Exploitdb Exploits

50,083 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-114916 EXPLOITDB python VERIFIED
Apple Quick Time Player (Windows) 7.7.3 - Out of Bound Read
by Debasish Mandal
EIP-2026-109035 EXPLOITDB text
Kohana Framework 2.3.3 - Directory Traversal
by Vulnerability-Lab
CVE-2013-0333 EXPLOITDB ruby VERIFIED
Ruby on Rails 2.3.x-2.3.15 and 3.0.x-3.0.19 - Remote Code Execution via YAML Deserialization
lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156.
by Metasploit
CVE-2013-1391 EXPLOITDB HIGH text VERIFIED
Hunt CCTV DVR Firmware - Unauthenticated Configuration Disclosure
Authentication bypass vulnerability in the the web interface in Hunt CCTV, Capture CCTV, Hachi CCTV, NoVus CCTV, and Well-Vision Inc DVR systems allows a remote attacker to retrieve the device configuration.
by Alejandro Ramos
CVSS 7.5
CVE-2013-1471 EXPLOITDB text
FortiMail < 4.3.4 - Stored Cross-Site Scripting via Black List or Personal Black/White List
Multiple cross-site scripting (XSS) vulnerabilities in admin/FEAdmin.html in Fortinet FortiMail before 4.3.4 on FortiMail Identity-Based Encryption (IBE) appliances allow user-assisted remote attackers to inject arbitrary web script or HTML via (1) the Add field for the Black List under Antispam Management User Preferences or (2) the User name field for the Personal Black/White List in the AntiSpam section.
by Vulnerability-Lab
EIP-2026-100971 EXPLOITDB text
pfSense UTM Platform 2.0.1 - Cross-Site Scripting
by Dimitris Strevinas
CVE-2013-1412 EXPLOITDB text VERIFIED
DataLife Engine 9.7 - Remote Code Execution via catlist[] Parameter
DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier.
by EgiX
CVE-2013-1451 EXPLOITDB text
Microsoft Internet Explorer 8-9 - CSRF
Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent with the Address bar, which makes it easier for remote attackers to spoof web sites via a crafted HTML document that triggers many HTTPS requests to an arbitrary host, followed by an HTTPS request to a trusted host and then an HTTP request to an untrusted host, a related issue to CVE-2013-1450.
by Christian Haider
EIP-2026-110791 EXPLOITDB text VERIFIED
PHP weby directory software 1.2 - Multiple Vulnerabilities
by AkaStep
CVE-2013-7387 EXPLOITDB text VERIFIED
DataLife Engine <9.7 - Info Disclosure
Session fixation vulnerability in DataLife Engine (DLE) 9.7 and earlier allows remote attackers to hijack web sessions via the PHPSESSID cookie.
by EgiX
EIP-2026-117534 EXPLOITDB ruby VERIFIED
Microsoft Windows - Manage Memory Payload Injection (Metasploit)
by Metasploit
EIP-2026-114076 EXPLOITDB text VERIFIED
WordPress Plugin SolveMedia 1.1.0 - Cross-Site Request Forgery
by Junaid Hussain
EIP-2026-111251 EXPLOITDB text VERIFIED
PHPWeby Free Directory Script - 'contact.php' Multiple SQL Injections
by AkaStep
CVE-2012-6290 EXPLOITDB text
ImageCMS < 4.2 - Authenticated SQL Injection via Admin Search Parameter
SQL injection vulnerability in ImageCMS before 4.2 allows remote authenticated administrators to execute arbitrary SQL commands via the q parameter to admin/admin_search/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
by High-Tech Bridge SA
EIP-2026-107716 EXPLOITDB text VERIFIED
iCart Pro - 'section' SQL Injection
by n3tw0rk
CVE-2013-0232 EXPLOITDB ruby VERIFIED
ZoneMinder Video Server <1.25.0 - Command Injection
includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) runState parameter in the packageControl function; or (2) key or (3) command parameter in the setDeviceStatusX10 function.
by Metasploit
EIP-2026-114889 EXPLOITDB text VERIFIED
Aloaha PDF Crypter (3.5.0.1164) - ActiveX Arbitrary File Overwrite
by shinnai
CVE-2013-0332 EXPLOITDB ruby VERIFIED
ZoneMinder 1.24.x - Path Traversal via View Request or Action Parameter
Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) view, (2) request, or (3) action parameter.
by Metasploit
CVE-2013-1463 EXPLOITDB text VERIFIED
WP-Table Reloaded < 1.9.4 - Cross-Site Scripting via id Parameter
Cross-site scripting (XSS) vulnerability in js/tabletools/zeroclipboard.swf in the WP-Table Reloaded module before 1.9.4 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this might be the same vulnerability as CVE-2013-1808. If so, it is likely that CVE-2013-1463 will be REJECTed.
by hiphop
EIP-2026-104454 EXPLOITDB python VERIFIED
SQLiteManager 1.2.4 - Remote PHP Code Injection
by RealGame
CVE-2013-1359 EXPLOITDB CRITICAL ruby VERIFIED
DELL SonicWALL Analyzer 7.0, GMS 4.1-7.0, UMA 5.1-7.0, ViewPoint 4.1-6.0 - Authentication Bypass
An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account.
by Metasploit
CVSS 9.8
CVE-2012-0432 EXPLOITDB ruby VERIFIED
NetIQ eDirectory <8.8.7.2 - Buffer Overflow
Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors.
by Metasploit
CVE-2012-5088 EXPLOITDB ruby VERIFIED
Oracle Java SE <7.7 - Info Disclosure
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
by Metasploit
CVE-2012-5076 EXPLOITDB CRITICAL ruby VERIFIED
Java Applet AverageRangeStatisticImpl Remote Code Execution
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.
by Metasploit
CVSS 9.8
EIP-2026-114312 EXPLOITDB text VERIFIED
WordPress Theme Chocolate WP - Multiple Vulnerabilities
by Eugene Dokukin