Exploitdb Exploits

50,083 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-0807 EXPLOITDB text VERIFIED
gpEasy CMS < 3.5.2 - Cross-Site Scripting via Section Parameter
Cross-site scripting (XSS) vulnerability in the NewSectionPrompt function in include/tool/editing_page.php in gpEasy CMS 3.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the section parameter in a new_section action to index.php.
by High-Tech Bridge SA
EIP-2026-113680 EXPLOITDB text VERIFIED
WordPress Plugin Developer Formatter - Cross-Site Request Forgery
by Junaid Hussain
CVE-2013-1402 EXPLOITDB text VERIFIED
DigiLIBE 3.4 - Exposure of Sensitive Configuration Information via Direct Request
DigiLIBE 3.4 and possibly other versions sends a redirect but does not exit, which allows remote attackers to obtain sensitive configuration information via a direct request to configuration/general_configuration.html.
by Robert Gilbert
EIP-2026-104968 EXPLOITDB text VERIFIED
Adult WebMaster Script - Password Disclosure
by Dshellnoi Unix
CVE-2013-1410 EXPLOITDB MEDIUM text VERIFIED
Perforce P4web 2011.1 and 2012.1 - Cross-Site Scripting
Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities
by Christy Philip Mathew
CVSS 6.1
CVE-2013-10070 EXPLOITDB CRITICAL ruby VERIFIED
PHP-Charts 1.0 - Unauthenticated Remote Code Execution via GET Parameter Eval Injection
PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval() without sanitization. A remote attacker can exploit this flaw by crafting a request that injects arbitrary PHP code, resulting in command execution under the web server's context. The vulnerability allows unauthenticated attackers to execute system-level commands via base64-encoded payloads embedded in parameter names, leading to full compromise of the host system.
by Metasploit
EIP-2026-109848 EXPLOITDB text VERIFIED
NConf 1.3 - Arbitrary File Creation
by haidao
EIP-2026-109847 EXPLOITDB text VERIFIED
NConf 1.3 - '/detail.php/detail_admin_items.php?id' SQL Injection
by haidao
EIP-2026-103952 EXPLOITDB ruby VERIFIED
Jenkins - Script-Console Java Execution (Metasploit)
by Metasploit
CVE-2013-0221 EXPLOITDB text VERIFIED
Red Hat Enterprise Linux - Denial of Service via Long String to sort Command with -d or -M Switch
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function.
by anonymous
CVE-2012-2997 EXPLOITDB text VERIFIED
F5 BIG-IP <11.2.1 - Info Disclosure
XML External Entity (XXE) vulnerability in sam/admin/vpe2/public/php/server.php in F5 BIG-IP 10.0.0 through 10.2.4 and 11.0.0 through 11.2.1 allows remote authenticated users to read arbitrary files via a crafted XML file.
by anonymous
EIP-2026-116772 EXPLOITDB text
Aloaha Credential Provider Monitor 5.0.226 - Local Privilege Escalation
by LiquidWorm
EIP-2026-111950 EXPLOITDB text VERIFIED
Scripts Genie Classified Ultra - SQL Injection / Cross-Site Scripting
by 3spi0n
EIP-2026-114011 EXPLOITDB text VERIFIED
WordPress Plugin Ripe HD FLV Player - SQL Injection
by Zikou-16
EIP-2026-108309 EXPLOITDB text VERIFIED
Joomla! Component com_collector - Arbitrary File Upload
by Red Dragon_al
CVE-2013-10070 EXPLOITDB CRITICAL text VERIFIED
PHP-Charts 1.0 - Unauthenticated Remote Code Execution via GET Parameter Eval Injection
PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval() without sanitization. A remote attacker can exploit this flaw by crafting a request that injects arbitrary PHP code, resulting in command execution under the web server's context. The vulnerability allows unauthenticated attackers to execute system-level commands via base64-encoded payloads embedded in parameter names, leading to full compromise of the host system.
by AkaStep
EIP-2026-117712 EXPLOITDB c
Nvidia Display Driver Service (Nsvr) - Local Buffer Overflow
by Jon Bailey
CVE-2013-1360 EXPLOITDB CRITICAL text
SonicWall GMS Analyzer UMA ViewPoint - Authentication Bypass via SGMS Interface
An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access.
by Nikolas Sotiriu
CVSS 9.8
CVE-2013-1359 EXPLOITDB CRITICAL perl
DELL SonicWALL Analyzer 7.0, GMS 4.1-7.0, UMA 5.1-7.0, ViewPoint 4.1-6.0 - Authentication Bypass
An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account.
by Nikolas Sotiriu
CVSS 9.8
EIP-2026-103953 EXPLOITDB ruby
Jenkins CI Script Console - Command Execution (Metasploit)
by Spencer McIntyre
CVE-2013-0177 EXPLOITDB text VERIFIED
Apache OFBiz 10.04.x < 10.04.05 and 11.04.01 - Authenticated Cross-Site Scripting via Widget Attributes
Multiple cross-site scripting (XSS) vulnerabilities in widget/screen/ModelScreenWidget.java in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.05, 11.04.01, and possibly 09.04.x allow remote authenticated users to inject arbitrary web script or HTML via the (1) Screenlet.title or (2) Image.alt Widget attribute, as demonstrated by the parentPortalPageId parameter to exampleext/control/ManagePortalPages.
by Juan Caillava
CVE-2012-0432 EXPLOITDB text
NetIQ eDirectory <8.8.7.2 - Buffer Overflow
Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors.
by Gary Nilson
CVE-2013-2679 EXPLOITDB MEDIUM text
Linksys E4200 Firmware 1.0.05 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Linksys E4200 router with firmware 1.0.05 build 7 allow remote attackers to inject arbitrary web script or HTML via the (1) log_type, (2) ping_ip, (3) ping_size, (4) submit_type, or (5) traceroute_ip parameter to apply.cgi or (6) new_workgroup or (7) submit_button parameter to storage/apply.cgi.
by m-1-k-3
CVSS 6.1
EIP-2026-107945 EXPLOITDB text VERIFIED
IP.Gallery - 'img' SQL Injection
by Ashiyane Digital Security Team
EIP-2026-107905 EXPLOITDB text VERIFIED
Invision Gallery 2.0.5 - SQL Injection
by Ashiyane Digital Security Team