Exploitdb Exploits

50,083 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-106324 EXPLOITDB text VERIFIED
Cydia Repo Manager - Cross-Site Request Forgery
by Ramdan Yantu
CVE-2012-6096 EXPLOITDB ruby VERIFIED
Nagios Core < 3.4.4 / Icinga 1.6.x < 1.6.2, 1.7.x < 1.7.4, 1.8.x < 1.8.4 - Stack-Based Buffer Overflow
Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable.
by Metasploit
CVE-2013-0397 EXPLOITDB text VERIFIED
Oracle Applications Framework - Info Disclosure
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Diagnostics.
by Trustwave's SpiderLabs
CVE-2012-6066 EXPLOITDB ruby VERIFIED
freeSSHd < 1.2.6 - Unauthenticated Authentication Bypass via Crafted Session
freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.
by Metasploit
EIP-2026-111120 EXPLOITDB text VERIFIED
phpLiteAdmin - 'table' SQL Injection
by KedAns-Dz
EIP-2026-105998 EXPLOITDB text
CMS snews - SQL Injection
by By onestree
EIP-2026-116235 EXPLOITDB python VERIFIED
Serva 2.0.0 - HTTP Server GET Remote Denial of Service
by Julien Ahrens
EIP-2026-116234 EXPLOITDB python VERIFIED
Serva 2.0.0 - DNS Server QueryName Remote Denial of Service
by Julien Ahrens
CVE-2009-4571 EXPLOITDB text VERIFIED
PhpShop 0.8.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in index.php in PhpShop 0.8.1 allow remote attackers to execute arbitrary SQL commands via the (1) module_id parameter in an admin/function_list action, the (2) vendor_id parameter in a vendor/vendor_form action, the (3) module_id parameter in an admin/module_form action, the (4) user_id parameter in an admin/user_form action, the (5) vendor_category_id parameter in a vendor/vendor_category_form action, the (6) user_id parameter in a store/user_form action, the (7) payment_method_id parameter in a store/payment_method_form action, the (8) tax_rate_id parameter in a tax/tax_form action, or the (9) category parameter in a shop/browse action. NOTE: the product_id vector is already covered by CVE-2008-0681.
by By onestree
EIP-2026-110586 EXPLOITDB text VERIFIED
phlyLabs phlyMail Lite 4.03.04 - Full Path Disclosure / Persistent Cross-Site Scripting
by LiquidWorm
CVE-2013-5123 EXPLOITDB MEDIUM text VERIFIED
pip < 1.5 - Man-in-the-Middle Attack via Insecure Mirror DNS Querying
The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.
by LiquidWorm
CVSS 5.9
CVE-2012-6096 EXPLOITDB python VERIFIED
Nagios Core < 3.4.4 / Icinga 1.6.x < 1.6.2, 1.7.x < 1.7.4, 1.8.x < 1.8.4 - Stack-Based Buffer Overflow
Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable.
by blasty
EIP-2026-118853 EXPLOITDB text VERIFIED
Microsoft Lync 2010 4.0.7577.0 - User-Agent Header Handling Arbitrary Command Execution
by Christopher Emerson
EIP-2026-111121 EXPLOITDB text VERIFIED
PHPLiteAdmin 1.9.3 - Remote PHP Code Injection
by L@usch
CVE-2013-0422 EXPLOITDB CRITICAL ruby VERIFIED
Oracle JDK 7 - Remote Code Execution via JMX MBean Instantiator and Reflection API
Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recursive Reflection API issue to CVE-2012-3174, but CVE-2012-3174 is for a different vulnerability whose details are not public as of 20130114. CVE-2013-0422 covers both the JMX/MBean and Reflection API issues. NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks. NOTE: as of 20130114, a reliable third party has claimed that the findClass/MBeanInstantiator vector was not fixed in Oracle Java 7 Update 11. If there is still a vulnerable condition, then a separate CVE identifier might be created for the unfixed issue.
by Metasploit
CVSS 9.8
CVE-2012-5876 EXPLOITDB text
Nero MediaHome < 4.5.8.0 - Denial of Service via Long HTTP Request or Referer Header
Multiple off-by-one errors in NMMediaServerService.dll in Nero MediaHome 4.5.8.0 and earlier allow remote attackers to cause a denial of service (crash) via a long string in the (1) request line or (2) HTTP Referer header to TCP port 54444, which triggers a heap-based buffer overflow.
by High-Tech Bridge SA
CVE-2012-1876 EXPLOITDB html VERIFIED
Microsoft Internet Explorer 6-9 and 10 Consumer Preview - Remote Code Execution via Col Element Handling
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
by sickness
CVE-2011-1996 EXPLOITDB ruby VERIFIED
Microsoft Internet Explorer <9 - RCE
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Option Element Remote Code Execution Vulnerability."
by Metasploit
EIP-2026-118642 EXPLOITDB ruby VERIFIED
Honeywell Tema Remote Installer - ActiveX Remote Code Execution (Metasploit)
by Metasploit
CVE-2012-5877 EXPLOITDB text
Nero MediaHome < 4.5.8.0 - Denial of Service via HTTP Header Without Name
Nero MediaHome 4.5.8.0 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an HTTP header without a name.
by High-Tech Bridge SA
EIP-2026-113778 EXPLOITDB text VERIFIED
WordPress Plugin Gallery - 'filename_1' Arbitrary File Access
by Beni_Vanda
EIP-2026-104724 EXPLOITDB ruby VERIFIED
eXtplorer 2.1 - Arbitrary File Upload (Metasploit)
by Metasploit
CVE-2013-0156 EXPLOITDB ruby VERIFIED
Ruby on Rails JSON Processor YAML Deserialization Code Execution
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.
by Metasploit
EIP-2026-101005 EXPLOITDB python
Colloquy 1.3.5/1.3.6 - Denial of Service
by UberLame
CVE-2012-6429 EXPLOITDB html VERIFIED
Samsung Kies < 2.5.0.12114_1 - Remote Code Execution via SyncService.dll PrepareSync Password Argument
Buffer overflow in the PrepareSync method in the SyncService.dll ActiveX control in Samsung Kies before 2.5.1.12123_2_7 allows remote attackers to execute arbitrary code via a long string to the password argument.
by High-Tech Bridge