Exploitdb Exploits

50,091 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-5244 EXPLOITDB text VERIFIED
Banana Dance < b.2.6 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php, (6) the category parameter to functions/print.php; or (7) the name parameter to functions/ajax.php.
by High-Tech Bridge SA
EIP-2026-102131 EXPLOITDB text
YeaLink IP Phone SIP-TxxP Firmware 9.70.0.100 - Multiple Vulnerabilities
by xistence
EIP-2026-100541 EXPLOITDB text VERIFIED
SelectSurvey CMS - 'ASP.NET' Arbitrary File Upload
by 040
CVE-2012-6636 EXPLOITDB ruby VERIFIED
Android API < 16.0 - Remote Code Execution via WebView.addJavascriptInterface
The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript code that is loaded into the WebView component in an application targeted to API level 16 or earlier, a related issue to CVE-2013-4710.
by Metasploit
CVE-2012-10028 EXPLOITDB HIGH ruby VERIFIED
Netwin SurgeFTP <23c8 - Command Injection
Netwin SurgeFTP version 23c8 and prior contains a vulnerability in its web-based administrative console that allows authenticated users to execute arbitrary system commands via crafted POST requests to `surgeftpmgr.cgi`. This can lead to full remote code execution on the underlying system.
by Spencer McIntyre
CVE-2011-0340 EXPLOITDB ruby VERIFIED
InduSoft Web Studio < 7.0 - Remote Code Execution via ISSymbol ActiveX Buffer Overflow
Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method.
by Metasploit
EIP-2026-103517 EXPLOITDB c
IDA Pro 6.3 - Crash (PoC)
by nitr0us
EIP-2026-102604 EXPLOITDB c
gdb (GNU debugger) 7.5.1 - Null Pointer Dereference
by nitr0us
EIP-2026-115147 EXPLOITDB text VERIFIED
DIMIN Viewer 5.4.0 - GIF Decode Crash (PoC)
by Lizhi Wang
EIP-2026-114313 EXPLOITDB text VERIFIED
WordPress Theme Clockstone (and other CMSMasters Themes) - Arbitrary File Upload
by DigiP
EIP-2026-108612 EXPLOITDB text VERIFIED
Joomla! Component com_ztautolink - 'Controller' Local File Inclusion
by Xr0b0t
EIP-2026-108282 EXPLOITDB text VERIFIED
Joomla! Component com_bit - 'Controller' Local File Inclusion
by Xr0b0t
EIP-2026-102018 EXPLOITDB text
SonicWALL SonicOS 5.8.1.8 WAF - Cross-Site Scripting
by Vulnerability-Lab
EIP-2026-101716 EXPLOITDB text
Enterpriser16 Load Balancer 7.1 - Multiple Cross-Site Scripting Vulnerabilities
by Vulnerability-Lab
CVE-2010-2590 EXPLOITDB ruby VERIFIED
SAP Crystal Reports 2008 SP3 Fix Pack 3.2 - Remote Code Execution via Long ServerResourceVersion Property
Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 12.3.2.753 in SAP Crystal Reports 2008 SP3 Fix Pack 3.2 allows remote attackers to execute arbitrary code via a long ServerResourceVersion property value.
by Metasploit
EIP-2026-114863 EXPLOITDB text VERIFIED
Adobe Flash Player 11.5.502.135 - Crash (PoC)
by coolkaveh
EIP-2026-109737 EXPLOITDB text VERIFIED
MyBB Transactions Plugin - 'transaction' SQL Injection
by limb0
EIP-2026-114013 EXPLOITDB text VERIFIED
WordPress Plugin RokBox Plugin - '/wp-content/plugins/wp_rokbox/jwplayer/jwplayer.swf?abouttext' Cross-Site Scripting
by MustLive
CVE-2013-1744 EXPLOITDB CRITICAL php VERIFIED
iris_citations_management_tool < 1.3 - Remote Code Execution
IRIS citations management tool through 1.3 allows remote attackers to execute arbitrary commands.
by aeon
CVSS 9.8
EIP-2026-109739 EXPLOITDB text VERIFIED
MyBB User Profile Skype ID Plugin 1.0 - Persistent Cross-Site Scripting
by limb0
EIP-2026-102749 EXPLOITDB text VERIFIED
Totem Movie Player 3.4.3 (Ubuntu) - Stack Corruption
by coolkaveh
EIP-2026-112303 EXPLOITDB text VERIFIED
Social Sites MyBB Plugin 0.2.2 - Cross-Site Scripting
by s3m00t
CVE-2012-5469 EXPLOITDB text VERIFIED
Portable phpMyAdmin <1.3.1 - Auth Bypass
The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod.
by Mark Stanislav
EIP-2026-110636 EXPLOITDB text VERIFIED
PHP Address Book - 'group' Cross-Site Scripting
by Kenneth F. Belva
EIP-2026-109813 EXPLOITDB text
MyYoutube MyBB Plugin 1.0 - SQL Injection
by Zixem