Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-106903 EXPLOITDB text
ES Job Search Engine 3.0 - SQL Injection
by Vulnerability-Lab
CVE-2007-1036 EXPLOITDB ruby VERIFIED
JBoss Application Server - Unauthenticated Administrative Access via Default Configuration
The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.
by Metasploit
CVE-2012-6151 EXPLOITDB bash VERIFIED
Apple Mac OS X < 5.7.1 - Resource Management Error
Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout.
by Ken Farnen
EIP-2026-101936 EXPLOITDB text
QNAP Turbo NAS TS-1279U-RP - Multiple Path Injections
by Andrea Fabrizi
EIP-2026-100303 EXPLOITDB text
Ektron CMS 8.5.0 - Multiple Vulnerabilities
by Sense of Security
EIP-2026-100209 EXPLOITDB text VERIFIED
Cm3 CMS - 'search.asp' Multiple Cross-Site Scripting Vulnerabilities
by Crim3R
CVE-2012-1666 EXPLOITDB c VERIFIED
VMware Tools <8.0.4-4.0.4-4.1.2-5.1 - Privilege Escalation
Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3 and 5.0 before P03 allows local users to gain privileges via a Trojan horse tpfc.dll file in the current working directory.
by Moshe Zioni
EIP-2026-112497 EXPLOITDB text VERIFIED
Support4Arabs Pages 2.0 - SQL Injection
by L0n3ly-H34rT
EIP-2026-111945 EXPLOITDB text VERIFIED
Sciretech (Multiple Products) - Multiple SQL Injections
by AkaStep
EIP-2026-111055 EXPLOITDB text VERIFIED
PHPFox 3.0.1 - 'ajax.php' Multiple Cross-Site Scripting Vulnerabilities
by Crim3R
CVE-2012-4240 EXPLOITDB text
Group-Office < 4.0.90 - Authenticated SQL Injection via Calendar Sort Parameter
SQL injection vulnerability in modules/calendar/json.php in Group-Office community before 4.0.90 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter.
by Chris Cooper
EIP-2026-104448 EXPLOITDB text
Splunk 4.3.3 - Arbitrary File Read
by Marcio Almeida
CVE-2012-1500 EXPLOITDB MEDIUM text
GreenHopper < 5.9.8 - Stored Cross-Site Scripting in UpdateFieldJson.jspa
Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and GreenHopper before 5.9.8 allows an attacker to inject arbitrary script code.
by Hoyt LLC Research
CVSS 5.4
EIP-2026-112193 EXPLOITDB text VERIFIED
Sitemax Maestro - SQL Injection / Local File Inclusion
by AkaStep
EIP-2026-102005 EXPLOITDB text
Sitecom Home Storage Center - Directory Traversal
by Mattijs van Ommeren
EIP-2026-101607 EXPLOITDB text
Conceptronic Grab'n'Go Network Storage - Directory Traversal
by Mattijs van Ommeren
CVE-2012-4748 EXPLOITDB text VERIFIED
Admidio 2.3.5 - Multiple Vulnerabilities
by Stefan Schurtz
EIP-2026-105326 EXPLOITDB text VERIFIED
AV Arcade Free Edition - 'add_rating.php?id' Blind SQL Injection
by DaOne
CVE-2012-4749 EXPLOITDB text VERIFIED
Admidio 2.3.5 - Multiple Vulnerabilities
by Stefan Schurtz
CVE-2012-4170 EXPLOITDB text VERIFIED
Adobe Photoshop CS6 13.x - Remote Code Execution via Crafted File
Buffer overflow in Adobe Photoshop CS6 13.x before 13.0.1 allows remote attackers to execute arbitrary code via a crafted file.
by Francis Provencher
EIP-2026-112475 EXPLOITDB text
SugarCRM Community Edition 6.5.2 (Build 8410) - Multiple Vulnerabilities
by Brendan Coles
EIP-2026-108863 EXPLOITDB perl
Joomla! Component Spider Calendar - SQL Injection
by D4NB4R
CVE-2012-4751 EXPLOITDB python
OTRS Help Desk <2.4.15, <3.0.17, <3.1.11 - XSS
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC attribute of an element, as demonstrated by an IFRAME element.
by Mike Eduard
EIP-2026-119112 EXPLOITDB ruby VERIFIED
SAP NetWeaver HostControl - Command Injection (Metasploit)
by Metasploit
EIP-2026-116524 EXPLOITDB perl VERIFIED
WarFTP Daemon 1.82 RC 11 - Remote Format String
by coolkaveh