Exploitdb Exploits

50,091 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-6470 EXPLOITDB text VERIFIED
Opera < 12.12 - Remote Code Execution via Malformed GIF Image
Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a malformed image.
by coolkaveh
EIP-2026-111935 EXPLOITDB text VERIFIED
SchoolCMS - Persistent Cross-Site Scripting
by VipVince
EIP-2026-109720 EXPLOITDB text VERIFIED
MyBB KingChat Plugin - SQL Injection
by Red_Hat
CVE-2012-0308 EXPLOITDB text
Symantec Messaging Gateway <10.0 - CSRF
Cross-site request forgery (CSRF) vulnerability in Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to hijack the authentication of administrators.
by Ben Williams
EIP-2026-104250 EXPLOITDB text
FirePass SSL VPN - Local File Inclusion
by SEC Consult
CVE-2012-4347 EXPLOITDB text
Symantec Messaging Gateway 9.5.x - Authenticated Path Traversal via Log Export or Backup Restore
Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do.
by Ben Williams
CVE-2012-5615 EXPLOITDB text VERIFIED
Oracle MySQL <5.5.38 & MariaDB <5.5.28a - Info Disclosure
Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.
by kingcope
EIP-2026-118938 EXPLOITDB text VERIFIED
MySQL - 'Stuxnet Technique' Windows Remote System
by kingcope
CVE-2009-0880 EXPLOITDB text
IBM Director < 5.20.3 - Remote Code Execution via CIM Server Path Traversal
Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request.
by kingcope
CVE-2012-6066 EXPLOITDB text VERIFIED
freeSSHd < 1.2.6 - Unauthenticated Authentication Bypass via Crafted Session
freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.
by kingcope
CVE-2012-6066 EXPLOITDB text VERIFIED
freeSSHd < 1.2.6 - Unauthenticated Authentication Bypass via Crafted Session
freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.
by kingcope
CVE-2012-5615 EXPLOITDB perl VERIFIED
Oracle MySQL <5.5.38 & MariaDB <5.5.28a - Info Disclosure
Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.
by kingcope
CVE-2012-5975 EXPLOITDB text VERIFIED
SSH Tectia Server 6.0.4-6.3.2 - Authentication Bypass via Blank Password
The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c.
by kingcope
CVE-2012-5613 EXPLOITDB perl VERIFIED
MySQL <5.5.19 & MariaDB <5.5.28a - Privilege Escalation
MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue.
by kingcope
CVE-2012-5614 EXPLOITDB text
Oracle MySQL <5.1.67 & <5.5.29 - DoS
Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements.
by kingcope
CVE-2012-5611 EXPLOITDB perl
Oracle MySQL <5.5.28 & MariaDB <5.5.28a - RCE
Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
by kingcope
CVE-2012-5612 EXPLOITDB perl
Oracle MySQL <5.5.29 - Buffer Overflow
Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.
by kingcope
CVE-2012-10031 EXPLOITDB HIGH ruby VERIFIED
BlazeVideo HDTV Player Pro v6.6.0.3 - Buffer Overflow
BlazeVideo HDTV Player Pro v6.6.0.3 is vulnerable to a stack-based buffer overflow due to improper handling of user-supplied input embedded in .plf playlist files. When parsing a crafted .plf file, the MediaPlayerCtrl.dll component invokes PathFindFileNameA() to extract a filename from a URL-like string. The returned value is then copied to a fixed-size stack buffer using an inline strcpy call without bounds checking. If the input exceeds the buffer size, this leads to a stack overflow and potential arbitrary code execution under the context of the user.
by Metasploit
EIP-2026-112711 EXPLOITDB text VERIFIED
TinyMCPUK - 'test' Cross-Site Scripting
by eidelweiss
EIP-2026-101282 EXPLOITDB text VERIFIED
Fortinet FortiWeb (Multiple Appliances) - Multiple Cross-Site Scripting Vulnerabilities
by Benjamin Kunz Mejri
EIP-2026-112242 EXPLOITDB text
SmartCMS - '/index.php?menuitem' SQL Injection / Cross-Site Scripting
by Yakir Wizman
EIP-2026-112052 EXPLOITDB text VERIFIED
SilverStripe CMS 3.0.2 - (Multiple Vulnerabilities) Cross-Site Scripting / Cross-Site Request Forgery
by Sense of Security
EIP-2026-107211 EXPLOITDB text VERIFIED
Free Hosting Manager 2.0 - 'id' SQL Injection
by Yakir Wizman
EIP-2026-117519 EXPLOITDB ruby VERIFIED
Microsoft Windows - AlwaysInstallElevated MSI (Metasploit)
by Metasploit
EIP-2026-116457 EXPLOITDB python VERIFIED
UMPlayer Portable 0.95 - Crash (PoC)
by p3kok