Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-105150 EXPLOITDB text VERIFIED
am4ss 1.2 - Multiple Vulnerabilities
by s3n4t00r
CVE-2012-3450 EXPLOITDB php VERIFIED
PHP < 5.3.14 and 5.4.x < 5.4.4 - Denial of Service via PDO Prepared Statement Parsing
pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value.
by 0x721427D8
CVE-2012-0946 EXPLOITDB c
NVIDIA UNIX <295.40 - Memory Corruption
The NVIDIA UNIX driver before 295.40 allows local users to access arbitrary memory locations by leveraging GPU device-node read/write privileges.
by anonymous
EIP-2026-101174 EXPLOITDB text VERIFIED
Barracuda Email Security Service - Multiple HTML Injection Vulnerabilities
by Benjamin Kunz Mejri
EIP-2026-113777 EXPLOITDB html VERIFIED
WordPress Plugin G-Lock Double Opt-in Manager - SQL Injection
by BEASTIAN
EIP-2026-112587 EXPLOITDB text VERIFIED
tekno.Portal 0.1b - 'link.php' SQL Injection
by Socket_0x03
EIP-2026-109311 EXPLOITDB text
ManageEngine Mobile Application Manager 10 - SQL Injection
by Vulnerability-Lab
CVE-2008-0474 EXPLOITDB text
ManageEngine Applications Manager 8.1 build 8100 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 8.1 build 8100 allow remote attackers to inject arbitrary web script or HTML via the (1) showlink parameter to jsp/DiscoveryProfiles.jsp; the (2) attributeIDs, (3) attributeToSelect, (4) redirectto, and (5) resourceid parameters to (a) jsp/ThresholdActionConfiguration.jsp; the (6) page and (7) redirect parameters to (b) jsp/UpdateGlobalSettings.jsp; and the (8) haid and (9) returnpath parameters to (c) showTile.do. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Vulnerability-Lab
EIP-2026-108459 EXPLOITDB text
Joomla! Component com_niceajaxpoll 1.3.0 - SQL Injection
by Patrick de Brouwer
EIP-2026-108447 EXPLOITDB text VERIFIED
Joomla! Component com_movm - SQL Injection
by D4NB4R
EIP-2026-106473 EXPLOITDB text VERIFIED
Distimo Monitor - Multiple Cross-Site Scripting Vulnerabilities
by Benjamin Kunz Mejri
EIP-2026-104748 EXPLOITDB perl
pBot - Remote Code Execution
by bwall
CVE-2011-2702 EXPLOITDB text VERIFIED
glibc < 2.13 and eglibc < 2.13 - Remote Code Execution via SSSE3 Optimization
Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function.
by c0ntex
EIP-2026-102401 EXPLOITDB text VERIFIED
ManageEngine Applications Manager - Multiple SQL Injections
by Ibrahim El-Sayed
EIP-2026-102400 EXPLOITDB text VERIFIED
ManageEngine Applications Manager - Multiple Cross-Site Scripting / SQL Injections
by Ibrahim El-Sayed
EIP-2026-119363 EXPLOITDB text
Dr. Web Control Center 6.00.3.201111300 - Cross-Site Scripting
by Oliver Karow
CVE-2010-3964 EXPLOITDB ruby VERIFIED
Microsoft SharePoint Server 2007 SP2 - Remote Code Execution via Malformed SOAP Request
Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability."
by Metasploit
EIP-2026-109146 EXPLOITDB text VERIFIED
Limny - 'index.php' Multiple SQL Injections
by L0n3ly-H34rT
EIP-2026-102476 EXPLOITDB text VERIFIED
DataWatch Monarch Business Intelligence - Multiple Input Validation Vulnerabilities
by Raymond Rizk
CVE-2012-10048 EXPLOITDB HIGH text VERIFIED
Zenoss Core 3.x - Command Injection
Zenoss Core 3.x contains a command injection vulnerability in the showDaemonXMLConfig endpoint. The daemon parameter is passed directly to a Popen() call in ZenossInfo.py without proper sanitation, allowing authenticated users to execute arbitrary commands on the server as the zenoss user.
by Brendan Coles
CVE-2012-4178 EXPLOITDB python VERIFIED
Symantec Web Gateway 5.0.3.18 - SQL Injection via groupid Parameter
SQL injection vulnerability in spywall/includes/deptUploads_data.php in Symantec Web Gateway 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via the groupid parameter.
by Kc57
CVE-2012-3848 EXPLOITDB text VERIFIED
Plixer Scrutinizer < 9.5.0 - Cross-Site Scripting via d4d/exporters.php Query String or HTTP Referer Header
Multiple cross-site scripting (XSS) vulnerabilities in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to d4d/exporters.php, (2) the HTTP Referer header to d4d/exporters.php, or (3) unspecified input to d4d/contextMenu.php.
by Mario Ceballos
CVE-2012-2627 EXPLOITDB text VERIFIED
Plixer Scrutinizer <9.5.0 - Code Injection
d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\Scrutinizer\snmp\mibs\ via a multipart/form-data POST request.
by Mario Ceballos
EIP-2026-104514 EXPLOITDB python VERIFIED
Zenoss 3.2.1 - (Authenticated) Remote Command Execution
by Brendan Coles
CVE-2012-2626 EXPLOITDB text VERIFIED
Plixer Scrutinizer < 9.5.0 - Unauthenticated Administrative Account Creation via admin.cgi userprefs Action
cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action.
by Mario Ceballos