Exploitdb Exploits

50,091 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-102047 EXPLOITDB python
Thomson Wireless VoIP Cable Modem - Authentication Bypass
by Glafkos Charalambous
EIP-2026-119436 EXPLOITDB text
SpiceWorks 6.0.00993 - Multiple Script Injection Vulnerabilities
by LiquidWorm
EIP-2026-119433 EXPLOITDB text
SonicWALL email security 7.3.5 - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-114269 EXPLOITDB text VERIFIED
WordPress Plugin wp-topbar 4.02 - Multiple Vulnerabilities
by Blake Entrekin
EIP-2026-112752 EXPLOITDB text VERIFIED
torrenttrader 2.08 - Multiple Vulnerabilities
by waraxe
EIP-2026-101746 EXPLOITDB text
Fortigate UTM WAF Appliance - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-113504 EXPLOITDB text VERIFIED
WordPress Core 3.4.2 - Multiple Path Disclosure Vulnerabilities
by AkaStep
EIP-2026-113005 EXPLOITDB text VERIFIED
vBulletin 4.1.12 - 'blog_plugin_useradmin.php' SQL Injection
by Am!r
EIP-2026-112548 EXPLOITDB text VERIFIED
TAGWORX.CMS - 'cid' SQL Injection
by Crim3R
EIP-2026-100748 EXPLOITDB text VERIFIED
AxisInternet VoIP Manager - Multiple Cross-Site Scripting Vulnerabilities
by Benjamin Kunz Mejri
CVE-2012-10038 EXPLOITDB CRITICAL text VERIFIED
Auxilium RateMyPet - Unauthenticated Arbitrary File Upload via Banner Upload Feature
Auxilium RateMyPet contains an unauthenticated arbitrary file upload vulnerability in upload_banners.php. The banner upload feature fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files. These files are stored in a web-accessible /banners/ directory and can be executed directly, resulting in remote code execution.
by DaOne
EIP-2026-117669 EXPLOITDB python VERIFIED
NCMedia Sound Editor Pro 7.5.1 - 'MRUList201202.dat' File Handling Buffer Overflow
by Julien Ahrens
CVE-2012-0271 EXPLOITDB text VERIFIED
Novell GroupWise <8.0.3-2012.SP1 - RCE
Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow, as demonstrated by a request with -1 in the Content-Length HTTP header.
by Francis Provencher
EIP-2026-113272 EXPLOITDB text
webERP 4.08.4 - 'WorkOrderEntry.php' SQL Injection
by modpr0be
CVE-2012-3859 EXPLOITDB text
Netsweeper WebAdmin Portal - Impact Unknown
Unspecified vulnerability in the WebAdmin Portal in Netsweeper has unknown impact and attack vectors, a different vulnerability than CVE-2012-2446 and CVE-2012-2447.
by Jacob Holcomb
EIP-2026-109487 EXPLOITDB text VERIFIED
minimal Gallery - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
by ayastar
EIP-2026-109225 EXPLOITDB text VERIFIED
luxcal 2.7.0 - Multiple Vulnerabilities
by L0n3ly-H34rT
CVE-2012-2994 EXPLOITDB text VERIFIED
CoSoSys Endpoint Protector 4 - Info Disclosure
The CoSoSys Endpoint Protector 4 appliance establishes an EPProot password based entirely on the appliance serial number, which makes it easier for remote attackers to obtain access via a brute-force attack.
by Christopher Campbell
EIP-2026-102484 EXPLOITDB html VERIFIED
IFOBS - 'regclientprint.jsp' Multiple HTML Injection Vulnerabilities
by MustLive
EIP-2026-117334 EXPLOITDB perl VERIFIED
Internet Download Manager - Local Stack Buffer Overflow
by Dark-Puzzle
EIP-2026-117333 EXPLOITDB perl VERIFIED
Internet Download Manager - Local Buffer Overflow (SEH)
by Dark-Puzzle
EIP-2026-109857 EXPLOITDB text
NeoBill CMS 0.8 Alpha - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-105275 EXPLOITDB text
ASTPP VoIP Billing (4cf207a) - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2012-2996 EXPLOITDB text
Trend Micro InterScan Messaging Security Suite 7.1 - CSRF
Cross-site request forgery (CSRF) vulnerability in saveAccountSubTab.imss in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allows remote attackers to hijack the authentication of administrators for requests that create admin accounts via a saveAuth action.
by modpr0be
CVE-2012-5863 EXPLOITDB text
Sinapsi eSolar, eSolar DUO, eSolar Light, and sinapsi_firmware < 2.0.2870 - Authenticated OS Command Injection
These Sinapsi devices do not check for special elements in commands sent to the system. By accessing certain pages with administrative privileges that do not require authentication within the device, attackers can execute arbitrary, unexpected, or dangerous commands directly onto the operating system.
by Roberto Paleari