Exploitdb Exploits

50,091 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-113957 EXPLOITDB text VERIFIED
WordPress Plugin PHP Event Calendar - 'cid' SQL Injection
by Ashiyane Digital Security Team
EIP-2026-113714 EXPLOITDB text VERIFIED
WordPress Plugin Eco-annu - 'eid' SQL Injection
by Ashiyane Digital Security Team
EIP-2026-109884 EXPLOITDB text VERIFIED
NetOffice Dwins 1.4p3 - SQL Injection
by dun
CVE-2012-4949 EXPLOITDB text VERIFIED
ESRI ArcGIS Server 10.1 - Authenticated SQL Injection via REST Service Query Where Parameter
SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service.
by anonymous
CVE-2012-2437 EXPLOITDB text VERIFIED
ar web content manager 2.2 - Unauthenticated Improper Authentication via cookie_gen.php
cookie_gen.php in ar web content manager (AWCM) 2.2 does not require authentication, which allows remote attackers to generate arbitrary cookies via the name parameter in conjunction with the content parameter.
by Sooel Son
EIP-2026-119286 EXPLOITDB ruby VERIFIED
WinRM - VBS Remote Code Execution (Metasploit)
by Metasploit
CVE-2012-2288 EXPLOITDB ruby VERIFIED
EMC NetWorker 7.6.3-7.6.4 and 8.0 - Remote Code Execution via nsrd RPC Service Format String
Format string vulnerability in the nsrd RPC service in EMC NetWorker 7.6.3 and 7.6.4 before 7.6.4.1, and 8.0 before 8.0.0.1, allows remote attackers to execute arbitrary code via format string specifiers in a message.
by Metasploit
EIP-2026-114434 EXPLOITDB text VERIFIED
Xivo 1.2 - Arbitrary File Download
by Mr.Un1k0d3r
EIP-2026-113760 EXPLOITDB text VERIFIED
WordPress Plugin FLV Player - 'id' SQL Injection
by Ashiyane Digital Security Team
CVE-2012-5367 EXPLOITDB text VERIFIED
OrangeHRM 2.7.1 RC 1 - SQL Injection
Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow remote authenticated administrators to execute arbitrary SQL commands via the sortField parameter to (1) viewCustomers, (2) viewPayGrades, or (3) viewSystemUsers in symfony/web/index.php/admin/, as demonstrated using cross-site request forgery (CSRF) attacks.
by High-Tech Bridge
CVE-2012-5692 EXPLOITDB php
Invision Power Board 3.1.x-3.3.x core.php - Impact Unknown
Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.
by webDEViL
CVE-2013-4103 EXPLOITDB CRITICAL text VERIFIED
Cryptocat < 2.0.22 - Remote Script Injection via Improper Input Sanitization
Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input
by Mario Heiderich
CVSS 9.8
CVE-2013-2261 EXPLOITDB HIGH text VERIFIED
Cryptocat < 2.0.22 - Information Disclosure via img/keygen.gif
Cryptocat before 2.0.22 Chrome Extension 'img/keygen.gif' has Information Disclosure
by Mario Heiderich
CVSS 7.5
EIP-2026-101545 EXPLOITDB text
AVerCaster Pro RS3400 Web Server - Directory Traversal
by Patrick Saladino
EIP-2026-114611 EXPLOITDB text VERIFIED
ZenPhoto 1.4.3.3 - Multiple Vulnerabilities
by waraxe
CVE-2012-4951 EXPLOITDB text VERIFIED
VeriFone VeriCentre Web Console <2.2.36 - SQL Injection
Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in VeriFone VeriCentre Web Console before 2.2 build 36 allow remote attackers to execute arbitrary SQL commands via the (1) TerminalId, (2) ModelName, or (3) ApplicationName parameter.
by Cory Eubanks
CVE-2012-5685 EXPLOITDB text VERIFIED
ZPanel < 10.0.1 - SQL Injection via inEmailAddress Parameter
SQL injection vulnerability in ZPanel 10.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the inEmailAddress parameter in an UpdateClient action in the manage_clients module to the default URI.
by pcsjj
CVE-2012-5684 EXPLOITDB text VERIFIED
ZPanel < 10.0.1 - Cross-Site Scripting via inFullname Parameter
Cross-site scripting (XSS) vulnerability in ZPanel 10.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the inFullname parameter in an UpdateAccountSettings action in the my_account module to zpanel/.
by pcsjj
CVE-2012-5683 EXPLOITDB text VERIFIED
ZPanel < 10.0.1 - Cross-Site Request Forgery via FTP User Creation
Multiple cross-site request forgery (CSRF) vulnerabilities in ZPanel 10.0.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create new FTP users via a CreateFTP action in the ftp_management module to the default URI, (2) conduct cross-site scripting (XSS) attacks via the inFullname parameter in an UpdateAccountSettings action in the my_account module to zpanel/, or (3) conduct SQL injection attacks via the inEmailAddress parameter in an UpdateClient action in the manage_clients module to the default URI.
by pcsjj
CVE-2012-5686 EXPLOITDB CRITICAL text VERIFIED
ZPanel 10.0.1 - Weak Password Recovery Mechanism
ZPanel 10.0.1 has insufficient entropy for its password reset process.
by pcsjj
CVSS 9.8
EIP-2026-104084 EXPLOITDB text VERIFIED
Sophos Products - Multiple Vulnerabilities
by Tavis Ormandy
EIP-2026-101584 EXPLOITDB text
CheckPoint/Sofaware Firewall - Multiple Vulnerabilities
by Procheckup
EIP-2026-118646 EXPLOITDB ruby VERIFIED
HP Intelligent Management Center UAM - Remote Buffer Overflow (Metasploit)
by Metasploit
EIP-2026-118319 EXPLOITDB python
BigAnt Server 2.52 SP5 - Remote Stack Overflow ROP-Based (SEH) (ASLR + DEP Bypass)
by Lorenzo Cantoni
EIP-2026-117988 EXPLOITDB text VERIFIED
Sysax FTP Automation Server 5.33 - Local Privilege Escalation
by Craig Freyman