Exploitdb Exploits

50,083 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-112302 EXPLOITDB text
Social Site Generator 2.2 - Cross-Site Request Forgery (Add Admin)
by Fallaga
EIP-2026-110283 EXPLOITDB text VERIFIED
OpenDocMan 1.2.6.5 - Persistent Cross-Site Scripting
by drone
EIP-2026-108624 EXPLOITDB text VERIFIED
Joomla! Component dj-classifieds 2.0 - Blind SQL Injection
by Napsterakos
EIP-2026-106233 EXPLOITDB text VERIFIED
Craigslist Gold - SQL Injection
by Fallaga
EIP-2026-101649 EXPLOITDB text
D-Link DSL-320B - Multiple Vulnerabilities
by m-1-k-3
EIP-2026-116704 EXPLOITDB python VERIFIED
ABBS Audio Media Player 3.1 - '.lst' Local Buffer Overflow
by Julien Ahrens
EIP-2026-116839 EXPLOITDB ruby VERIFIED
AudioCoder 0.8.18 - Local Buffer Overflow (SEH)
by metacom
EIP-2026-101639 EXPLOITDB text
D-Link DNS-323 - Multiple Vulnerabilities
by sghctoma
CVE-2013-1599 EXPLOITDB CRITICAL text VERIFIED
Dlink Dcs-3411 Firmware - OS Command Injection
A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, DCS-1100/1130 1.04_US, DCS-2102/2121 1.05_RU, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.00, DCS-7410 1.00, DCS-7510 1.00, and WCS-1100 1.02, which could let a remote malicious user execute arbitrary commands through the camera’s web interface.
by Core Security
CVSS 9.8
CVE-2013-1594 EXPLOITDB HIGH text VERIFIED
Vivotek PT7135 Firmware 0300a/0400a - Cleartext Credential Storage Exposes Sensitive Information
An Information Disclosure vulnerability exists via a GET request in Vivotek PT7135 IP Camera 0300a and 0400a due to wireless keys and 3rd party credentials stored in clear text.
by Core Security
CVSS 7.5
CVE-2013-5660 EXPLOITDB python VERIFIED
Power Software WinArchiver 3.2 - Remote Code Execution via Crafted ZIP File
Buffer overflow in Power Software WinArchiver 3.2 allows remote attackers to execute arbitrary code via a crafted .zip file.
by RealPentesting
CVE-2013-5656 EXPLOITDB HIGH python VERIFIED
FuzeZip 1.0.0.131625 - Local Buffer Overflow
FuzeZip 1.0.0.131625 has a Local Buffer Overflow vulnerability
by RealPentesting
CVSS 7.8
CVE-2012-4886 EXPLOITDB text VERIFIED
Kingsoft WPS Office <8.1.0.3238 - Buffer Overflow
Stack-based buffer overflow in wpsio.dll in Kingsoft WPS Office 2012 possibly 8.1.0.3238 allows remote attackers to execute arbitrary code via a long BSTR string.
by Zhangjiantao
EIP-2026-116376 EXPLOITDB text
Syslog Watcher Pro 2.8.0.812 - 'Date' Cross-Site Scripting
by demonalex
EIP-2026-115190 EXPLOITDB text VERIFIED
Easy Icon Maker 5.01 - Crash (PoC)
by Asesino04
EIP-2026-106803 EXPLOITDB text VERIFIED
EggBlog 4.1.2 - Arbitrary File Upload
by Pokk3rs
CVE-2013-2010 EXPLOITDB CRITICAL ruby VERIFIED
W3 Total Cache < 0.9.2.8 - Remote PHP Code Execution
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability
by Metasploit
CVSS 9.8
CVE-2013-3238 EXPLOITDB ruby VERIFIED
phpMyAdmin <3.5.8 and <4.0.0-rc3 - Authenticated RCE
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature.
by Metasploit
CVE-2012-0809 EXPLOITDB c VERIFIED
sudo 1.8.0-1.8.3p1 - Local Use-After-Free via Format String in sudo_debug
Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.
by aeon
CVE-2013-1598 EXPLOITDB HIGH text VERIFIED
Vivotek PT7135 Firmware 0300a and 0400a - OS Command Injection via system.ntp Parameter
A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary code.
by Core Security
CVSS 8.8
CVE-2013-1603 EXPLOITDB MEDIUM text VERIFIED
D-Link DCS and WCS Firmware - Unauthenticated Remote Access via Hard-coded Credentials
An Authentication vulnerability exists in D-LINK WCS-1100 1.02, TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-7510 1.00, DCS-7410 1.00, DCS-6410 1.00, DCS-5635 1.01, DCS-5605 1.01, DCS-5230L 1.02, DCS-5230 1.02, DCS-3430 1.02, DCS-3411 1.02, DCS-3410 1.02, DCS-2121 1.06_FR, DCS-2121 1.06, DCS-2121 1.05_RU, DCS-2102 1.06_FR, DCS-2102 1.06, DCS-2102 1.05_RU, DCS-1130L 1.04, DCS-1130 1.04_US, DCS-1130 1.03, DCS-1100L 1.04, DCS-1100 1.04_US, and DCS-1100 1.03 due to hard-coded credentials that serve as a backdoor, which allows remote attackers to access the RTSP video stream.
by Core Security
CVSS 5.3
EIP-2026-119382 EXPLOITDB perl
Ipswitch IMail 11.01 - Cross-Site Scripting
by DaOne
EIP-2026-107169 EXPLOITDB text VERIFIED
Foe CMS 1.6.5 - Multiple Vulnerabilities
by flux77
EIP-2026-115212 EXPLOITDB python VERIFIED
Elecard MPEG Player - '.m3u' File Buffer Overflow
by metacom
EIP-2026-111228 EXPLOITDB html VERIFIED
PHPValley Micro Jobs Site Script - Spoofing
by Jason Whelan