Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-117659 EXPLOITDB python
MyMp3 Player Stack - '.m3u' File DEP Bypass
by Daniel Romero
CVE-2012-2961 EXPLOITDB text VERIFIED
Symantec Web Gateway <5.0.3.18 - SQL Injection
SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
by muts
EIP-2026-109801 EXPLOITDB text
MySQL Squid Access Report 2.1.4 - HTML Injection
by Daniel Godoy
CVE-2012-3835 EXPLOITDB python VERIFIED
AlienVault OSSIM 3.1 - Cross-Site Scripting via URL Parameter or Time Parameter
Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to top.php or (2) time[0][0] parameter to forensics/base_qry_main.php, which is not properly handled in an error page.
by muts
CVE-2012-2574 EXPLOITDB python VERIFIED
Symantec Web Gateway <5.0.3.18 - SQL Injection
SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to a "blind SQL injection" issue.
by muts
EIP-2026-103261 EXPLOITDB text VERIFIED
Atmail WebAdmin and Webmail Control Panel - SQL Root Password Disclosure
by Ciph3r
CVE-2012-2601 EXPLOITDB javascript VERIFIED
Ipswitch WhatsUp Gold 15.02 - SQL Injection
SQL injection vulnerability in WrVMwareHostList.asp in Ipswitch WhatsUp Gold 15.02 allows remote attackers to execute arbitrary SQL commands via the sGroupList parameter.
by muts
CVE-2012-2962 EXPLOITDB python VERIFIED
Plixer Scrutinizer <9.5.2 - SQL Injection
SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter.
by muts
CVE-2012-4344 EXPLOITDB javascript VERIFIED
Ipswitch WhatsUp Gold 15.02 - Cross-Site Scripting via SNMP System Name
Cross-site scripting (XSS) vulnerability in Ipswitch WhatsUp Gold 15.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the SNMP system name of the attacking host.
by muts
CVE-2012-2602 EXPLOITDB javascript VERIFIED
SolarWinds Orion NPM <10.3.1 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts via CreateUserStepContainer actions to Admin/Accounts/Add/OrionAccount.aspx or (2) modify account privileges via a ynAdminRights action to Admin/Accounts/EditAccount.aspx.
by muts
CVE-2012-2570 EXPLOITDB text VERIFIED
X-Cart Gold 4.5 - Cross-Site Scripting via products_map.php symb Parameter
Cross-site scripting (XSS) vulnerability in products_map.php in X-Cart Gold 4.5 allows remote attackers to inject arbitrary web script or HTML via the symb parameter.
by muts
CVE-2012-2570 EXPLOITDB text VERIFIED
X-Cart Gold 4.5 - Cross-Site Scripting via products_map.php symb Parameter
Cross-site scripting (XSS) vulnerability in products_map.php in X-Cart Gold 4.5 allows remote attackers to inject arbitrary web script or HTML via the symb parameter.
by Am!r
CVE-2012-2593 EXPLOITDB MEDIUM python VERIFIED
Atmail Webmail Server 6.4 - Cross-Site Scripting via Email Date Field
Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email.
by muts
CVSS 6.1
CVE-2011-3175 EXPLOITDB ruby VERIFIED
Novell ZENworks Configuration Management 11.1 and 11.1a - Remote Code Execution via Preboot Service Opcode 0x6c
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x6c request.
by Metasploit
CVE-2011-3176 EXPLOITDB ruby VERIFIED
Novell ZENworks Configuration Management 11.1 and 11.1a - Stack-Based Buffer Overflow via Opcode 0x4c Request
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x4c request.
by Metasploit
CVE-2011-3176 EXPLOITDB ruby VERIFIED
Novell ZENworks Configuration Management 11.1 and 11.1a - Stack-Based Buffer Overflow via Opcode 0x4c Request
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x4c request.
by Metasploit
EIP-2026-116060 EXPLOITDB text
PHP 6.0 - 'openssl_verify()' Local Buffer Overflow (PoC)
by Yakir Wizman
EIP-2026-116028 EXPLOITDB text
Oxide WebServer 2.0.4 - Denial of Service
by SecPod Research
CVE-2012-1769 EXPLOITDB text VERIFIED
Oracle Fusion Middleware 8.3.5 and 8.3.7 - Denial of Service in Outside In Filters
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110.
by Francis Provencher
CVE-2012-1770 EXPLOITDB text VERIFIED
Oracle Fusion Middleware 8.3.5 and 8.3.7 - Denial of Service in Outside In Filters
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110.
by Francis Provencher
CVE-2012-1744 EXPLOITDB text VERIFIED
Oracle Outside In Tech <8.3.5,8.3.7 - DoS
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent users to affect availability via unknown vectors related to Outside In Filters.
by Francis Provencher
EIP-2026-115405 EXPLOITDB perl VERIFIED
httpdx 1.5.4 - HTTP Server Remote Denial of Service
by st3n
EIP-2026-110884 EXPLOITDB text
PHP-Nuke module (SPChat) - SQL Injection
by Yakir Wizman
EIP-2026-109258 EXPLOITDB text VERIFIED
Maian Survey - '/index.php' URI redirection / Local File Inclusion
by PuN!Sh3r
EIP-2026-107709 EXPLOITDB text
iBoutique 4.0 - 'key' SQL Injection
by SecPod Research