Exploitdb Exploits

50,091 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-108376 EXPLOITDB text VERIFIED
Joomla! Component com_incapsula - Multiple Cross-Site Scripting Vulnerabilities
by Gjoko Krstic
EIP-2026-106619 EXPLOITDB text VERIFIED
E Sms Script - Multiple SQL Injections
by cr4wl3r
CVE-2013-0758 EXPLOITDB ruby VERIFIED
Mozilla Firefox < 18.0 - Remote Code Execution via SVG and Plugin Interaction
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements.
by Metasploit
EIP-2026-103428 EXPLOITDB python VERIFIED
BT Home Hub - 'uuid' Buffer Overflow
by Zachary Cutlip
CVE-2013-2299 EXPLOITDB text
Advantech WebAccess < 7.1 - Authenticated Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
by SecPod Research
CVE-2013-10068 EXPLOITDB CRITICAL php VERIFIED
Foxit Reader Plugin 2.2.1.530 - Buffer Overflow
Foxit Reader versions through 5.4.5.0114, including the bundled Foxit Reader Plugin 2.2.1.530, contains a stack-based buffer overflow vulnerability in the npFoxitReaderPlugin.dll module. When a PDF file is loaded from a remote host, an overly long query string in the URL can overflow a buffer, allowing remote attackers to execute arbitrary code.
by rgod
CVE-2013-0722 EXPLOITDB text
Ettercap 0.7.5.1- - Buffer Overflow
Stack-based buffer overflow in the scan_load_hosts function in ec_scan.c in Ettercap 0.7.5.1 and earlier might allow local users to gain privileges via a Trojan horse hosts list containing a long line.
by Sajjad Pourali
CVE-2013-0209 EXPLOITDB ruby VERIFIED
Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution
lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code.
by Metasploit
EIP-2026-100065 EXPLOITDB text VERIFIED
Facebook for Android - 'LoginActivity' Information Disclosure
by Takeshi Terada
EIP-2026-115291 EXPLOITDB python VERIFIED
FoxPlayer 2.9.0 - Denial of Service
by metacom
CVE-2013-0161 EXPLOITDB MEDIUM text VERIFIED
Havalite CMS 1.1.7 - Stored Cross-Site Scripting
Havalite CMS 1.1.7 has a stored XSS vulnerability
by Henri Salo
CVSS 5.4
CVE-2012-6493 EXPLOITDB text VERIFIED
Rapid7 Nexpose < 5.5.4 - Cross-Site Request Forgery via Site Deletion Request
Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console before 5.5.4 allows remote attackers to hijack the authentication of unspecified victims for requests that delete scan data and sites via a request to data/site/delete.
by Robert Gilbert
EIP-2026-110558 EXPLOITDB text VERIFIED
pfSense 2.0.1 - Cross-Site Scripting / Cross-Site Request Forgery / Remote Command Execution
by Yann CAM
EIP-2026-119425 EXPLOITDB text VERIFIED
Simple Web Server 2.3-rc1 - Directory Traversal
by CwG GeNiuS
CVE-2011-5227 EXPLOITDB ruby VERIFIED
Enterasys NetSight < 4.1.0.79 - Remote Code Execution via Long PRIO Field in Syslog Message
Stack-based buffer overflow in the Syslog service (nssyslogd.exe) in Enterasys Network Management Suite (NMS) before 4.1.0.80 allows remote attackers to execute arbitrary code via a long PRIO field in a message to UDP port 514.
by Metasploit
EIP-2026-112739 EXPLOITDB text VERIFIED
TomatoCart - 'json.php' Security Bypass
by Aung Khant
EIP-2026-109733 EXPLOITDB text VERIFIED
MyBB Profile Wii Friend Code - Multiple Vulnerabilities
by Ichi
EIP-2026-109642 EXPLOITDB php VERIFIED
Multiple WordPress WPScientist Themes - Arbitrary File Upload
by JingoBD
CVE-2012-10025 EXPLOITDB CRITICAL ruby VERIFIED
WordPress Advanced Custom Fields <= 3.5.1 - Remote File Inclusion Code Execution
The WordPress plugin Advanced Custom Fields (ACF) version 3.5.1 and below contains a remote file inclusion (RFI) vulnerability in core/actions/export.php. When the PHP configuration directive allow_url_include is enabled (default: Off), an unauthenticated attacker can exploit the acf_abspath POST parameter to include and execute arbitrary remote PHP code. This leads to remote code execution under the web server’s context, allowing full compromise of the host.
by Metasploit
EIP-2026-114149 EXPLOITDB text VERIFIED
WordPress Plugin Uploader - Arbitrary File Upload
by Sammy FORGIT
CVE-2012-4366 EXPLOITDB python VERIFIED
Belkin N150 N300 N450 N900 Wireless Routers - Predictable WPA2-PSK Passphrase
Belkin wireless routers Surf N150 Model F7D1301v1, N900 Model F9K1104v1, N450 Model F9K1105V2, and N300 Model F7D2301v1 generate a predictable default WPA2-PSK passphrase based on eight digits of the WAN MAC address, which allows remote attackers to access the network by sniffing the beacon frames.
by ZhaoChunsheng
EIP-2026-101154 EXPLOITDB text
Allied Telesis AT-MCF2000M 3.0.2 - Remote Command Execution
by dun
CVE-2013-10043 EXPLOITDB CRITICAL python
OAstium VoIP PBX astium-confweb-2.1-25399 - Auth Bypass & RCE
A vulnerability exists in OAstium VoIP PBX astium-confweb-2.1-25399 and earlier, where improper input validation in the logon.php script allows an attacker to bypass authentication via SQL injection. Once authenticated as an administrator, the attacker can upload arbitrary PHP code through the importcompany field in import.php, resulting in remote code execution. The malicious payload is injected into /usr/local/astium/web/php/config.php and executed with root privileges by triggering a configuration reload via sudo /sbin/service astcfgd reload. Successful exploitation leads to full system compromise.
by xistence
CVE-2012-4792 EXPLOITDB HIGH ruby VERIFIED
Microsoft Internet Explorer <9 - Use After Free
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
by Metasploit
CVSS 8.8
EIP-2026-114282 EXPLOITDB text VERIFIED
WordPress Plugin Xerte Online - 'save.php' Arbitrary File Upload
by Sammy FORGIT