Exploitdb Exploits

50,091 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-110401 EXPLOITDB text VERIFIED
osTicket - 'tickets.php?status' Cross-Site Scripting
by AkaStep
EIP-2026-110400 EXPLOITDB text VERIFIED
osTicket - 'l.php?url' Arbitrary Site Redirect
by AkaStep
CVE-2012-6434 EXPLOITDB text VERIFIED
e107 1.0.2 - Cross-Site Request Forgery via download.php Parameters
Multiple cross-site request forgery (CSRF) vulnerabilities in e107_admin/download.php in e107 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) download_url, (2) download_url_extended, (3) download_author_email, (4) download_author_website, (5) download_image, (6) download_thumb, (7) download_visible, or (8) download_class parameter.
by Joshua Reynolds
CVE-2012-6433 EXPLOITDB text VERIFIED
e107 1.0.1 - Cross-Site Request Forgery via News Title Parameter
Cross-site request forgery (CSRF) vulnerability in e107_admin/newspost.php in e107 1.0.1 allows remote attackers to hijack the authentication of administrators for requests that conduct XSS attacks via the news_title parameter in a create action.
by Joshua Reynolds
EIP-2026-102563 EXPLOITDB python
Astium VoIP PBX 2.1 build 25399 - Remote Crash (PoC)
by xistence
EIP-2026-114043 EXPLOITDB text VERIFIED
WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportsubscribers.php? reqID' SQL Injection
by Sammy FORGIT
EIP-2026-114042 EXPLOITDB text VERIFIED
WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportaccounts.php?reqID' SQL Injection
by Sammy FORGIT
EIP-2026-114041 EXPLOITDB text VERIFIED
WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/backup.php?reqID' SQL Injection
by Sammy FORGIT
CVE-2012-4792 EXPLOITDB HIGH ruby VERIFIED
Microsoft Internet Explorer <9 - Use After Free
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
by Metasploit
CVSS 8.8
CVE-2012-2176 EXPLOITDB ruby VERIFIED
IBM Lotus Quickr 8.2 - Remote Code Execution via Long Argument to Attachment_Times or Import_Times Method
Multiple stack-based buffer overflows in a certain ActiveX control in qp2.cab in IBM Lotus Quickr 8.2 before 8.2.0.27-002a for Domino allow remote attackers to execute arbitrary code via a long argument to the (1) Attachment_Times or (2) Import_Times method.
by Metasploit
CVE-2012-2175 EXPLOITDB ruby VERIFIED
IBM Lotus iNotes 8.5.x - Buffer Overflow in Attachment_Times Method
Buffer overflow in the Attachment_Times method in a certain ActiveX control in dwa85W.dll in IBM Lotus iNotes 8.5.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a long argument.
by Metasploit
CVE-2006-6199 EXPLOITDB ruby VERIFIED
BlazeVideo BlazeDVD Standard and Professional 5.0 - Stack-based Buffer Overflow via PLF Playlist Filename
Stack-based buffer overflow in BlazeVideo BlazeDVD Standard and Professional 5.0, and possibly earlier, allows remote attackers to execute arbitrary code via a long filename in a PLF playlist.
by Craig Freyman
EIP-2026-114881 EXPLOITDB python VERIFIED
Aktiv Player 2.80 - Crash (PoC)
by IndonesiaGokilTeam
EIP-2026-113419 EXPLOITDB text VERIFIED
WHMCS 5.0 - Insecure Cookie Authentication Bypass
by Agd_Scorp
EIP-2026-109696 EXPLOITDB text VERIFIED
MyBB 1.6.9 - 'editpost.php?posthash' Blind SQL Injection
by Joshua Rogers
EIP-2026-108862 EXPLOITDB text VERIFIED
Joomla! Component Spider Calendar - 'date' Blind SQL Injection
by Red-D3v1L
CVE-2012-5667 EXPLOITDB text VERIFIED
GNU Grep < 2.11 - Remote Code Execution via Integer Overflow
Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow.
by Joshua Rogers
EIP-2026-114293 EXPLOITDB text VERIFIED
WordPress Plugin Zingiri Forums - 'language' Local File Inclusion
by Amirh03in
EIP-2026-103161 EXPLOITDB python VERIFIED
LShell 0.9.15 - Remote Code Execution
by drone
EIP-2026-101488 EXPLOITDB python
Ubiquiti AirOS 5.5.2 - (Authenticated) Remote Command Execution
by xistence
CVE-2012-5691 EXPLOITDB ruby VERIFIED
RealNetworks RealPlayer <16.0.0.282-1.1.5 - RCE
Buffer overflow in RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted RealMedia file.
by Metasploit
EIP-2026-113406 EXPLOITDB text VERIFIED
WHM - 'filtername' Cross-Site Scripting
by Rafay Baloch
CVE-2012-6448 EXPLOITDB MEDIUM text VERIFIED
cPanel WebHost Manager 11.34.0 - Cross-Site Scripting
Cross-site Scripting (XSS) in cPanel WebHost Manager (WHM) 11.34.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by Christy Philip Mathew
CVSS 6.1
EIP-2026-106204 EXPLOITDB text VERIFIED
cPanel - 'detailbw.html' Multiple Cross-Site Scripting Vulnerabilities
by Christy Philip Mathew
EIP-2026-101161 EXPLOITDB text VERIFIED
Astaro Security Gateway 8.1 - HTML Injection
by Vulnerability Research Laboratory