Exploitdb Exploits

50,091 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-113736 EXPLOITDB text
WordPress Plugin Facebook Survey 1.0 - SQL Injection
by Vulnerability Research Laboratory
EIP-2026-110318 EXPLOITDB text VERIFIED
openSIS 5.1 - 'ajax.php' Local File Inclusion
by Julian Horoszkiewicz
EIP-2026-104445 EXPLOITDB text
SonicWALL CDP 5040 6.x - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2012-4959 EXPLOITDB ruby VERIFIED
Novell File Reporter <1.0.2 - Path Traversal
Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record.
by Metasploit
EIP-2026-113299 EXPLOITDB text VERIFIED
weBid 1.0.5 - Directory Traversal
by loneferret
EIP-2026-113298 EXPLOITDB text VERIFIED
WeBid 1.0.5 - Cross-Site Scripting
by Woody Hughes
EIP-2026-110028 EXPLOITDB text VERIFIED
Omni-Secure - 'dir' Multiple File Disclosure Vulnerabilities
by HaCkeR_EgY
EIP-2026-103659 EXPLOITDB text VERIFIED
Splunk 4.3.1 - Denial of Service
by Alexander Klink
EIP-2026-114319 EXPLOITDB text VERIFIED
WordPress Theme Dailyedition-mouss - 'id' SQL Injection
by Ashiyane Digital Security Team
EIP-2026-114108 EXPLOITDB text VERIFIED
WordPress Plugin Tagged Albums - 'id' SQL Injection
by Ashiyane Digital Security Team
EIP-2026-110244 EXPLOITDB html VERIFIED
Open-Realty 2.5.8 - Cross-Site Request Forgery
by Aung Khant
EIP-2026-107256 EXPLOITDB text VERIFIED
friendsinwar FAQ Manager - 'view_faq.php?question' SQL Injection
by unsuprise
EIP-2026-107255 EXPLOITDB text VERIFIED
Friends in War The FAQ Manager - 'question' SQL Injection
by unsuprise
EIP-2026-105291 EXPLOITDB text VERIFIED
ATutor 2.1 - 'tool_file' Local File Inclusion
by Julian Horoszkiewicz
EIP-2026-103543 EXPLOITDB perl VERIFIED
Media Player Classic (MPC) 1.5 - WebServer Request Handling Remote Denial of Service
by X-Cisadane
CVE-2010-3600 EXPLOITDB ruby VERIFIED
Oracle Database Server <11.2.0.1 - Info Disclosure
Unspecified vulnerability in the Client System Analyzer component in Oracle Database Server 11.1.0.7 and 11.2.0.1 and Enterprise Manager Grid Control 10.2.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this issue involves an exposed JSP script that accepts XML uploads in conjunction with NULL bytes in an unspecified parameter that allow execution of arbitrary code.
by Metasploit
EIP-2026-118972 EXPLOITDB text VERIFIED
Novell NetIQ Privileged User Manager 2.3.1 - 'ldapagnt.dll' ldapagnt_eval() Perl Code Evaluation Remote Code Execution
by rgod
CVE-2012-5931 EXPLOITDB text VERIFIED
NetIQ Privileged User Manager 2.3.x - Authenticated Path Traversal and Arbitrary File Write via Log Pathname
Directory traversal vulnerability in the set_log_config function in regclnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote authenticated users to create or overwrite arbitrary files via directory traversal sequences in a log pathname.
by rgod
EIP-2026-111721 EXPLOITDB text VERIFIED
ReciPHP 1.1 - SQL Injection
by cr4wl3r
EIP-2026-107753 EXPLOITDB text VERIFIED
iDev Rentals 1.0 - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-107250 EXPLOITDB text VERIFIED
Friends in War Make or Break 1.3 - Authentication Bypass
by d3b4g
CVE-2012-5700 EXPLOITDB text VERIFIED
Baby Gekko < 1.2.2 - Cross-Site Scripting via Admin ID or Login Credentials
Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.2f allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/index.php or the (2) username or (3) password parameter in blocks/loginbox/loginbox.template.php to index.php. NOTE: some of these details are obtained from third party information.
by High-Tech Bridge SA
CVE-2012-2619 EXPLOITDB python
Broadcom BCM4325 and BCM4329 - Denial of Service via RSN 802.11i Information Element
The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service (out-of-bounds read and Wi-Fi outage) via an RSN 802.11i information element.
by CoreLabs
CVE-2012-6588 EXPLOITDB text VERIFIED
myre_business_directory - SQL Injection via links.php cat Parameter
SQL injection vulnerability in links.php in MYRE Business Directory allows remote attackers to execute arbitrary SQL commands via the cat parameter.
by d3b4g
CVE-2012-6586 EXPLOITDB text VERIFIED
MYRE Vacation Rental Software - SQL Injection via Garage or Bathrooms Parameter
Multiple SQL injection vulnerabilities in MYRE Vacation Rental Software allow remote attackers to execute arbitrary SQL commands via the (1) garage1 or (2) bathrooms1 parameter to vacation/1_mobile/search.php, or (3) unspecified input to vacation/widgate/request_more_information.php.
by d3b4g