Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-108481 EXPLOITDB text VERIFIED
Joomla! Component com_photo - Multiple SQL Injections
by Chokri Ben Achor
EIP-2026-104501 EXPLOITDB text VERIFIED
Worksforweb iAuto - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
by Benjamin Kunz Mejri
EIP-2026-116996 EXPLOITDB python VERIFIED
CoolPlayer Portable 2.19.2 - Local Buffer Overflow (ASLR Bypass) (2)
by pole
EIP-2026-113716 EXPLOITDB text
WordPress Plugin Effective Lead Management 3.0.0 - Persistent Cross-Site Scripting
by Chris Kellum
EIP-2026-112674 EXPLOITDB text VERIFIED
Tickets CAD 2.20G - Multiple Vulnerabilities
by chap0
EIP-2026-109440 EXPLOITDB python VERIFIED
Mibew Messenger 1.6.4 - 'threadid' SQL Injection
by Ucha Gobejishvili
EIP-2026-107969 EXPLOITDB text
Islamnt Islam Forum Script 1.2 - Blind SQL Injection
by s3n4t00r
EIP-2026-100488 EXPLOITDB text VERIFIED
PolarisCMS - 'WebForm_OnSubmit()' Cross-Site Scripting
by Gjoko Krstic
EIP-2026-113425 EXPLOITDB text VERIFIED
Wiki Web Help - 'configpath' Remote File Inclusion
by L0n3ly-H34rT
CVE-2012-3872 EXPLOITDB text VERIFIED
Openconstructor - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Open Constructor 3.12.0 allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to data/file/edit.php, (2) the q parameter to confirm.php, or (3) the keyword parameter to users/users.php.
by Lorenzo Cantoni
CVE-2012-3872 EXPLOITDB text VERIFIED
Openconstructor - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Open Constructor 3.12.0 allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to data/file/edit.php, (2) the q parameter to confirm.php, or (3) the keyword parameter to users/users.php.
by Lorenzo Cantoni
CVE-2012-3872 EXPLOITDB text VERIFIED
Openconstructor - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Open Constructor 3.12.0 allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to data/file/edit.php, (2) the q parameter to confirm.php, or (3) the keyword parameter to users/users.php.
by Lorenzo Cantoni
CVE-2012-10048 EXPLOITDB HIGH ruby VERIFIED
Zenoss Core 3.x - Command Injection
Zenoss Core 3.x contains a command injection vulnerability in the showDaemonXMLConfig endpoint. The daemon parameter is passed directly to a Popen() call in ZenossInfo.py without proper sanitation, allowing authenticated users to execute arbitrary commands on the server as the zenoss user.
by Metasploit
CVE-2012-2962 EXPLOITDB ruby VERIFIED
Plixer Scrutinizer <9.5.2 - SQL Injection
SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter.
by Metasploit
CVE-2012-0284 EXPLOITDB ruby VERIFIED
Cisco Linksys PlayerPT <1.0.0.15 - Buffer Overflow
Stack-based buffer overflow in the SetSource method in the Cisco Linksys PlayerPT ActiveX control 1.0.0.15 in PlayerPT.ocx on the Cisco WVC200 Wireless-G PTZ Internet video camera allows remote attackers to execute arbitrary code via a long URL in the first argument (aka the sURL argument).
by Metasploit
EIP-2026-106826 EXPLOITDB text VERIFIED
Elefant CMS - 'id' Cross-Site Scripting
by PuN!Sh3r
EIP-2026-104363 EXPLOITDB text VERIFIED
ntop - 'arbfile' Cross-Site Scripting
by Marcos Garcia
CVE-2012-3549 EXPLOITDB c
FreeBSD 8.2 - Denial of Service via Crafted ASCONF Chunk
The SCTP implementation in FreeBSD 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted ASCONF chunk.
by Shaun Colley
CVE-2012-10049 EXPLOITDB CRITICAL ruby VERIFIED
WebPageTest < 2.6 - Remote Code Execution via Unrestricted File Upload in resultimage.php
WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. The application fails to validate or sanitize user-supplied input before saving uploaded files to a publicly accessible directory. This flaw allows remote attackers to upload and execute arbitrary PHP code, resulting in full remote code execution under the web server context.
by Metasploit
CVE-2012-1876 EXPLOITDB ruby VERIFIED
Microsoft Internet Explorer 6-9 and 10 Consumer Preview - Remote Code Execution via Col Element Handling
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
by Metasploit
EIP-2026-116486 EXPLOITDB perl VERIFIED
VideoLAN VLC Media Player 2.0.2 - '.3gp' File Divide-by-Zero Denial of Service
by Dark-Puzzle
EIP-2026-114349 EXPLOITDB text VERIFIED
WordPress Theme ShopperPress - SQL Injection / Cross-Site Scripting
by Benjamin Kunz Mejri
CVE-2012-2237 EXPLOITDB MEDIUM text VERIFIED
Mahara 1.4.0-1.4.2 and 1.5.0-1.5.1 - Cross-Site Scripting via Login Form, Links, Resources, and Display Name
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) resources URLs, and (4) the Display name in a user profile.
by anonymous
CVSS 6.1
EIP-2026-108409 EXPLOITDB text VERIFIED
Joomla! Component com_joomgalaxy 1.2.0.4 - Multiple Vulnerabilities
by D4NB4R
EIP-2026-105151 EXPLOITDB php VERIFIED
am4ss Support System 1.2 - PHP Code Injection
by i-Hmx