Exploitdb Exploits

50,091 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-107887 EXPLOITDB text VERIFIED
Interspire Email Marketer - Cross-Site Scripting / HTML Injection / SQL Injection
by Ibrahim El-Sayed
EIP-2026-115385 EXPLOITDB perl VERIFIED
HCView - WriteAV Crash (PoC)
by Jean Pascal Pereira
EIP-2026-115237 EXPLOITDB perl VERIFIED
FastStone Image Viewer 4.6 - ReadAVonIP Crash (PoC)
by Jean Pascal Pereira
EIP-2026-109678 EXPLOITDB ruby
MyAuth3 - Blind SQL Injection
by Marcio Almeida
EIP-2026-105518 EXPLOITDB php VERIFIED
Blog Mod 0.1.9 - 'index.php?month' SQL Injection
by WhiteCollarGroup
EIP-2026-110232 EXPLOITDB text VERIFIED
Open Realty - 'select_users_lang' Local File Inclusion
by L0n3ly-H34rT
EIP-2026-114040 EXPLOITDB text VERIFIED
WordPress Plugin Shopp - Multiple Vulnerabilities
by T0x!c
CVE-2012-4901 EXPLOITDB text
Template CMS < 2.1.1 - Cross-Site Scripting via themes_editor Parameter
Cross-site scripting (XSS) vulnerability in Template CMS 2.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the themes_editor parameter in an add_template action to admin/index.php.
by High-Tech Bridge SA
CVE-2012-6534 EXPLOITDB text
Novell Sentinel Log Manager < 1.2.0.3 - Unauthenticated Data Retention Policy Creation via RPC Request
Novell Sentinel Log Manager before 1.2.0.3 allows remote attackers to create data retention policies via a crafted text/x-gwt-rpc request to novelllogmanager/datastorageservice.rpc, and allows remote authenticated Report Administrators to create data retention policies via a search-results "Save Query As" "Save As Retention Policy" action.
by Piotr Chmylkowski
CVE-2012-4988 EXPLOITDB text
XnView 1.99 and 1.99.1 - Remote Code Execution via Crafted JLS Image File
Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image file.
by Joseph Sheridan
CVE-2012-6307 EXPLOITDB HIGH perl VERIFIED
JPEGsnoop 1.5.2 - Remote Code Execution in JPEG File Handling
A vulnerability exists in JPEGsnoop 1.5.2 due to an unspecified issue in JPEG file handling, which could let a malicious user execute arbitrary code
by Jean Pascal Pereira
CVSS 8.8
EIP-2026-115126 EXPLOITDB text VERIFIED
Cyme ChartFX Client Server - ActiveX Control Array Indexing
by Francis Provencher
CVE-2012-4902 EXPLOITDB text
Template CMS < 2.1.1 - Cross-Site Request Forgery via Admin User Creation or Theme Editor
Multiple cross-site request forgery (CSRF) vulnerabilities in Template CMS 2.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via an add action to admin/index.php or (2) conduct static PHP code injection attacks via the themes_editor parameter in an edit_template action to admin/index.php.
by High-Tech Bridge SA
EIP-2026-111153 EXPLOITDB text VERIFIED
phpMyChat Plus 1.94 RC1 - Multiple Vulnerabilities
by L0n3ly-H34rT
EIP-2026-111146 EXPLOITDB text VERIFIED
phpMyBitTorrent 2.04 - Multiple Vulnerabilities
by waraxe
EIP-2026-117670 EXPLOITDB python
NCMedia Sound Editor Pro 7.5.1 - Local Overflow (SEH + DEP Bypass)
by b33f
EIP-2026-114081 EXPLOITDB text VERIFIED
WordPress Plugin spider Calendar - Multiple Vulnerabilities
by D4NB4R
EIP-2026-110035 EXPLOITDB text
Omnistar Mailer 7.2 - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2012-10037 EXPLOITDB CRITICAL text VERIFIED
PhpTax 0.8 - Unauthenticated Remote Code Execution via drawimage.php pfilez Parameter
PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. The pfilez GET parameter is unsafely passed to the exec() function without sanitization. A remote attacker can inject arbitrary shell commands, leading to code execution under the web server's context. No authentication is required.
by Jean Pascal Pereira
EIP-2026-114603 EXPLOITDB text VERIFIED
ZenPhoto - 'admin-news-articles.php' Cross-Site Scripting
by Scott Herbert
EIP-2026-112515 EXPLOITDB text VERIFIED
Switchvox - Multiple HTML Injection Vulnerabilities
by Ibrahim El-Sayed
EIP-2026-103005 EXPLOITDB text
soapbox 0.3.1 - Local Privilege Escalation
by Jean Pascal Pereira
EIP-2026-115282 EXPLOITDB text VERIFIED
Foxit Reader 5.4.3.0920 - Crash (PoC)
by coolkaveh
EIP-2026-114306 EXPLOITDB python
WordPress Theme Archin 3.2 - Configuration Access
by bwall
EIP-2026-113552 EXPLOITDB php VERIFIED
WordPress Plugin Akismet - Multiple Cross-Site Scripting Vulnerabilities
by Tapco Security