Exploitdb Exploits

50,083 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-6550 EXPLOITDB text VERIFIED
ZeroClipboard < 1.1.4 - Cross-Site Scripting via Flash Object clipText
Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via "the clipText returned from the flash object," a different vulnerability than CVE-2013-1808.
by MustLive
EIP-2026-114604 EXPLOITDB text VERIFIED
ZenPhoto - 'index.php' SQL Injection
by HosseinNsn
CVE-2013-1636 EXPLOITDB text VERIFIED
Caseproof Prettylinks < 1.6.2 - XSS
Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews (com_jnews) component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 and 4.3.0 through 4.3.3, allows remote attackers to inject arbitrary web script or HTML via the get-data parameter.
by hiphop
EIP-2026-111813 EXPLOITDB text VERIFIED
RTTucson Quotations Database - Multiple Vulnerabilities
by 3spi0n
EIP-2026-105867 EXPLOITDB text
CKEditor 4.0.1 - Multiple Vulnerabilities
by AkaStep
CVE-2011-4275 EXPLOITDB ruby VERIFIED
iTop 1.1.181 and 1.2.0-RC-282 - Cross-Site Scripting via Multiple Input Vectors
Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted company name, (2) a crafted database server name, (3) a crafted CSV file, (4) a crafted copy-and-paste action, (5) the auth_user parameter in a suggest_pwd action to UI.php, (6) the c[menu] parameter to UniversalSearch.php, (7) the description parameter in a SearchFormToAdd_document_list action to UI.php, (8) the category parameter in an errors action to audit.php, or (9) the suggest_pwd parameter to UI.php.
by Metasploit
EIP-2026-112406 EXPLOITDB text VERIFIED
Squirrelcart - 'table' Cross-Site Scripting
by Gjoko Krstic
CVE-2013-1469 EXPLOITDB text VERIFIED
Piwigo < 2.4.7 - Path Traversal via Install.php DL Parameter
Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the dl parameter.
by LiquidWorm
EIP-2026-105865 EXPLOITDB text VERIFIED
CKEditor - 'posteddata.php' Cross-Site Scripting
by AkaStep
CVE-2013-10060 EXPLOITDB HIGH text
Netgear router <1.0.0.36 - Command Injection
An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. A remote attacker with valid credentials can execute arbitrary commands via crafted input to the pppoe_username parameter. This flaw allows full compromise of the device and may persist across reboots unless configuration is restored.
by m-1-k-3
CVSS 7.2
EIP-2026-118250 EXPLOITDB text VERIFIED
Alt-N MDaemon WorldClient And WebAdmin - Cross-Site Request Forgery
by QSecure
EIP-2026-111955 EXPLOITDB text
Scripts Genie Pet Rate Pro - Multiple Vulnerabilities
by TheMirkin
EIP-2026-111954 EXPLOITDB text VERIFIED
Scripts Genie Hot Scripts Clone - 'showcategory.php?cid' SQL Injection
by Easy Laster
EIP-2026-106075 EXPLOITDB text
Cometchat Application - Multiple Vulnerabilities
by z3r0sPlOiT
EIP-2026-102094 EXPLOITDB text
USB Sharp 1.3.4 iPad iPhone - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-100434 EXPLOITDB text VERIFIED
MIMEsweeper For SMTP - Multiple Cross-Site Scripting Vulnerabilities
by Anastasios Monachos
CVE-2013-1592 EXPLOITDB CRITICAL text VERIFIED
SAP NetWeaver - Buffer Overflow in Message Server _MsJ2EE_AddStatistics() Function
A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user execute arbitrary code.
by Core Security
CVSS 9.8
EIP-2026-111956 EXPLOITDB text VERIFIED
Scripts Genie Top Sites - 'out.php?id' SQL Injection
by 3spi0n
EIP-2026-111953 EXPLOITDB text VERIFIED
Scripts Genie Games Site Script - 'index.php?id' SQL Injection
by 3spi0n
EIP-2026-111952 EXPLOITDB text VERIFIED
Scripts Genie Gallery Personals - 'gallery.php?L' SQL Injection
by 3spi0n
EIP-2026-111951 EXPLOITDB text VERIFIED
Scripts Genie Domain Trader - 'catalog.php?id' SQL Injection
by 3spi0n
EIP-2026-117764 EXPLOITDB python VERIFIED
Photodex ProShow Producer 5.0.3297 - '.pxs' Memory Corruption
by Julien Ahrens
EIP-2026-106073 EXPLOITDB text VERIFIED
Cometchat - Multiple Vulnerabilities
by B127Y
EIP-2026-105828 EXPLOITDB text VERIFIED
ChillyCMS 1.3.0 - Multiple Vulnerabilities
by Abhi M Balakrishnan
CVE-2012-6276 EXPLOITDB text
TP-LINK TL-WR841N Firmware 3.13.9 build 120201 Rel.54965n - Path Traversal via URL Parameter
Directory traversal vulnerability in the web-based management interface on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via the URL parameter.
by m-1-k-3