Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-106085 EXPLOITDB text
CommPort 1.01 - Multiple Vulnerabilities
by Jean Pascal Pereira
EIP-2026-101606 EXPLOITDB text
Conceptronic Grab'n'Go and Sitecom Storage Center - Password Disclosure
by Mattijs van Ommeren
CVE-2012-0217 EXPLOITDB text VERIFIED
FreeBSD Intel SYSRET Privilege Escalation
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.
by Shahriyar Jalayeri
EIP-2026-114494 EXPLOITDB text VERIFIED
XWiki 4.2-milestone-2 - Multiple Persistent Cross-Site Scripting Vulnerabilities
by Shai rod
EIP-2026-114489 EXPLOITDB text VERIFIED
xt:Commerce VEYTON 4.0.15 - 'products_name_de' Script Insertion
by LiquidWorm
EIP-2026-113661 EXPLOITDB text VERIFIED
WordPress Plugin Count Per Day 3.2.3 - Cross-Site Scripting
by Crim3R
EIP-2026-113427 EXPLOITDB text VERIFIED
Wiki Web Help 0.3.9 - Multiple Persistent Cross-Site Scripting Vulnerabilities
by Shai rod
EIP-2026-113237 EXPLOITDB text
web@all CMS 2.0 - Multiple Vulnerabilities
by LiquidWorm
EIP-2026-113136 EXPLOITDB text VERIFIED
Vlinks 2.0.3 - 'id' SQL Injection
by JIKO
EIP-2026-108771 EXPLOITDB text VERIFIED
Joomla! Component Komento - 'cid' SQL Injection
by Crim3R
CVE-2012-0744 EXPLOITDB text VERIFIED
IBM Rational ClearQuest <7.1.2.7 & 8.0.0.3 - Info Disclosure
IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 allows remote attackers to obtain potentially sensitive information via a request to a (1) snoop, (2) hello, (3) ivt/, (4) hitcount, (5) HitCount.jsp, (6) HelloHTMLError.jsp, (7) HelloHTML.jsp, (8) HelloVXMLError.jsp, (9) HelloVXML.jsp, (10) HelloWMLError.jsp, (11) HelloWML.jsp, or (12) cqweb/j_security_check sample script.
by anonymous
EIP-2026-105188 EXPLOITDB text
aoop CMS 0.3.6 - Multiple Vulnerabilities
by Julien Ahrens
CVE-2009-4498 EXPLOITDB ruby VERIFIED
Zabbix Server <1.8 - Command Injection
The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request.
by Metasploit
CVE-2012-4681 EXPLOITDB CRITICAL ruby VERIFIED
Java 7 Applet Remote Code Execution
Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class.
by Metasploit
CVSS 9.8
EIP-2026-100304 EXPLOITDB text
Elcom CMS 7.4.10 - Community Manager Insecure Arbitrary File Upload
by Sense of Security
EIP-2026-113748 EXPLOITDB text VERIFIED
WordPress Plugin Finder - 'order' Cross-Site Scripting
by Crim3R
EIP-2026-109465 EXPLOITDB text VERIFIED
Mihalism Multi Host - 'users.php' Cross-Site Scripting
by Explo!ter
EIP-2026-109104 EXPLOITDB text VERIFIED
LibGuides - Multiple Cross-Site Scripting Vulnerabilities
by Crim3R
EIP-2026-100618 EXPLOITDB text VERIFIED
Web Wiz Forums - Multiple Cross-Site Scripting Vulnerabilities
by Crim3R
EIP-2026-100492 EXPLOITDB text VERIFIED
Power-eCommerce - Multiple Cross-Site Scripting Vulnerabilities
by Crim3R
EIP-2026-116570 EXPLOITDB c++ VERIFIED
Wireshark 1.6.0/1.8.2 - Buffer Overflow (PoC)
by X-h4ck
EIP-2026-115665 EXPLOITDB html VERIFIED
Microsoft Indexing Service - 'ixsso.dll' ActiveX Control Denial of Service
by coolkaveh
EIP-2026-113335 EXPLOITDB php
webpa 1.1.0.1 - Multiple Vulnerabilities
by dun
EIP-2026-112609 EXPLOITDB text VERIFIED
Text Exchange Pro - 'index.php' Local File Inclusion
by Yakir Wizman
EIP-2026-110787 EXPLOITDB text VERIFIED
PHP Web Scripts Text Exchange Pro - 'page' Local File Inclusion
by Yakir Wizman