Exploitdb Exploits

50,091 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-103978 EXPLOITDB python VERIFIED
ManageEngine Security Manager Plus 5.5 build 5505 - Remote Root/SYSTEM SQL Injection
by xistence
EIP-2026-103033 EXPLOITDB text
Vm86 - Syscall Task Switch Kernel Panic Denial of Service / Privilege Escalation
by halfdog
CVE-2012-4751 EXPLOITDB python VERIFIED
OTRS Help Desk <2.4.15, <3.0.17, <3.1.11 - XSS
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC attribute of an element, as demonstrated by an IFRAME element.
by Mike Eduard
EIP-2026-116924 EXPLOITDB c VERIFIED
Broadcom WIDCOMM Bluetooth - 'btkrnl.sys' Driver Privilege Escalation
by Nikita Tarakanov
EIP-2026-114196 EXPLOITDB html VERIFIED
WordPress Plugin Wordfence Security - Cross-Site Scripting
by MustLive
EIP-2026-113753 EXPLOITDB text VERIFIED
WordPress Plugin FireStorm Professional Real Estate 2.06.01 - SQL Injection
by Ashiyane Digital Security Team
EIP-2026-105634 EXPLOITDB text VERIFIED
BSW Gallery - 'uploadpic.php' Arbitrary File Upload
by cr4wl3r
EIP-2026-105155 EXPLOITDB text VERIFIED
Amateur Photographer's Image Gallery - 'plist.php?albumid' SQL Injection
by cr4wl3r
EIP-2026-105154 EXPLOITDB text VERIFIED
Amateur Photographer's Image Gallery - 'plist.php?albumid' Cross-Site Scripting
by cr4wl3r
EIP-2026-105153 EXPLOITDB text VERIFIED
Amateur Photographer's Image Gallery - 'fullscreen.php?albumid' SQL Injection
by cr4wl3r
EIP-2026-105152 EXPLOITDB text VERIFIED
Amateur Photographer's Image Gallery - 'force-download.php?File' Information Disclosure
by cr4wl3r
CVE-2012-3137 EXPLOITDB python
Oracle Database Server - Info Disclosure
The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force password guessing attacks, aka "stealth password cracking vulnerability."
by Esteban Martinez Fayo
EIP-2026-114067 EXPLOITDB text VERIFIED
WordPress Plugin Slideshow - Multiple Cross-Site Scripting Vulnerabilities
by waraxe
EIP-2026-112523 EXPLOITDB text
Symphony CMS 2.3 - Multiple Vulnerabilities
by Wireghoul
EIP-2026-112176 EXPLOITDB text
Sisfokol 4.0 - Arbitrary File Upload
by cr4wl3r
CVE-2012-4231 EXPLOITDB text VERIFIED
jcore < 1.0 - Cross-Site Scripting via Admin Index Path Parameter
Cross-site scripting (XSS) vulnerability in admin/index.php in jCore before 1.0pre2 allows remote attackers to inject arbitrary web script or HTML via the path parameter.
by High-Tech Bridge
CVE-2012-3186 EXPLOITDB text
Oracle WebCenter Sites - Info Disclosure
Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Advanced UI, a different vulnerability than CVE-2012-3183 and CVE-2012-3185.
by SEC Consult
CVE-2012-4528 EXPLOITDB text VERIFIED
Trustwave ModSecurity < 2.7.0 - Rule Bypass via Malformed Multipart Request
The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
by Bernhard Mueller
EIP-2026-102503 EXPLOITDB text
ManageEngine Support Center Plus 7908 - Multiple Vulnerabilities
by xistence
CVE-2012-10036 EXPLOITDB CRITICAL ruby VERIFIED
Project Pier <0.8.8 - Unauthenticated RCE
Project Pier 0.8.8 and earlier contains an unauthenticated arbitrary file upload vulnerability in tools/upload_file.php. The upload handler fails to validate the file type or enforce authentication, allowing remote attackers to upload malicious PHP files directly into a web-accessible directory. The uploaded file is stored with a predictable suffix and can be executed by requesting its URL, resulting in remote code execution.
by Metasploit
CVE-2010-10013 EXPLOITDB CRITICAL ruby VERIFIED
AjaXplorer < 2.6 - Unauthenticated Remote Code Execution via access.ssh checkInstall.php destServer Parameter
An unauthenticated remote command execution vulnerability exists in AjaXplorer (now known as Pydio Cells) versions prior to 2.6. The flaw resides in the checkInstall.php script within the access.ssh plugin, which fails to properly sanitize user-supplied input to the destServer GET parameter. By injecting shell metacharacters, remote attackers can execute arbitrary system commands on the server with the privileges of the web server process.
by Metasploit
CVE-2012-3810 EXPLOITDB HIGH text
Samsung Kies <2.5.0.12094 - Privilege Escalation
Samsung Kies before 2.5.0.12094_27_11 has registry modification.
by High-Tech Bridge SA
CVSS 7.5
EIP-2026-117522 EXPLOITDB ruby VERIFIED
Microsoft Windows - Escalate Service Permissions Privilege Escalation (Metasploit)
by Metasploit
CVE-2012-4750 EXPLOITDB CRITICAL text
Ezhometech EzServer 7.0 - Remote Code Execution via AMF Request memcpy Overflow
A Code Execution vulnerability exists in the memcpy function when processing AMF requests in Ezhometech EzServer 7.0, which could let a remote malicious user execute arbitrary code or cause a Denial of Service
by Lorenzo Cantoni
CVSS 9.8
EIP-2026-113179 EXPLOITDB text VERIFIED
WANem - Multiple Cross-Site Scripting Vulnerabilities
by Brendan Coles