Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-110512 EXPLOITDB text
PBBoard CMS 2.1.4 - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-106932 EXPLOITDB text VERIFIED
Event Calender PHP - Multiple Input Validation Vulnerabilities
by snup
EIP-2026-106851 EXPLOITDB text VERIFIED
EmbryoCore CMS 1.03 - 'loadcss.php' Multiple Directory Traversal Vulnerabilities
by Sammy FORGIT
CVE-2012-4399 EXPLOITDB HIGH text VERIFIED
CakePHP 2.1.0-2.1.4 and 2.1.0-alpha-2.1.4 - XML External Entity Injection
The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
by Pawel Wylecial
CVSS 7.5
EIP-2026-102104 EXPLOITDB text VERIFIED
Vivotek Cameras - Sensitive Information Disclosure
by GothicX
EIP-2026-106833 EXPLOITDB text VERIFIED
Elite Bulletin Board - Multiple SQL Injections
by ToXiC
EIP-2026-112032 EXPLOITDB php
Shopware 3.5 - SQL Injection
by Kataklysmos
EIP-2026-108466 EXPLOITDB text
Joomla! Component com_osproperty 2.0.2 - Unrestricted Arbitrary File Upload
by D4NB4R
EIP-2026-101452 EXPLOITDB ruby
Siemens Simatic S7-300/400 - CPU START/STOP Module (Metasploit)
by Dillon Beresford
EIP-2026-101451 EXPLOITDB ruby
Siemens Simatic S7-300 - PLC Remote Memory Viewer (Metasploit)
by Dillon Beresford
EIP-2026-101450 EXPLOITDB ruby
Siemens Simatic S7-1200 - CPU START/STOP Module (Metasploit)
by Dillon Beresford
CVE-2012-10049 EXPLOITDB CRITICAL text VERIFIED
WebPageTest < 2.6 - Remote Code Execution via Unrestricted File Upload in resultimage.php
WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. The application fails to validate or sanitize user-supplied input before saving uploaded files to a publicly accessible directory. This flaw allows remote attackers to upload and execute arbitrary PHP code, resulting in full remote code execution under the web server context.
by dun
EIP-2026-114009 EXPLOITDB text
WordPress Plugin Resume Submissions & Job Postings 2.5.1 - Unrestricted Arbitrary File Upload
by Chris Kellum
EIP-2026-113784 EXPLOITDB ruby VERIFIED
WordPress Plugin Generic - Arbitrary File Upload
by KedAns-Dz
EIP-2026-109240 EXPLOITDB text VERIFIED
Magento eCommerce - Local File Disclosure
by SEC Consult
EIP-2026-108426 EXPLOITDB text
Joomla! Component com_ksadvertiser - Remote File / Bypass Upload
by D4NB4R
EIP-2026-118202 EXPLOITDB perl VERIFIED
ZipItFast PRO 3.0 - Local Heap Overflow
by b33f
CVE-2012-6303 EXPLOITDB python VERIFIED
Snack Sound Toolkit - Heap-based Buffer Overflow in GetWavHeader
Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large chunk size in a WAV file.
by Jean Pascal Pereira
CVE-2012-1858 EXPLOITDB text VERIFIED
Microsoft Lync 2010 and 2010 Attendee - Cross-Site Scripting via SafeHTML Component
The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
by Adi Cohen
CVE-2010-4980 EXPLOITDB text
iScripts ReserveLogic 1.0 - SQL Injection
SQL injection vulnerability in packagedetails.php in iScripts ReserveLogic 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
by Vulnerability-Lab
EIP-2026-110594 EXPLOITDB text VERIFIED
Phonalisa - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities
by Benjamin Kunz Mejri
EIP-2026-109082 EXPLOITDB text VERIFIED
Lc Flickr Carousel 1.0 - Local File Disclosure
by GoLd_M
EIP-2026-107659 EXPLOITDB text VERIFIED
House Style 0.1.2 - 'readfile()' Local File Disclosure
by GoLd_M
CVE-2011-4542 EXPLOITDB ruby VERIFIED
Hastymail2 2.1.1 - Remote Code Execution via rs or rsargs[] Parameter
Hastymail2 2.1.1 before RC2 allows remote attackers to execute arbitrary commands via the (1) rs or (2) rsargs[] parameter in a mailbox Drafts action to the default URI.
by Metasploit
EIP-2026-106748 EXPLOITDB text VERIFIED
eCan 0.1 - Local File Disclosure
by GoLd_M