Exploitdb Exploits

50,091 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-5862 EXPLOITDB text
Sinapsi eSolar, eSolar DUO, eSolar Light and sinapsi_firmware < 2.0.2870 - Use of Hard-coded Password
These Sinapsi devices store hard-coded passwords in the PHP file of the device. By using the hard-coded passwords in the device, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access.
by Roberto Paleari
CVE-2012-5861 EXPLOITDB text
Sinapsi eSolar, eSolar DUO, and eSolar Light < 2.0.2870_xxx_2.2.12 - Unauthenticated SQL Injection
These Sinapsi devices do not check the validity of the data before executing queries. By accessing the SQL table of certain pages that do not require authentication within the device, attackers can leak information from the device. This could allow the attacker to compromise confidentiality.
by Roberto Paleari
CVE-2009-1831 EXPLOITDB ruby VERIFIED
Nullsoft Winamp < 5.552 - Remote Code Execution via Crafted MAKI File
The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer overflow.
by Metasploit
EIP-2026-113308 EXPLOITDB text VERIFIED
Webify Photo Gallery - Arbitrary File Deletion
by JIKO
EIP-2026-113306 EXPLOITDB text
Webify eDownloads Cart - Arbitrary File Deletion
by JIKO
EIP-2026-113305 EXPLOITDB text VERIFIED
Webify Business Directory - Arbitrary File Deletion
by JIKO
CVE-2012-4773 EXPLOITDB text
Subrion CMS < 2.2.3 - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding an administrator account via an add action to admin/accounts/add/.
by LiquidWorm
CVE-2012-5864 EXPLOITDB text
Sinapsi eSolar, eSolar DUO, eSolar Light, and sinapsi_firmware < 2.0.2870 - Unauthenticated Administrative Access
These Sinapsi devices do not check if users that visit pages within the device have properly authenticated. By directly visiting the pages within the device, attackers can gain unauthorized access with administrative privileges.
by Roberto Paleari
EIP-2026-104173 EXPLOITDB text VERIFIED
Atlassian Confluence 3.4.x - Error Page Cross-Site Scripting
by D. Niedermaier
EIP-2026-101455 EXPLOITDB python
Sitecom MD-25x - Multiple Vulnerabilities
by Mattijs van Ommeren
EIP-2026-100390 EXPLOITDB text
Knowledge Base Enterprise Edition 4.62.0 - SQL Injection
by Vulnerability-Lab
CVE-2012-4908 EXPLOITDB text VERIFIED
Google Chrome < 18.0.1025306 - Same Origin Policy Bypass via Symlink
Google Chrome before 18.0.1025308 on Android allows remote attackers to bypass the Same Origin Policy and obtain access to local files via vectors involving a symlink.
by Artem Chaykin
CVE-2012-4906 EXPLOITDB text VERIFIED
Google Chrome <18.0.1025308 - Info Disclosure
Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4903.
by Artem Chaykin
CVE-2012-4909 EXPLOITDB text VERIFIED
Google Chrome <18.0.1025308 - Info Disclosure
Google Chrome before 18.0.1025308 on Android allows remote attackers to obtain cookie information via a crafted application.
by Artem Chaykin
CVE-2012-4905 EXPLOITDB text VERIFIED
Google Chrome < 18.0.1025306 - Cross-Site Scripting via Intent Extra
Cross-site scripting (XSS) vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script or HTML via an extra in an Intent object, aka "Universal XSS (UXSS)."
by Artem Chaykin
EIP-2026-113304 EXPLOITDB text VERIFIED
Webify Blog - Arbitrary File Deletion
by JIKO
EIP-2026-107061 EXPLOITDB text VERIFIED
FBDj - 'id' SQL Injection
by TUNISIAN CYBER
EIP-2026-105061 EXPLOITDB text VERIFIED
akcms 4.2.4 - Information Disclosure
by L0n3ly-H34rT
CVE-2012-4415 EXPLOITDB python VERIFIED
Fedora < 0.6.2 - Memory Corruption
Stack-based buffer overflow in the guac_client_plugin_open function in libguac in Guacamole before 0.6.3 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long protocol name.
by Michael Jumper
CVE-2012-10041 EXPLOITDB CRITICAL ruby VERIFIED
WAN Emulator 2.3 - Unauthenticated OS Command Injection via result.php pc Parameter
WAN Emulator v2.3 contains two unauthenticated command execution vulnerabilities. The result.php script calls shell_exec() with unsanitized input from the pc POST parameter, allowing remote attackers to execute arbitrary commands as the www-data user. The system also includes a SUID-root binary named dosu, which is vulnerable to command injection via its first argument. An attacker can exploit both flaws in sequence to achieve full remote code execution and escalate privileges to root.
by Metasploit
CVE-2012-10040 EXPLOITDB CRITICAL ruby VERIFIED
Openfiler 2.x - Authenticated OS Command Injection via system.html Device Parameter
Openfiler v2.x contains a command injection vulnerability in the system.html page. The device parameter is used to instantiate a NetworkCard object, whose constructor in network.inc calls exec() with unsanitized input. An authenticated attacker can exploit this to execute arbitrary commands as the openfiler user. Due to misconfigured sudoers, the openfiler user can escalate privileges to root via sudo /bin/bash without a password.
by Metasploit
EIP-2026-113074 EXPLOITDB text
VICIDIAL Call Center Suite 2.2.1-237 - Multiple Vulnerabilities
by Ertebat Gostar Co
EIP-2026-113073 EXPLOITDB text VERIFIED
VICIDIAL Call Center Suite - Multiple SQL Injections
by Ertebat Gostar Co
EIP-2026-112187 EXPLOITDB text VERIFIED
SiteGo - Remote File Inclusion
by L0n3ly-H34rT
CVE-2010-1480 EXPLOITDB text
Joomla! com_rokmodule 1.1 - SQL Injection
SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the module parameter to index.php. NOTE: some of these details are obtained from third party information.
by Yarolinux