Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-113074 EXPLOITDB text
VICIDIAL Call Center Suite 2.2.1-237 - Multiple Vulnerabilities
by Ertebat Gostar Co
EIP-2026-113073 EXPLOITDB text VERIFIED
VICIDIAL Call Center Suite - Multiple SQL Injections
by Ertebat Gostar Co
EIP-2026-112187 EXPLOITDB text VERIFIED
SiteGo - Remote File Inclusion
by L0n3ly-H34rT
CVE-2010-1480 EXPLOITDB text
Joomla! com_rokmodule 1.1 - SQL Injection
SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the module parameter to index.php. NOTE: some of these details are obtained from third party information.
by Yarolinux
CVE-2008-6720 EXPLOITDB text VERIFIED
DeltaScripts PHP Links < 1.3 - SQL Injection via admin_username Parameter
SQL injection vulnerability in admin/adm_login.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the admin_username parameter (aka the admin field).
by L0n3ly-H34rT
CVE-2012-3221 EXPLOITDB c
Oracle VM VirtualBox 3.2, 4.0, 4.1 - Denial of Service in VirtualBox Core
Unspecified vulnerability in the Oracle VM Virtual Box component in Oracle Virtualization 3.2, 4.0, and 4.1 allows local users to affect availability via unknown vectors related to VirtualBox Core. NOTE: The previous information was obtained from the October 2012 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect interrupt handling."
by halfdog
EIP-2026-116718 EXPLOITDB ruby VERIFIED
ActiveFax (ActFax) 4.3 - Client Importer Buffer Overflow (Metasploit)
by Metasploit
EIP-2026-116522 EXPLOITDB text VERIFIED
WAP Proof 2008 - Denial of Service
by Orion Einfold
EIP-2026-111281 EXPLOITDB text VERIFIED
Pinterestclones - Security Bypass / HTML Injection
by DaOne
EIP-2026-111280 EXPLOITDB text
Pinterest Clone Script - Multiple Vulnerabilities
by DaOne
EIP-2026-104770 EXPLOITDB ruby VERIFIED
Sflog! CMS 1.0 - Arbitrary File Upload (Metasploit)
by Metasploit
EIP-2026-103926 EXPLOITDB ruby VERIFIED
HP SiteScope (Linux/Windows) - Remote Code Execution (Metasploit)
by Metasploit
CVE-2012-2611 EXPLOITDB ruby VERIFIED
SAP NetWeaver 7.0 EHP1 and EHP2 - Remote Code Execution via DiagTraceR3Info Function
The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet.
by Metasploit
EIP-2026-114346 EXPLOITDB text VERIFIED
WordPress Theme Purity - Multiple Cross-Site Scripting Vulnerabilities
by Matan Azugi
CVE-2012-2275 EXPLOITDB text
TestLink < 1.9.3 - Cross-Site Request Forgery via User Management
Multiple cross-site request forgery (CSRF) vulnerabilities in TestLink 1.9.3 and earlier allow remote attackers to hijack the authentication of users for requests that add, delete, or modify sensitive information, as demonstrated by changing the administrator's email via an editUser action to lib/usermanagement/userInfo.php.
by High-Tech Bridge SA
EIP-2026-105947 EXPLOITDB text VERIFIED
Clipster Video - Persistent Cross-Site Scripting
by DaOne
EIP-2026-105705 EXPLOITDB text
Cannonbolt Portfolio Manager 1.0 - Multiple Vulnerabilities
by LiquidWorm
CVE-2012-4412 EXPLOITDB c VERIFIED
glibc < 2.17 - Heap-Based Buffer Overflow via Long String in strcoll_l
Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.
by Jan iankko Lieskovsky
EIP-2026-102004 EXPLOITDB text
Sitecom Home Storage Center - Authentication Bypass
by Mattijs van Ommeren
EIP-2026-113234 EXPLOITDB text VERIFIED
web@all - Local File Inclusion / Multiple Arbitrary File Upload Vulnerabilities
by KedAns-Dz
EIP-2026-110307 EXPLOITDB text VERIFIED
OpenFiler 2.3 - Multiple Cross-Site Scripting / Information Disclosure Vulnerabilities
by Brendan Coles
CVE-2012-10044 EXPLOITDB CRITICAL ruby VERIFIED
MobileCartly 1.0 - Unauthenticated Arbitrary File Creation via savepage.php
MobileCartly version 1.0 contains an arbitrary file creation vulnerability in the savepage.php script. The application fails to perform authentication or authorization checks before invoking file_put_contents() on attacker-controlled input. An unauthenticated attacker can exploit this flaw by sending crafted HTTP GET requests to savepage.php, specifying both the filename and content. This allows arbitrary file creation within the pages/ directory or any writable path on the server, allowing remote code execution.
by Metasploit
CVE-2012-3233 EXPLOITDB text VERIFIED
Kayako Fusion 4.40.1148 - Cross-Site Scripting via PATH_INFO in PHPExcel Download Script
Cross-site scripting (XSS) vulnerability in __swift/thirdparty/PHPExcel/PHPExcel/Shared/JAMA/docs/download.php in Kayako Fusion 4.40.1148, and possibly before 4.50.1581, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
by High-Tech Bridge
CVE-2012-4336 EXPLOITDB text VERIFIED
flogr < 2.5.6 - Cross-Site Scripting via PATH_INFO or Arbitrary Parameter
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flogr 2.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) an arbitrary parameter.
by High-Tech Bridge
EIP-2026-106974 EXPLOITDB text VERIFIED
Extcalendar 2.0 - Multiple SQL Injections / HTML Injection Vulnerabilities
by Ashiyane Digital Security Team