Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-104806 EXPLOITDB text VERIFIED
1024 CMS 2.1.1 - 'p' SQL Injection
by kallimero
CVE-2012-10045 EXPLOITDB CRITICAL text VERIFIED
XODA 0.4.5 - Unauthenticated Arbitrary PHP File Upload via Multipart Form Data
XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw resides in the upload functionality, which fails to properly validate or restrict uploaded file types. By crafting a multipart/form-data POST request, an attacker can upload a .php file directly into the web-accessible files/ directory and trigger its execution via a subsequent GET request.
by Shai rod
EIP-2026-119200 EXPLOITDB ruby VERIFIED
Sysax Multi Server 5.64 - Create Folder Buffer Overflow (Metasploit)
by Matt Andreko
EIP-2026-108926 EXPLOITDB text VERIFIED
JPM Article Blog Script 6 - 'tid' Cross-Site Scripting
by Mr.0c3aN
EIP-2026-105935 EXPLOITDB text VERIFIED
Clipbucket 2.5 - Directory Traversal
by loneferret
EIP-2026-105933 EXPLOITDB text VERIFIED
Clipbucket 2.5 - Blind SQL Injection
by loneferret
CVE-2012-2612 EXPLOITDB python VERIFIED
SAP NetWeaver 7.0 EHP1 and EHP2 - Denial of Service via Crafted SAP Diag Packet
The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
by Core Security
CVE-2012-2977 EXPLOITDB ruby VERIFIED
Symantec Web Gateway <5.0.3.18 - RCE
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to change arbitrary passwords via crafted input to an application script.
by Kc57
CVE-2012-2977 EXPLOITDB python VERIFIED
Symantec Web Gateway <5.0.3.18 - RCE
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to change arbitrary passwords via crafted input to an application script.
by Kc57
CVE-2012-4680 EXPLOITDB text
IOServer <1.0.19.0 - Path Traversal
Directory traversal vulnerability in the XML Server in IOServer before 1.0.19.0, when the Root Directory pathname lacks a trailing \ (backslash) character, allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in a URI.
by hinge
CVE-2012-1535 EXPLOITDB HIGH ruby VERIFIED
Adobe Flash Player < 11.3.300.271 - Remote Code Execution via Crafted SWF Content
Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document.
by Metasploit
CVSS 7.8
EIP-2026-115152 EXPLOITDB perl VERIFIED
Divx Player 6.8.2 - Denial of Service
by Dark-Puzzle
EIP-2026-114545 EXPLOITDB text
YourArcadeScript 2.4 - 'index.php?id' SQL Injection
by DaOne
CVE-2006-0469 EXPLOITDB python
uebimiau 2.7.9 - Cross-Site Scripting via IMG Tag SRC Attribute
Cross-site scripting (XSS) vulnerability in UebiMiau 2.7.9, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG tag.
by Shai rod
EIP-2026-112542 EXPLOITDB text VERIFIED
T-dah Webmail - Cross-Site Request Forgery / Persistent Cross-Site Scripting
by Yakir Wizman
EIP-2026-110570 EXPLOITDB html VERIFIED
PG Portal Pro - Cross-Site Request Forgery
by Noxious
EIP-2026-107596 EXPLOITDB python
Hivemail Webmail - Multiple Persistent Cross-Site Scripting Vulnerabilities
by Shai rod
EIP-2026-107537 EXPLOITDB python
GWebmail 0.7.3 - Cross-Site Scripting / Local File Inclusion / Remote Code Execution
by Shai rod
EIP-2026-105934 EXPLOITDB html VERIFIED
Clipbucket 2.5 - Cross-Site Request Forgery
by DaOne
EIP-2026-102377 EXPLOITDB python
hupa webmail 0.0.2 - Persistent Cross-Site Scripting
by Shai rod
EIP-2026-101520 EXPLOITDB text
Alpha Networks ADSL2/2+ Wireless Router ASL-26555 - Password Disclosure
by Alberto Ortega
EIP-2026-119398 EXPLOITDB text VERIFIED
ManageEngine OpUtils 6.0 - Persistent Cross-Site Scripting
by loneferret
CVE-2001-0198 EXPLOITDB c++ VERIFIED
QuickTime Player plugin 4.1.2 - Buffer Overflow via EMBED Tag HREF Parameter
Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows remote attackers to execute arbitrary commands via a long HREF parameter in an EMBED tag.
by UNYUN
EIP-2026-111879 EXPLOITDB text VERIFIED
SaltOS - 'download.php' Cross-Site Scripting
by Stefan Schurtz
EIP-2026-107787 EXPLOITDB python VERIFIED
IlohaMail Webmail - Persistent Cross-Site Scripting
by Shai rod