Exploitdb Exploits

50,083 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-101103 EXPLOITDB text VERIFIED
TP-Link TL-WR741N / TL-WR741ND Routers - Multiple Denial of Service Vulnerabilities
by W1ckerMan
CVE-2013-2712 EXPLOITDB text
KrisonAV CMS < 3.0.2 - Cross-Site Scripting via Content Parameter
Cross-site scripting (XSS) vulnerability in services/get_article.php in KrisonAV CMS before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter.
by High-Tech Bridge SA
CVE-2013-1509 EXPLOITDB text
Oracle Fusion Middleware WebCenter Sites 7.6.2, 11.1.1.6.0, 11.1.1.6.1 - Authenticated Integrity Impact
Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 7.6.2, 11.1.1.6.0, and 11.1.1.6.1 allows remote authenticated users to affect integrity via unknown vectors related to WebCenter Sites.
by SEC Consult
CVE-2013-2419 EXPLOITDB text
Oracle Java SE <7.17,6.43,5.41 - DoS
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font processing errors" in the International Components for Unicode (ICU) Layout Engine before 51.2.
by SEC Consult
EIP-2026-115283 EXPLOITDB text VERIFIED
Foxit Reader 5.4.3.x < 5.4.5.0124 - PDF XREF Parsing Denial of Service
by FuzzMyApp
CVE-2013-2713 EXPLOITDB text
KrisonAV CMS < 3.0.2 - Cross-Site Request Forgery via User Account Creation
Cross-site request forgery (CSRF) vulnerability in users_maint.html in KrisonAV CMS before 3.0.2 allows remote attackers to hijack the authentication of administrators for requests that create user accounts via a crafted request.
by High-Tech Bridge SA
EIP-2026-107184 EXPLOITDB text VERIFIED
Fork CMS - 'js.php' Local File Inclusion
by Rafay Baloch
EIP-2026-104069 EXPLOITDB ruby VERIFIED
SAP ConfigServlet - OS Command Execution (Metasploit)
by Andras Kabai
EIP-2026-118548 EXPLOITDB html VERIFIED
FirePHP Firefox Plugin 0.7.1 - Remote Command Execution
by Wireghoul
EIP-2026-112351 EXPLOITDB text VERIFIED
Sosci Survey - Multiple Vulnerabilities
by T. Lazauninkas
CVE-2013-5657 EXPLOITDB HIGH python VERIFIED
AultWare pwStore 2010.8.30.0 - Denial of Service via Empty HTTP Request
AultWare pwStore 2010.8.30.0 has DoS via an empty HTTP request
by Josep Pi Rodriguez
CVSS 7.5
CVE-2013-2097 EXPLOITDB HIGH text
ZPanel through 10.1.0 - Remote Code Execution
ZPanel through 10.1.0 has Remote Command Execution
by Sven Slootweg
CVSS 7.8
EIP-2026-118904 EXPLOITDB python VERIFIED
MinaliC WebServer 2.0.0 - Remote Buffer Overflow
by superkojiman
EIP-2026-112964 EXPLOITDB text
Vanilla Forums Van2Shout Plugin 1.0.51 - Multiple Cross-Site Request Forgery Vulnerabilities
by Henry Hoggard
CVE-2013-3524 EXPLOITDB text VERIFIED
Pop Up News module 2.0 - SQL Injection via itemid Parameter
SQL injection vulnerability in popupnewsitem/ in the Pop Up News module 2.0 and possibly earlier for phpVMS allows remote attackers to execute arbitrary SQL commands via the itemid parameter. NOTE: this was originally reported as a problem in phpVMS.
by NoGe
CVE-2013-3535 EXPLOITDB python
CMSLogik 1.2.0-1.2.1 - Stored Cross-Site Scripting via Multiple Admin Parameters
Multiple cross-site scripting (XSS) vulnerabilities in CMSLogik 1.2.0 and 1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_email, (2) header_title, (3) site_title parameter to admin/settings; (4) recaptcha_private or (5) recaptcha_public parameter to admin/captcha_settings; (6) fb_appid, (7) fp_secret, (8) tw_consumer_key, or (9) tw_consumer_secret parameter to admin/social_settings; (10) slug parameter to admin/gallery/save_item_settings; or (11) item_link parameter to admin/edit_menu_item_ajax. NOTE: this issue might be resultant from CSRF.
by LiquidWorm
CVE-2013-3301 EXPLOITDB text VERIFIED
Linux Kernel < 3.8.8 - Denial of Service via Ftrace lseek NULL Pointer Dereference
The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call.
by anonymous
EIP-2026-101201 EXPLOITDB text VERIFIED
Cisco Linksys EA2700 Router - Multiple Vulnerabilities
by Phil Purviance
CVE-2013-3537 EXPLOITDB text VERIFIED
Todoo Forum 2.0 - SQL Injection via id_post or pg Parameter
Multiple SQL injection vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id_post or (2) pg parameter.
by Chiekh Bouchenafa
CVE-2013-3538 EXPLOITDB text VERIFIED
Todoo Forum 2.0 - Cross-Site Scripting via id_post or pg Parameter
Multiple cross-site scripting (XSS) vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id_post or (2) pg parameter.
by Chiekh Bouchenafa
EIP-2026-104154 EXPLOITDB text VERIFIED
Aibolit - Information Disclosure
by MustLive
CVE-2005-0575 EXPLOITDB perl VERIFIED
Stormy Studios Knet <= 1.04c - Buffer Overflow via Long HTTP GET Request
Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP GET request.
by Wireghoul
CVE-2006-6184 EXPLOITDB python VERIFIED
Allied Telesyn AT-TFTP < 1.9 - Stack-Based Buffer Overflow via Long Filename in GET or PUT Command
Multiple stack-based buffer overflows in Allied Telesyn TFTP Server (AT-TFTP) 1.9, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long filename in a (1) GET or (2) PUT command.
by xis_one
CVE-2013-2498 EXPLOITDB text VERIFIED
SimpleHRM <= 2.3 - SQL Injection via Username Parameter
SQL injection vulnerability in the login page in flexycms/modules/user/user_manager.php in SimpleHRM 2.3, 2.2, and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to index.php/user/setLogin.
by Doraemon
EIP-2026-107216 EXPLOITDB text VERIFIED
Free Monthly Websites 2.0 - Admin Password Change
by Yassin Aboukir