Exploitdb Exploits

50,083 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-109619 EXPLOITDB text VERIFIED
MTP Guestbook 1.0 - Multiple Cross-Site Scripting Vulnerabilities
by LiquidWorm
EIP-2026-105619 EXPLOITDB perl VERIFIED
Brewthology 0.1 - SQL Injection
by cr4wl3r
CVE-2013-0803 EXPLOITDB CRITICAL ruby VERIFIED
PolarBear CMS 2.5 - Unauthenticated Arbitrary File Upload via upload.php
A PHP File Upload Vulnerability exists in PolarBear CMS 2.5 via upload.php, which could let a malicious user execute arbitrary code.
by Metasploit
CVSS 9.8
CVE-2012-5337 EXPLOITDB text VERIFIED
JForum 2.1.9 - Cross-Site Scripting via Action, Match Type, Sort By, or Start Parameters
Multiple cross-site scripting (XSS) vulnerabilities in jforum.page in JForum 2.1.9 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) match_type, (3) sort_by, or (4) start parameters.
by ZeroDayLab
EIP-2026-102250 EXPLOITDB text
iOS IPMap 2.5 - Arbitrary File Upload
by Vulnerability-Lab
EIP-2026-102118 EXPLOITDB text
WiFilet 1.2 iPad iPhone - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2013-1765 EXPLOITDB text VERIFIED
smart-flv - Cross-Site Scripting via link or playerready Parameter
Multiple cross-site scripting (XSS) vulnerabilities in jwplayer.swf in the smart-flv plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) link or (2) playerready parameter.
by Henri Salo
EIP-2026-111168 EXPLOITDB text VERIFIED
phpMyRecipes - Multiple HTML Injection Vulnerabilities
by PDS
CVE-2013-0431 EXPLOITDB MEDIUM ruby VERIFIED
Oracle JRE 7 through Update 11 and OpenJDK 7 - Security Sandbox Bypass via JMX
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490.
by Metasploit
CVSS 5.3
CVE-2013-1763 EXPLOITDB c VERIFIED
Linux Kernel < 3.4.34 - Local Privilege Escalation via Netlink Message Family Value
Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message.
by SynQ
EIP-2026-101517 EXPLOITDB text
AirDrive HD 1.6 iPad iPhone - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-119035 EXPLOITDB text VERIFIED
Photodex ProShow Producer - Multiple DLL Loading Arbitrary Code Execution Vulnerabilities
by Julien Ahrens
CVE-2013-0025 EXPLOITDB ruby VERIFIED
Microsoft Internet Explorer 8 - Remote Code Execution via SLayoutRun Use-After-Free
Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer SLayoutRun Use After Free Vulnerability."
by Metasploit
EIP-2026-107084 EXPLOITDB text VERIFIED
File Manager - HTML Injection / Local File Inclusion
by Benjamin Kunz Mejri
EIP-2026-119349 EXPLOITDB text
Alt-N MDaemon WorldClient 13.0.3 - Multiple Vulnerabilities
by QSecure & Demetris Papapetrou
EIP-2026-119348 EXPLOITDB text
Alt-N MDaemon 12.5.6/13.0.3 - Email Body HTML/JS Injection
by QSecure & Demetris Papapetrou
EIP-2026-113215 EXPLOITDB text VERIFIED
Web Cookbook - Multiple Vulnerabilities
by cr4wl3r
EIP-2026-111814 EXPLOITDB text VERIFIED
RTTucson Quotations Database Script - Authentication Bypass
by cr4wl3r
EIP-2026-111169 EXPLOITDB text VERIFIED
PHPMyRecipes 1.2.2 - 'viewrecipe.php?r_id' SQL Injection
by cr4wl3r
EIP-2026-111165 EXPLOITDB text VERIFIED
PHPmyGallery 1.5 - Local File Disclosure / Cross-Site Scripting
by TheMirkin
EIP-2026-110286 EXPLOITDB text VERIFIED
OpenEMR - 'site' Cross-Site Scripting
by Gjoko Krstic
CVE-2013-1466 EXPLOITDB text
glFusion < 1.2.2.pl4 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in glFusion before 1.2.2.pl4 allow remote attackers to inject arbitrary web script or HTML via the (1) subject parameter to profiles.php; (2) address1, (3) address2, (4) calendar_type, (5) city, (6) state, (7) title, (8) url, or (9) zipcode parameter to calendar/index.php; (10) title or (11) url parameter to links/index.php; or (12) PATH_INFO to admin/plugins/mediagallery/xppubwiz.php/.
by High-Tech Bridge SA
CVE-2010-3333 EXPLOITDB HIGH python VERIFIED
Microsoft Office - Stack-based Buffer Overflow via Crafted RTF Data
Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."
by g11tch
CVSS 7.8
CVE-2012-6275 EXPLOITDB ruby VERIFIED
BigAntSoft BigAnt IM Message Server - Stack-Based Buffer Overflow via SCH or DUPF Request
Multiple stack-based buffer overflows in AntDS.exe in BigAntSoft BigAnt IM Message Server allow remote attackers to have an unspecified impact via (1) the filename header in an SCH request or (2) the userid component in a DUPF request.
by Metasploit
CVE-2012-6274 EXPLOITDB ruby VERIFIED
BigAntSoft BigAnt IM Message Server - Unauthenticated Arbitrary File Write via File Upload
BigAntSoft BigAnt IM Message Server does not require authentication for file uploading, which allows remote attackers to create arbitrary files under AntServer\DocData\Public via unspecified vectors.
by Metasploit