Exploitdb Exploits

50,083 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-102742 EXPLOITDB text VERIFIED
Squid - 'httpMakeVaryMark()' Remote Denial of Service
by tytusromekiatomek
EIP-2026-109849 EXPLOITDB text VERIFIED
Nconf 1.3 - Multiple SQL Injections
by Saadi Siddiqui
EIP-2026-102376 EXPLOITDB text VERIFIED
HP Intelligent Management Center - 'topoContent.jsf' Cross-Site Scripting
by Julien Ahrens
CVE-2013-2271 EXPLOITDB text
D-Link DSL-2740B Firmware EU_1.0 - Unauthenticated Authentication Bypass via login.cgi
The D-Link DSL-2740B Gateway with firmware EU_1.0, when an active administrator session exists, allows remote attackers to bypass authentication and gain administrator access via a request to login.cgi.
by Ivano Binetti
EIP-2026-111345 EXPLOITDB text VERIFIED
Plogger - Multiple Input Validation Vulnerabilities
by Saadat Ullah
CVE-2013-1468 EXPLOITDB text VERIFIED
Piwigo < 2.4.7 - Cross-Site Request Forgery via LocalFiles Editor Plugin
Cross-site request forgery (CSRF) vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create arbitrary PHP files via unspecified vectors.
by High-Tech Bridge SA
EIP-2026-119104 EXPLOITDB python VERIFIED
Sami FTP Server 2.0.1 - 'LIST' Buffer Overflow
by superkojiman
CVE-2013-7280 EXPLOITDB python VERIFIED
HansoTools Hanso Player <2.5.0 - Buffer Overflow
Buffer overflow in HansoTools Hanso Player 2.1.0, 2.5.0, and earlier allows remote attackers to cause a denial of service (crash) via a long string in a .m3u file.
by metacom
CVE-2013-2287 EXPLOITDB text VERIFIED
Uploader 1.0.4 - Cross-Site Scripting via Notify or Blog Parameter
Multiple cross-site scripting (XSS) vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter.
by CodeV
EIP-2026-111632 EXPLOITDB html VERIFIED
Question2Answer - Cross-Site Request Forgery
by MustLive
CVE-2013-1469 EXPLOITDB text VERIFIED
Piwigo < 2.4.7 - Path Traversal via Install.php DL Parameter
Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the dl parameter.
by High-Tech Bridge SA
CVE-2013-7375 EXPLOITDB text
PHP-Fusion <7.02.05 - SQL Injection
SQL injection vulnerability in includes/classes/Authenticate.class.php in PHP-Fusion 7.02.01 through 7.02.05 allows remote attackers to execute arbitrary SQL commands via the user ID in a user cookie, a different vulnerability than CVE-2013-1803.
by waraxe
EIP-2026-106544 EXPLOITDB text VERIFIED
doorGets CMS - Cross-Site Request Forgery
by n0pe
CVE-2013-2289 EXPLOITDB text VERIFIED
Batavi 1.2.2 - Cross-Site Scripting via QUERY_STRING to admin/index.php
Cross-site scripting (XSS) vulnerability in admin/templates/default.php in Batavi 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to admin/index.php.
by Dognaedis
CVE-2013-2560 EXPLOITDB text VERIFIED
Foscam <11.37.2.49 - Path Traversal
Directory traversal vulnerability in the web interface on Foscam devices with firmware before 11.37.2.49 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI, as demonstrated by discovering (1) web credentials or (2) Wi-Fi credentials.
by Frederic Basse
EIP-2026-102983 EXPLOITDB c VERIFIED
rpi-update - Insecure Temporary File Handling / Security Bypass
by Technion
EIP-2026-113639 EXPLOITDB text VERIFIED
WordPress Plugin Comment Rating 2.9.32 - Multiple Vulnerabilities
by ebanyu
CVE-2013-1453 EXPLOITDB text VERIFIED
Joomla! 2.5.x-3.0.2 - PHP Object Injection via Highlight Parameter
plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight parameter. Note: it was originally reported that this issue only allowed attackers to obtain sensitive information, but later analysis demonstrated that other attacks exist.
by EgiX
EIP-2026-107359 EXPLOITDB text VERIFIED
Geeklog - Cross-Site Scripting
by High-Tech Bridge
CVE-2013-1763 EXPLOITDB c
Linux Kernel < 3.4.34 - Local Privilege Escalation via Netlink Message Family Value
Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message.
by sd
CVE-2013-10067 EXPLOITDB CRITICAL ruby VERIFIED
Glossword 1.8.8-1.8.12 - Authenticated Arbitrary File Upload and Remote Code Execution via Administrative Interface
Glossword versions 1.8.8 through 1.8.12 contain an authenticated arbitrary file upload vulnerability. When deployed as a standalone application, the administrative interface (gw_admin.php) allows users with administrator privileges to upload files to the gw_temp/a/ directory. Due to insufficient validation of file type and path, attackers can upload and execute PHP payloads, resulting in remote code execution.
by Metasploit
CVE-2013-10066 EXPLOITDB CRITICAL ruby VERIFIED
Kordil EDMS v2.2.60rc3 - Unauthenticated RCE
An unauthenticated arbitrary file upload vulnerability exists in Kordil EDMS v2.2.60rc3. The application exposes an upload endpoint (users_add.php) that allows attackers to upload files to the /userpictures/ directory without authentication. This flaw enables remote code execution by uploading a PHP payload and invoking it via a direct HTTP request.
by Metasploit
EIP-2026-111783 EXPLOITDB text
Rix4Web Portal - Blind SQL Injection
by L0n3ly-H34rT
EIP-2026-109621 EXPLOITDB text VERIFIED
MTP Poll 1.0 - Multiple Cross-Site Scripting Vulnerabilities
by LiquidWorm
EIP-2026-109620 EXPLOITDB text VERIFIED
MTP Image Gallery 1.0 - 'edit_photos.php?title' Cross-Site Scripting
by LiquidWorm