Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-115444 EXPLOITDB perl VERIFIED
Internet Download Manager - Memory Corruption
by Dark-Puzzle
EIP-2026-113029 EXPLOITDB text VERIFIED
vBulletin Yet Another Awards System 4.0.2 - SQL Injection
by Backsl@sh/Dan
EIP-2026-112474 EXPLOITDB text VERIFIED
SugarCRM Community Edition - Multiple Information Disclosure Vulnerabilities
by Brendan Coles
EIP-2026-119658 EXPLOITDB text VERIFIED
SquidGuard 1.4 - Long URL Handling Remote Denial of Service
by Stefan Bauer
CVE-2012-4768 EXPLOITDB text VERIFIED
WordPress Download Monitor <3.3.5.9 - XSS
Cross-site scripting (XSS) vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI.
by Chris Cooper
EIP-2026-112738 EXPLOITDB text VERIFIED
TomatoCart - 'example_form.ajax.php' Cross-Site Scripting
by HauntIT
CVE-2012-3551 EXPLOITDB text VERIFIED
Dell Crowbar < 1.4 - Cross-Site Scripting via File Parameter
Cross-site scripting (XSS) vulnerability in crowbar_framework/app/views/support/index.html.haml in the Crowbar barclamp in Crowbar, possibly 1.4 and earlier, allows remote attackers to inject arbitrary web script or HTML via the file parameter to /utils.
by Matthias Weckbecker
EIP-2026-105589 EXPLOITDB html VERIFIED
Booking System Pro - Cross-Site Request Forgery
by DaOne
CVE-2012-3579 EXPLOITDB ruby VERIFIED
Symantec Messaging Gateway < 9.5.4 - Default SSH Credentials
Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session.
by Metasploit
EIP-2026-100631 EXPLOITDB text VERIFIED
XM Forum - 'search.asp' SQL Injection
by Crim3R
CVE-2012-3351 EXPLOITDB MEDIUM text VERIFIED
JW Player < 5.10.2295 - Cross-Site Scripting via Link or Logo Parameters
Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video JW Player through 5.10.2295 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) logo.link, or (3) aboutlink parameter, or a nested URI scheme name for (4) javascript, (5) asfunction, or (6) vbscript.
by MustLive
CVSS 6.1
CVE-2012-10043 EXPLOITDB CRITICAL python VERIFIED
ActFax Server <4.32 - Buffer Overflow
A stack-based buffer overflow vulnerability exists in ActFax Server version 4.32, specifically in the "Import Users from File" functionality of the client interface. The application fails to properly validate the length of tab-delimited fields in .exp files, leading to unsafe usage of strcpy() during CSV parsing. An attacker can exploit this vulnerability by crafting a malicious .exp file and importing it using the default character set "ECMA-94 / Latin 1 (ISO 8859)". Successful exploitation may result in arbitrary code execution, leading to full system compromise. User interaction is required to trigger the vulnerability.
by Craig Freyman
CVE-2012-3274 EXPLOITDB ruby VERIFIED
HP Intelligent Management Center < 5.1 - Stack-based Buffer Overflow in User Access Manager
Stack-based buffer overflow in uam.exe in the User Access Manager (UAM) component in HP Intelligent Management Center (IMC) before 5.1 E0101P01 allows remote attackers to execute arbitrary code via vectors related to log data.
by Metasploit
EIP-2026-116553 EXPLOITDB text VERIFIED
Winlog Lite SCADA HMI system - Overwrite (SEH)
by Ciph3r
EIP-2026-113807 EXPLOITDB text VERIFIED
WordPress Plugin HD Webplayer 1.1 - SQL Injection
by JoinSe7en
CVE-2012-2517 EXPLOITDB MEDIUM html VERIFIED
PrestaShop < 1.4.9.0 - Cross-Site Scripting via product[] Parameter in ajax.php
Cross-site scripting (XSS) vulnerability in PrestaShop before 1.4.9 allows remote attackers to inject arbitrary web script or HTML via the index of the product[] parameter to ajax.php.
by High-Tech Bridge
CVSS 6.1
CVE-2012-4234 EXPLOITDB text VERIFIED
Phorum < 5.2.19 - Cross-Site Scripting via Group Parameter
Cross-site scripting (XSS) vulnerability in the group moderation screen in the control center (control.php) in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via the group parameter.
by High-Tech Bridge
EIP-2026-106472 EXPLOITDB text VERIFIED
Disqus Blog Comments - Blind SQL Injection
by Spy_w4r3
EIP-2026-119144 EXPLOITDB perl VERIFIED
Simple Web Server 2.2-rc2 - ASLR Bypass
by pole
EIP-2026-115231 EXPLOITDB perl
Express Burn Plus 4.58 - EBP Project File Handling Buffer Overflow (PoC)
by LiquidWorm
EIP-2026-114057 EXPLOITDB text VERIFIED
WordPress Plugin Simple:Press Forum - Arbitrary File Upload
by Iranian Dark Coders
EIP-2026-113631 EXPLOITDB text VERIFIED
WordPress Plugin Cloudsafe365 - 'file' Remote File Disclosure
by Jan Van Niekerk
EIP-2026-111850 EXPLOITDB html
RV Shopping Cart - Cross-Site Request Forgery
by DaOne
EIP-2026-111849 EXPLOITDB html
RV Article Publisher - Cross-Site Request Forgery
by DaOne
EIP-2026-109464 EXPLOITDB text
mieric AddressBook 1.0 - SQL Injection
by Jean Pascal Pereira