
EIP-2026-105093 EXPLOITDB text
Alienvault Open Source SIEM (OSSIM) 4.1.2 - Multiple SQL Injections
by RunRunLevel
EIP-2026-104071 EXPLOITDB ruby VERIFIED
SAP SOAP RFC - SXPG_COMMAND_EXECUTE Remote Command Execution (Metasploit)
by Metasploit
EIP-2026-104070 EXPLOITDB ruby VERIFIED
SAP SOAP RFC - SXPG_CALL_SYSTEM Remote Command Execution (Metasploit)
by Metasploit
CVE-2013-1959 EXPLOITDB c
Linux Kernel < 3.8.9 - Privilege Escalation via uid_map and gid_map File Handling
kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a file within an unprivileged process and then modifying the file within a privileged process.
by Andrew Lutomirski
CVE-2013-2094 EXPLOITDB HIGH c
Linux Kernel < 3.0.75 - Local Privilege Escalation via perf_event_open System Call
The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.
by sd
CVSS 8.4
CVE-2013-10032 EXPLOITDB HIGH text VERIFIED
GetSimpleCMS <3.2.1 - Authenticated RCE
An authenticated remote code execution vulnerability exists in GetSimpleCMS version 3.2.1. The application’s upload.php endpoint allows authenticated users to upload arbitrary files without proper validation of MIME types or extensions. By uploading a .pht file containing PHP code, an attacker can bypass blacklist-based restrictions and place executable code within the web root. A crafted request using a polyglot or disguised extension allows the attacker to execute the payload by accessing the file directly via the web server. This vulnerability exists due to the use of a blacklist for filtering file types instead of a whitelist.
by Ahmed Elhady Mohamed
CVSS 8.8
CVE-2012-10022 EXPLOITDB HIGH bash VERIFIED
Kloxo <6.1.12 - Privilege Escalation
Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits execution of arbitrary commands as root if the invoking user matches uid 48. This flaw enables attackers with Apache-level access to escalate privileges to root without authentication.
by HTP
EIP-2026-116732 EXPLOITDB perl VERIFIED
Adrenalin Player 2.2.5.3 - '.m3u' Local Buffer Overflow (SEH)
by seaofglass
EIP-2026-115841 EXPLOITDB python VERIFIED
MiniWeb HTTP Server 300 - Crash (PoC)
by dmnt
EIP-2026-115805 EXPLOITDB perl VERIFIED
Microsoft Windows Media Player 11.0.0 - '.wav' Crash (PoC)
by Asesino04
EIP-2026-108523 EXPLOITDB text VERIFIED
Joomla! Component com_s5clanroster - 'id' SQL Injection
by AtT4CKxT3rR0r1ST
EIP-2026-105051 EXPLOITDB text VERIFIED
Ajax Availability Calendar 3.x - Multiple Vulnerabilities
by AtT4CKxT3rR0r1ST