Exploitdb Exploits

50,083 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-101204 EXPLOITDB text VERIFIED
Cisco Video Surveillance Operations Manager - Multiple Vulnerabilities
by b.saleh
CVE-2013-0074 EXPLOITDB HIGH ruby VERIFIED
Microsoft Silverlight <5.1.20125.0 - RCE
Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability."
by Metasploit
CVSS 7.8
EIP-2026-104064 EXPLOITDB text VERIFIED
RubyGems fastreader - 'entry_controller.rb' Remote Command Execution
by Larry W. Cashdollar
CVE-2013-2714 EXPLOITDB MEDIUM text VERIFIED
WordPress podPress Plugin <8.8.10.13 - XSS
Cross-site Scripting (XSS) in WordPress podPress Plugin 8.8.10.13 could allow remote attackers to inject arbitrary web script or html via the 'playerID' parameter.
by hiphop
CVSS 6.1
CVE-2013-2503 EXPLOITDB text VERIFIED
Privoxy < 3.0.21 - Proxy Authentication Spoofing via 407 Status Code
Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.
by Chris John Riley
EIP-2026-110996 EXPLOITDB text VERIFIED
PHPBoost - Arbitrary File Upload / Information Disclosure
by KedAns-Dz
EIP-2026-109011 EXPLOITDB text VERIFIED
KindEditor - Multiple Arbitrary File Upload Vulnerabilities
by KedAns-Dz
EIP-2026-112512 EXPLOITDB text VERIFIED
SWFupload - Multiple Content Spoofing / Cross-Site Scripting Vulnerabilities
by MustLive
EIP-2026-105273 EXPLOITDB text VERIFIED
Asteriskguru Queue Statistics - 'warning' Cross-Site Scripting
by Manuel García Cárdenas
EIP-2026-114543 EXPLOITDB text VERIFIED
Your Own Classifieds - Cross-Site Scripting
by Rafay Baloch
CVE-2013-2501 EXPLOITDB text VERIFIED
terillion_reviews_plugin < 1.1 - Cross-Site Scripting via ProfileId Field
Cross-site scripting (XSS) vulnerability in the Terillion Reviews plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ProfileId field.
by Aditya Balapure
CVE-2013-5094 EXPLOITDB text VERIFIED
McAfee Vulnerability Manager 7.5 - Cross-Site Scripting via cert_cn Cookie Parameter
Cross-site scripting (XSS) vulnerability in index.exp in McAfee Vulnerability Manager 7.5 allows remote attackers to inject arbitrary web script or HTML via the cert_cn cookie parameter.
by Asheesh Anaconda
CVE-2013-20006 EXPLOITDB HIGH text VERIFIED
Qool CMS Multiple Persistent Cross-Site Scripting Vulnerabilities
Qool CMS contains multiple persistent cross-site scripting vulnerabilities in several administrative scripts where POST parameters are not properly sanitized before being stored and returned to users. Attackers can inject malicious JavaScript code through parameters like 'title', 'name', 'email', 'username', 'link', and 'task' in endpoints such as addnewtype, addnewdatafield, addmenu, addusergroup, addnewuserfield, adduser, addgeneraldata, and addcontentitem to execute arbitrary scripts in administrator browsers.
by LiquidWorm
CVSS 7.5
CVE-2013-20005 EXPLOITDB MEDIUM text VERIFIED
Qool CMS 2.0 RC2 Cross-Site Request Forgery via adduser
Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious web pages. Attackers can forge POST requests to the /admin/adduser endpoint with parameters like username, password, email, and level to create root-level user accounts without user consent.
by LiquidWorm
CVSS 5.3
CVE-2013-1668 EXPLOITDB text
CosCMS < 1.822 - Authenticated OS Command Injection via Uploaded File Name
The uploadFile function in upload/index.php in CosCMS before 1.822 allows remote administrators to execute arbitrary commands via shell metacharacters in the name of an uploaded file.
by High-Tech Bridge SA
CVE-2013-1861 EXPLOITDB text VERIFIED
MariaDB 5.1.x-5.5.x - Denial of Service via Crafted Geometry Feature
MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.
by Alyssa Milburn
EIP-2026-100860 EXPLOITDB text
mnoGoSearch 3.3.12 (search.cgi) - Arbitrary File Read
by Sergey Bobrov
CVE-2013-1406 EXPLOITDB c
VMware Workstation 8.x-9.x, Fusion 4.1-5.0, View 4.x-5.x, ESXi 4.0-5.1, ESX 4.0-4.1 Privilege Escalation
The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x before 9.0.1 on Windows, VMware Fusion 4.1 before 4.1.4 and 5.0 before 5.0.2, VMware View 4.x before 4.6.2 and 5.x before 5.1.2 on Windows, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 does not properly restrict memory allocation by control code, which allows local users to gain privileges via unspecified vectors.
by Artem Shishkin
EIP-2026-102292 EXPLOITDB text
Remote File Manager 1.2 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2013-2504 EXPLOITDB text VERIFIED
Matrix42 Service Store <5.33.946.0 - XSS
Cross-site scripting (XSS) vulnerability in SPS/Portal/default.aspx in Service Desk in Matrix42 Service Store 5.3 SP3 (aka 5.33.946.0) allows remote attackers to inject arbitrary web script or HTML via the query string.
by 43zsec
EIP-2026-115513 EXPLOITDB text
Kaspersky Internet Security 2013 - Denial of Service
by Marc Heuse
EIP-2026-113659 EXPLOITDB text VERIFIED
WordPress Plugin Count Per Day - 'daytoshow' Cross-Site Scripting
by alejandr0.m0f0
CVE-2012-4284 EXPLOITDB CRITICAL ruby VERIFIED
Viscosity 1.4.1 - Privilege Escalation via ViscosityHelper Path Validation Issue
A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execute arbitrary code
by Metasploit
CVSS 9.8
CVE-2012-3485 EXPLOITDB ruby VERIFIED
Tunnelblick < 3.3beta20 - Privilege Escalation via argv[0] Pathname Manipulation
Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine the name of an appropriate (1) kernel module pathname or (2) executable file pathname, which allows local users to gain privileges via an execl system call.
by Metasploit
EIP-2026-103691 EXPLOITDB text VERIFIED
Varnish Cache - Multiple Denial of Service Vulnerabilities
by tytusromekiatomek