Exploitdb Exploits

50,091 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-114356 EXPLOITDB text VERIFIED
WordPress Theme Toolbox - 'mls' SQL Injection
by Ashiyane Digital Security Team
CVE-2012-6312 EXPLOITDB text VERIFIED
Video Lead Form plugin for WordPress - Cross-Site Scripting via errMsg Parameter
Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter in a video-lead-form action to wp-admin/admin.php.
by Aditya Balapure
CVE-2012-6608 EXPLOITDB python VERIFIED
elastix 2.3.0 - Cross-Site Scripting via Page Parameter
Cross-site scripting (XSS) vulnerability in xmlservices/E_book.php in Elastix 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the Page parameter.
by cheki
EIP-2026-104743 EXPLOITDB ruby VERIFIED
Network Shutdown Module 3.21 - 'sort_values' Remote PHP Code Injection (Metasploit)
by Metasploit
EIP-2026-104379 EXPLOITDB text
Oracle OpenSSO 8.0 - Multiple Cross-Site Scripting POST Injection Vulnerabilities
by LiquidWorm
EIP-2026-100324 EXPLOITDB text
FCKEditor Core ASP 2.6.8 - Arbitrary File Upload Protection Bypass
by Soroush Dalili
EIP-2026-119374 EXPLOITDB text
gleamtech filevista/fileultimate 4.6 - Directory Traversal
by Soroush Dalili
CVE-2012-3753 EXPLOITDB ruby VERIFIED
Apple QuickTime < 7.7.3 - Remote Code Execution via Crafted MIME Type
Buffer overflow in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIME type.
by Metasploit
EIP-2026-105469 EXPLOITDB text VERIFIED
BigDump 0.29b and 0.32b - Multiple Vulnerabilities
by Ur0b0r0x
EIP-2026-114316 EXPLOITDB text VERIFIED
WordPress Theme CStar Design - 'id' SQL Injection
by Amirh03in
CVE-2012-10031 EXPLOITDB HIGH python VERIFIED
BlazeVideo HDTV Player Pro v6.6.0.3 - Buffer Overflow
BlazeVideo HDTV Player Pro v6.6.0.3 is vulnerable to a stack-based buffer overflow due to improper handling of user-supplied input embedded in .plf playlist files. When parsing a crafted .plf file, the MediaPlayerCtrl.dll component invokes PathFindFileNameA() to extract a filename from a URL-like string. The returned value is then copied to a fixed-size stack buffer using an inline strcpy call without bounds checking. If the input exceeds the buffer size, this leads to a stack overflow and potential arbitrary code execution under the context of the user.
by Nezim
EIP-2026-116860 EXPLOITDB python VERIFIED
Aviosoft Digital TV Player Professional 1.x - '.PLF' Direct Retn
by Nezim
EIP-2026-114362 EXPLOITDB text VERIFIED
WordPress Theme Wp-ImageZoom - 'id' SQL Injection
by Amirh03in
EIP-2026-113540 EXPLOITDB text VERIFIED
WordPress Plugin Ads Box - 'count' SQL Injection
by Ashiyane Digital Security Team
EIP-2026-112243 EXPLOITDB text VERIFIED
SmartCMS - 'index.php?idx' SQL Injection
by NoGe
EIP-2026-111460 EXPLOITDB text VERIFIED
PRADO PHP Framework 3.2.0 - Arbitrary File Read
by LiquidWorm
EIP-2026-105664 EXPLOITDB text VERIFIED
BuyClassifiedScript - PHP Code Injection
by d3b4g
CVE-2012-4982 EXPLOITDB text VERIFIED
Forescout CounterACT <7.0 - Open Redirect
Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the a parameter.
by Joseph Sheridan
EIP-2026-103719 EXPLOITDB text
Websense Proxy - Filter Bypass
by Nahuel Grisolia
CVE-2012-4409 EXPLOITDB perl VERIFIED
mcrypt < 2.6.8 - Stack-Based Buffer Overflow via Encrypted File Header
Stack-based buffer overflow in the check_file_head function in extra.c in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to execute arbitrary code via an encrypted file with a crafted header containing long salt data that is not properly handled during decryption.
by Tosh
CVE-2012-4409 EXPLOITDB python VERIFIED
mcrypt < 2.6.8 - Stack-Based Buffer Overflow via Encrypted File Header
Stack-based buffer overflow in the check_file_head function in extra.c in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to execute arbitrary code via an encrypted file with a crafted header containing long salt data that is not properly handled during decryption.
by _ishikawa
EIP-2026-108069 EXPLOITDB text VERIFIED
jBilling 3.0.2 - Cross-Site Scripting
by Woody Hughes
EIP-2026-106902 EXPLOITDB text VERIFIED
ES CmS 0.1 - SQL Injection
by hossein beizaee
CVE-2012-3752 EXPLOITDB ruby VERIFIED
Apple QuickTime < 7.7.3 - Remote Code Execution via TeXML Style Element
Multiple buffer overflows in Apple QuickTime before 7.7.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted style element in a QuickTime TeXML file.
by Metasploit
EIP-2026-105430 EXPLOITDB text VERIFIED
Beat Websites - 'id' SQL Injection
by Metropolis