Exploitdb Exploits

50,083 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-102935 EXPLOITDB python
No-IP Dynamic Update Client (DUC) 2.1.9 - Local IP Address Stack Overflow
by Alberto Ortega
EIP-2026-102318 EXPLOITDB text
Wireless Photo Access 1.0.10 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-102316 EXPLOITDB text
Wireless Disk PRO 2.3 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-102309 EXPLOITDB text
Wifi Album 1.47 iOS - Command Injection
by Vulnerability-Lab
EIP-2026-102231 EXPLOITDB text
File Lite 3.3/3.5 PRO iOS - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-102117 EXPLOITDB text
Wifi Photo Transfer 2.1/1.1 PRO - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-102001 EXPLOITDB text
SimpleTransfer 2.2.1 - Command Injection
by Vulnerability-Lab
EIP-2026-115536 EXPLOITDB python VERIFIED
Lan Messenger - sending PM 'UNICODE' Overwrite Buffer Overflow (SEH)
by ariarat
EIP-2026-114026 EXPLOITDB text VERIFIED
WordPress Plugin Securimage-WP - 'siwp_test.php' Cross-Site Scripting
by Gjoko Krstic
EIP-2026-111967 EXPLOITDB text VERIFIED
Securimage - 'example_form.php' Cross-Site Scripting
by Gjoko Krstic
CVE-2012-6081 EXPLOITDB python VERIFIED
MoinMoin < 1.9.6 - Authenticated Remote Code Execution via File Upload
Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012.
by HTP
CVE-2012-6495 EXPLOITDB python VERIFIED
MoinMoin < 1.9.6 - Authenticated Path Traversal and Arbitrary File Write via Twikidraw and Anywikidraw Actions
Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code.
by HTP
CVE-2013-3336 EXPLOITDB python
Adobe ColdFusion <10 - Info Disclosure
Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors.
by HTP
CVE-2013-4630 EXPLOITDB text
Huawei AR 150, 200, 1200, 2200, and 3200 - Stack-based Buffer Overflow via SNMPv3 Requests
Stack-based buffer overflow on Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 debugging is enabled, allows remote attackers to execute arbitrary code via malformed SNMPv3 requests.
by Roberto Paleari
CVE-2013-2678 EXPLOITDB HIGH text
Cisco Linksys E4200 1.0.05 - Code Injection
Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submit_type parameter.
by sqlhacker
CVSS 8.1
CVE-2013-1347 EXPLOITDB HIGH ruby VERIFIED
Microsoft Internet Explorer 8 - Remote Code Execution via Use-After-Free
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
by Metasploit
CVSS 8.8
EIP-2026-116838 EXPLOITDB ruby VERIFIED
AudioCoder - '.m3u' Local Buffer Overflow (Metasploit)
by Metasploit
CVE-2013-3320 EXPLOITDB MEDIUM text VERIFIED
NetApp OnCommand System Manager <2.2 - XSS
Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Manager before 2.2 allows remote attackers to inject arbitrary web script or HTML via the 'full-name' and 'comment' fields.
by M. Heinzl
CVSS 6.1
CVE-2013-3320 EXPLOITDB MEDIUM text VERIFIED
NetApp OnCommand System Manager <2.2 - XSS
Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Manager before 2.2 allows remote attackers to inject arbitrary web script or HTML via the 'full-name' and 'comment' fields.
by M. Heinzl
CVSS 6.1
EIP-2026-109717 EXPLOITDB text VERIFIED
MyBB Game Section Plugin - 'games.php' Multiple Cross-Site Scripting Vulnerabilities
by anonymous
CVE-2013-2945 EXPLOITDB text VERIFIED
b2evolution < 4.1.7 - Authenticated SQL Injection via show_statuses[] Parameter
SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
by High-Tech Bridge SA
EIP-2026-103098 EXPLOITDB text
Dovecot with Exim - 'sender_address' Remote Command Execution
by RedTeam Pentesting GmbH
CVE-2013-2684 EXPLOITDB MEDIUM text
Cisco Linksys E4200 1.0.05 Build 7 - Cross-Site Scripting
Cross-site Scripting (XSS) in Cisco Linksys E4200 1.0.05 Build 7 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by sqlhacker
CVSS 6.1
CVE-2013-4631 EXPLOITDB text
Huawei AR 150, 200, 1200, 2200, and 3200 - Denial of Service via Malformed SNMPv3 Requests
Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 is enabled, allow remote attackers to cause a denial of service (device crash) via malformed SNMPv3 requests that leverage unspecified overflow issues.
by Roberto Paleari
EIP-2026-113300 EXPLOITDB text VERIFIED
WeBid 1.0.6 - Multiple Vulnerabilities
by Ahmed Aboul-Ela