Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-4035 EXPLOITDB text VERIFIED
PBBoard 2.1.4 - Unauthenticated Arbitrary Password Change via member_id and new_password Parameters
The new_password page in PBBoard 2.1.4 allows remote attackers to change the password of arbitrary user accounts via the member_id and new_password parameters to index.php.
by High-Tech Bridge
CVE-2012-4034 EXPLOITDB text VERIFIED
PBBoard 2.1.4 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to the send page, (2) email parameter to the forget page, (3) password parameter to the forum_archive page, (4) section parameter to the management page, (5) section_id parameter to the managementreply page, (6) member_id parameter to the new_password page, or (7) subjectid parameter to the tags page to index.php.
by High-Tech Bridge
CVE-2012-4036 EXPLOITDB text VERIFIED
PBBoard 2.1.4 - Authenticated Arbitrary PHP File Upload via admin.php
Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 allows remote administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the addons directory. NOTE: this vulnerability can be leveraged by remote attackers using CVE-2012-1216.
by High-Tech Bridge
CVE-2012-3873 EXPLOITDB text
Openconstructor - SQL Injection
Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) data/gallery/edit.php, (2) data/guestbook/edit.php, (3) data/file/edit.php, (4) data/htmltext/edit.php, (5) data/publication/edit.php, or (6) data/event/edit.php.
by Lorenzo Cantoni
EIP-2026-108336 EXPLOITDB perl VERIFIED
Joomla! Component com_enmasse 1.2.0.4 - SQL Injection
by D4NB4R
EIP-2026-107859 EXPLOITDB text
Inout Mobile Webmail APP - Persistent Cross-Site Scripting
by Vulnerability-Lab
EIP-2026-107704 EXPLOITDB text
iauto mobile Application 2012 - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-106463 EXPLOITDB text VERIFIED
dirLIST 0.3.0 - Local File Inclusion
by L0n3ly-H34rT
EIP-2026-105221 EXPLOITDB php VERIFIED
AraDown - Blind SQL Injection
by G-B
EIP-2026-105220 EXPLOITDB php VERIFIED
AraDown - 'id' SQL Injection
by G-B
EIP-2026-104757 EXPLOITDB ruby VERIFIED
PHP IRC Bot pbot - 'eval()' Remote Code Execution (Metasploit)
by Metasploit
EIP-2026-102364 EXPLOITDB text VERIFIED
ConcourseSuite - Multiple Cross-Site Scripting / Cross-Site Request Forgery Vulnerabilities
by Matthew Joyce
EIP-2026-119455 EXPLOITDB text
Zoho BugTracker - Multiple Persistent Cross-Site Scripting Vulnerabilities
by LiquidWorm
EIP-2026-119009 EXPLOITDB text VERIFIED
Oracle Business Transaction Management Server 12.1.0.2.7 FlashTunnelService - Remote File Deletion
by rgod
EIP-2026-119008 EXPLOITDB text VERIFIED
Oracle Business Transaction Management Server 12.1.0.2.7 - FlashTunnelService WriteToFile Message Remote Code Execution
by rgod
CVE-2012-4237 EXPLOITDB text VERIFIED
TCExam < 11.3.008 - Authenticated SQL Injection via subject_module_id Parameter
Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id parameter to (1) tce_edit_answer.php or (2) tce_edit_question.php.
by Chris Cooper
CVE-2012-4237 EXPLOITDB text VERIFIED
TCExam < 11.3.008 - Authenticated SQL Injection via subject_module_id Parameter
Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id parameter to (1) tce_edit_answer.php or (2) tce_edit_question.php.
by Chris Cooper
EIP-2026-110505 EXPLOITDB php VERIFIED
PBBoard - Authentication Bypass
by i-Hmx
EIP-2026-107394 EXPLOITDB text VERIFIED
Getsimple CMS 3.1.2 - 'path' Local File Inclusion
by PuN!Sh3r
CVE-2012-4070 EXPLOITDB text VERIFIED
dir2web 3.0 - SQL Injection via oid Parameter
SQL injection vulnerability in system/src/dispatcher.php in Dir2web 3.0 allows remote attackers to execute arbitrary SQL commands via the oid parameter in a homepage action to index.php.
by Daniel Correa
CVE-2012-3456 EXPLOITDB c++ VERIFIED
Calligra < 2.4.3 - Heap-Based Buffer Overflow in Microsoft Import Filter
Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
by Charlie Miller
CVE-2012-0549 EXPLOITDB ruby VERIFIED
Oracle AutoVue Office <20.1.1 - Info Disclosure
Unspecified vulnerability in the Oracle AutoVue Office component in Oracle Supply Chain Products Suite 20.1.1 allows remote attackers to affect confidentiality, integrity, and availability, related to Desktop API.
by Metasploit
EIP-2026-116998 EXPLOITDB ruby VERIFIED
CoolPlayer+ Portable 2.19.2 - Local Buffer Overflow (ASLR Bypass)
by Robert Larsen
EIP-2026-114910 EXPLOITDB text VERIFIED
AOL Products downloadUpdater2 Plugin - 'SRC' Remote Code Execution
by rgod
EIP-2026-114555 EXPLOITDB text VERIFIED
YT-Videos Script - 'id' SQL Injection
by 3spi0n