Exploitdb Exploits

50,083 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-3522 EXPLOITDB perl VERIFIED
vBulletin 5.0.0 Beta 11 and earlier - Authenticated SQL Injection via nodeid Parameter
SQL injection vulnerability in index.php/ajax/api/reputation/vote in vBulletin 5.0.0 Beta 11, 5.0.0 Beta 28, and earlier allows remote authenticated users to execute arbitrary SQL commands via the nodeid parameter.
by Orestis Kourides
EIP-2026-111659 EXPLOITDB ruby
Ra1NX PHP Bot - pubcall Authentication Bypass Remote Code Execution (Metasploit)
by bwall
EIP-2026-107212 EXPLOITDB text VERIFIED
Free Hosting Manager 2.0.2 - Multiple SQL Injections
by Saadi Siddiqui
EIP-2026-105943 EXPLOITDB text VERIFIED
ClipShare 4.1.1 - 'gid' Blind SQL Injection
by Esac
CVE-2013-6229 EXPLOITDB text VERIFIED
Atmail Webmail Server 7.0.2 - Cross-Site Scripting via Filter or MailId Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or (2) mailId[] parameter to index.php/mail/mail/movetofolder/fromFolder/INBOX/toFolder/INBOX.Trash. NOTE: the view attachment message process vector is already covered by CVE-2013-2585.
by Vicente Aguilera Diaz
CVE-2013-6229 EXPLOITDB text VERIFIED
Atmail Webmail Server 7.0.2 - Cross-Site Scripting via Filter or MailId Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or (2) mailId[] parameter to index.php/mail/mail/movetofolder/fromFolder/INBOX/toFolder/INBOX.Trash. NOTE: the view attachment message process vector is already covered by CVE-2013-2585.
by Vicente Aguilera Diaz
CVE-2013-6229 EXPLOITDB text VERIFIED
Atmail Webmail Server 7.0.2 - Cross-Site Scripting via Filter or MailId Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or (2) mailId[] parameter to index.php/mail/mail/movetofolder/fromFolder/INBOX/toFolder/INBOX.Trash. NOTE: the view attachment message process vector is already covered by CVE-2013-2585.
by Vicente Aguilera Diaz
CVE-2012-3001 EXPLOITDB ruby VERIFIED
Mutiny Standard <4.5-1.12 - Command Injection
Mutiny Standard before 4.5-1.12 allows remote attackers to execute arbitrary commands via the network-interface menu, related to a "command injection vulnerability."
by Metasploit
EIP-2026-108039 EXPLOITDB text VERIFIED
Jaow CMS - 'add_ons' Cross-Site Scripting
by Metropolis
EIP-2026-119103 EXPLOITDB ruby VERIFIED
Sami FTP Server - 'LIST' Buffer Overflow (Metasploit)
by Metasploit
CVE-2012-4914 EXPLOITDB ruby VERIFIED
CoolPDF 3.0.2.256 - Buffer Overflow
Stack-based buffer overflow in the reader in CoolPDF 3.0.2.256 allows remote attackers to execute arbitrary code via a PDF document with a crafted stream.
by Metasploit
EIP-2026-117761 EXPLOITDB text VERIFIED
Photodex ProShow Gold/Producer 5.0.3310/6.0.3410 - 'ScsiAccess.exe' Local Privilege Escalation
by Julien Ahrens
EIP-2026-113830 EXPLOITDB html VERIFIED
WordPress Plugin IndiaNIC FAQs Manager 1.0 - Multiple Vulnerabilities
by m3tamantra
EIP-2026-113829 EXPLOITDB ruby
WordPress Plugin IndiaNIC FAQs Manager 1.0 - Blind SQL Injection
by m3tamantra
EIP-2026-112444 EXPLOITDB text VERIFIED
Stradus CMS 1.0beta4 - Multiple Vulnerabilities
by DaOne
EIP-2026-112211 EXPLOITDB text VERIFIED
Slash CMS - Multiple Vulnerabilities
by DaOne
CVE-2013-1891 EXPLOITDB MEDIUM text VERIFIED
OpenCart 1.4.7-1.5.5.1 - Path Traversal via Filemanager Bypass
In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filemanager.php is ineffective and can be bypassed.
by waraxe
CVSS 6.5
EIP-2026-107137 EXPLOITDB text VERIFIED
Flatnux CMS 2013-01.17 - 'index.php' Local File Inclusion
by DaOne
EIP-2026-104919 EXPLOITDB text VERIFIED
AContent 1.3 - Local File Inclusion
by DaOne
CVE-2011-3923 EXPLOITDB CRITICAL ruby VERIFIED
Apache Struts <2.3.1.2 - Command Injection
Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.
by Metasploit
CVSS 9.8
CVE-2012-1663 EXPLOITDB text
GnuTLS < 3.0.14 - Double Free via Crafted Certificate List
Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.
by Shawn the R0ck
EIP-2026-102030 EXPLOITDB perl
StarVedia IPCamera IC502w IC502w+ v020313 - 'Username'/Password Disclosure
by Todor Donev
EIP-2026-101102 EXPLOITDB text
TP-Link TL-WR740N Wireless Router - Denial of Service
by LiquidWorm
EIP-2026-117089 EXPLOITDB html VERIFIED
EastFTP 4.6.02 - ActiveX Control
by Dr_IDE
EIP-2026-118325 EXPLOITDB python VERIFIED
BlazeVideo HDTV Player Standard - '.plf' File Remote Buffer Overflow
by metacom