Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-119397 EXPLOITDB text
ManageEngine OpStor 7.4 - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-113297 EXPLOITDB text VERIFIED
webid 1.0.4 - Multiple Vulnerabilities
by dun
CVE-2012-2573 EXPLOITDB python VERIFIED
T-dah WebMail 3.2.0-2.3 - Stored Cross-Site Scripting via Email Message Body
Multiple cross-site scripting (XSS) vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, (4) an ONLOAD attribute of a BODY element, (5) a crafted SRC attribute of an IFRAME element, (6) a crafted CONTENT attribute of an HTTP-EQUIV="refresh" META element, or (7) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element.
by Shai rod
EIP-2026-112289 EXPLOITDB text
Social Engine 4.2.5 - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-108041 EXPLOITDB html VERIFIED
Jaow CMS 2.3 - Cross-Site Request Forgery
by DaOne
EIP-2026-108040 EXPLOITDB text VERIFIED
Jaow CMS 2.3 - Blind SQL Injection
by loneferret
EIP-2026-107830 EXPLOITDB text VERIFIED
Inferno vBShout 2.5.2 - SQL Injection
by Luit
EIP-2026-107558 EXPLOITDB python
hastymail2 webmail 1.1 rc2 - Persistent Cross-Site Scripting
by Shai rod
EIP-2026-106816 EXPLOITDB perl VERIFIED
Elastix 2.2.0 - 'graph.php' Local File Inclusion
by cheki
EIP-2026-103557 EXPLOITDB html VERIFIED
Mozilla Firefox - Remote Denial of Service
by Jean Pascal Pereira
EIP-2026-100845 EXPLOITDB text VERIFIED
LISTSERV 16 - 'SHOWTPL' Cross-Site Scripting
by Jose Carlos de Arriba
CVE-2012-10046 EXPLOITDB CRITICAL perl VERIFIED
E-Mail Security Virtual Appliance ESVA_2057 - Unauthenticated OS Command Injection via learn-msg.cgi id Parameter
The E-Mail Security Virtual Appliance (ESVA) (tested on version ESVA_2057) contains an unauthenticated command injection vulnerability in the learn-msg.cgi script. The CGI handler fails to sanitize user-supplied input passed via the id parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no authentication and results in full command execution on the underlying system.
by iJoo
CVE-2011-1255 EXPLOITDB text VERIFIED
Internet Explorer 6-8 - Use-After-Free in Timed Interactive Multimedia Extensions
The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Time Element Memory Corruption Vulnerability."
by Ciph3r
CVE-2012-4668 EXPLOITDB python VERIFIED
Roundcube Webmail < 0.8.1 - Cross-Site Scripting via Email Signature
Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email.
by Shai rod
EIP-2026-111553 EXPLOITDB text VERIFIED
ProQuiz 2.0.2 - Cross-Site Request Forgery
by DaOne
CVE-2012-10047 EXPLOITDB CRITICAL ruby VERIFIED
Cyclope Employee Surveillance Solution 6.x - SQL Injection
Cyclope Employee Surveillance Solution versions 6.x are vulnerable to a SQL injection flaw in its login mechanism. The username parameter in the auth-login POST request is not properly sanitized, allowing attackers to inject arbitrary SQL statements. This can be leveraged to write and execute a malicious PHP file on disk, resulting in remote code execution under the SYSTEM user context.
by Metasploit
EIP-2026-119355 EXPLOITDB text VERIFIED
Cyclope Employee Surveillance Solution 6.0 6.1.0 6.2.0 - Multiple Vulnerabilities
by loneferret
EIP-2026-117536 EXPLOITDB ruby VERIFIED
Microsoft Windows - Service Trusted Path Privilege Escalation (Metasploit)
by Metasploit
EIP-2026-117243 EXPLOITDB ruby VERIFIED
GlobalScape CuteZIP - Local Stack Buffer Overflow (Metasploit)
by Metasploit
EIP-2026-114486 EXPLOITDB text VERIFIED
xt:Commerce 3.04 SP2.1 - Blind SQL Injection
by stoffline.com
EIP-2026-112383 EXPLOITDB text VERIFIED
sphpforum 0.4 - Multiple Vulnerabilities
by loneferret
EIP-2026-109530 EXPLOITDB text VERIFIED
MobileCartly 1.0 - Arbitrary File Upload
by ICheer_No0M
EIP-2026-109360 EXPLOITDB text VERIFIED
MaxForum 1.0.0 - Local File Inclusion
by ahwak2000
EIP-2026-104781 EXPLOITDB ruby VERIFIED
TestLink 1.9.3 - Arbitrary File Upload (Metasploit)
by Metasploit
CVE-2011-2653 EXPLOITDB ruby VERIFIED
Novell ZENworks Asset Management 7.5 - Remote Code Execution via rtrlet Directory Traversal
Directory traversal vulnerability in the rtrlet component in Novell ZENworks Asset Management (ZAM) 7.5 allows remote attackers to execute arbitrary code by uploading an executable file.
by Metasploit