Exploitdb Exploits

50,091 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-6584 EXPLOITDB text VERIFIED
MYRE Realty Manager - SQL Injection via bathrooms1 Parameter
Multiple SQL injection vulnerabilities in MYRE Realty Manager allow remote attackers to execute arbitrary SQL commands via the bathrooms1 parameter to (1) demo2/search.php or (2) search.php.
by d3b4g
CVE-2012-10033 EXPLOITDB CRITICAL text VERIFIED
Narcissus backend.php - release Parameter Command Injection
Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Specifically, the backend.php script fails to sanitize the release parameter before passing it to the configure_image() function. This function invokes PHP’s passthru() with the unsanitized input, allowing attackers to inject arbitrary system commands. Exploitation occurs via a crafted POST request, resulting in command execution under the web server’s context.
by dun
EIP-2026-115963 EXPLOITDB text VERIFIED
Novell Groupwise Internet Agent - LDAP BIND Request Overflow
by Francis Provencher
CVE-2012-6587 EXPLOITDB text VERIFIED
MYRE Vacation Rental Software - Cross-Site Scripting via link_idd Parameter
Cross-site scripting (XSS) vulnerability in vacation/1_mobile/alert_members.php in MYRE Vacation Rental Software allows remote attackers to inject arbitrary web script or HTML via the link_idd parameter in a login action.
by d3b4g
CVE-2012-6589 EXPLOITDB text VERIFIED
MYRE Business Directory - Cross-Site Scripting via Search Look Parameter
Cross-site scripting (XSS) vulnerability in search.php in MYRE Business Directory allows remote attackers to inject arbitrary web script or HTML via the look parameter.
by d3b4g
CVE-2012-6585 EXPLOITDB text VERIFIED
myre_realty_manager - Cross-Site Scripting via search.php cat_id1 Parameter
Cross-site scripting (XSS) vulnerability in search.php in MYRE Realty Manager allows remote attackers to inject arbitrary web script or HTML via the cat_id1 parameter.
by d3b4g
EIP-2026-107257 EXPLOITDB text VERIFIED
friendsinwar FAQ Manager - SQL Injection / Authentication Bypass
by d3b4g
CVE-2006-0755 EXPLOITDB MEDIUM text VERIFIED
dotProject <= 2.0.1 - Remote File Inclusion via baseDir and dPconfig Parameters
Multiple PHP remote file include vulnerabilities in dotProject 2.0.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary commands via the baseDir parameter in (1) db_adodb.php, (2) db_connect.php, (3) session.php, (4) vw_usr_roles.php, (5) calendar.php, (6) date_format.php, and (7) tasks/gantt.php; and the dPconfig[root_dir] parameter in (8) projects/gantt.php, (9) gantt2.php, and (10) vw_files.php. NOTE: the vendor disputes this issue, stating that the product documentation clearly recommends that the system administrator disable register_globals, and that the check.php script warns against this setting. Also, the vendor says that the protection.php/siteurl vector is incorrect because protection.php does not exist in the product
by dun
CVSS 5.6
EIP-2026-118707 EXPLOITDB ruby VERIFIED
Jira Scriptrunner 2.0.7 - Cross-Site Request Forgery / Remote Code Execution (Metasploit)
by Ben Sheppard
EIP-2026-116664 EXPLOITDB text VERIFIED
Zoner Photo Studio 15 b3 - Buffer Overflow (PoC)
by Vulnerability-Lab
EIP-2026-115772 EXPLOITDB text VERIFIED
Microsoft Visio 2010 - Crash (PoC)
by coolkaveh
CVE-2009-5022 EXPLOITDB text VERIFIED
libtiff < 3.9.5 - Heap-based Buffer Overflow in OJPEG Decoder
Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file.
by Francis Provencher
EIP-2026-115461 EXPLOITDB text VERIFIED
IrfanView - '.RLE' Image Decompression Buffer Overflow
by Francis Provencher
EIP-2026-106939 EXPLOITDB text VERIFIED
Eventy CMS 1.8 Plus - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2012-5692 EXPLOITDB ruby VERIFIED
Invision Power Board 3.1.x-3.3.x core.php - Impact Unknown
Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.
by Metasploit
CVE-2012-5076 EXPLOITDB CRITICAL ruby VERIFIED
Java Applet AverageRangeStatisticImpl Remote Code Execution
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.
by Metasploit
CVSS 9.8
EIP-2026-102870 EXPLOITDB perl
HT Editor 2.0.20 - Local Buffer Overflow (ROP)
by ZadYree
CVE-2012-4960 EXPLOITDB python VERIFIED
Huawei Various - Path Traversal
The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, NE20, ME60, CX600, CX200, CX300, ACU, WLAN AC 6605, S9300, S7700, S2300, S3300, S5300, S3300HI, S5300HI, S5306, S6300, S2700, S3700, S5700, S6700, AR G3, H3C AR(OEM IN), AR 19, AR 29, AR 49, Eudemon100E, Eudemon200, Eudemon300, Eudemon500, Eudemon1000, Eudemon1000E-U/USG5300, Eudemon1000E-X/USG5500, Eudemon8080E/USG9300, Eudemon8160E/USG9300, Eudemon8000E-X/USG9500, E200E-C/USG2200, E200E-X3/USG2200, E200E-X5/USG2200, E200E-X7/USG2200, E200E-C/USG5100, E200E-X3/USG5100, E200E-X5/USG5100, E200E-X7/USG5100, E200E-B/USG2100, E200E-X1/USG2100, E200E-X2/USG2100, SVN5300, SVN2000, SVN5000, SVN3000, NIP100, NIP200, NIP1000, NIP2100, NIP2200, and NIP5100 use the DES algorithm for stored passwords, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.
by Roberto Paleari
EIP-2026-118208 EXPLOITDB python VERIFIED
Zoner Photo Studio 15 Build 3 - 'Zps.exe' Registry Value Parsing
by Julien Ahrens
EIP-2026-116245 EXPLOITDB python VERIFIED
Smadav Anti Virus 9.1 - Crash (PoC)
by Mada R Perdhana
EIP-2026-115762 EXPLOITDB text VERIFIED
Microsoft Publisher 2013 - Crash (PoC)
by coolkaveh
EIP-2026-113024 EXPLOITDB python VERIFIED
vBulletin vBay 1.1.9 - Error-Based SQL Injection
by Dan UK
EIP-2026-105385 EXPLOITDB text
Bananadance Wiki b2.2 - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-115654 EXPLOITDB text VERIFIED
Microsoft Excel 2007 - WriteAV Crash (PoC)
by coolkaveh
EIP-2026-114334 EXPLOITDB text VERIFIED
WordPress Theme Kakao - 'ID' SQL Injection
by sil3nt