Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-102059 EXPLOITDB text
TP-Link Gateway 3.12.4 - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2011-2657 EXPLOITDB ruby VERIFIED
Novell ZENworks Configuration Management 10.2-11 SP1 - Remote Code Execution via LaunchHelp ActiveX Path Traversal
Directory traversal vulnerability in the LaunchProcess function in the LaunchHelp.HelpLauncher.1 ActiveX control in LaunchHelp.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 allows remote attackers to execute arbitrary commands via a pathname in the first argument.
by Metasploit
CVE-2012-3805 EXPLOITDB text VERIFIED
Kajona < 3.4.2 - Cross-Site Scripting via Multiple Input Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the getAllPassedParams function in system/functions.php in Kajona before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) absender_name, (2) absender_email, or (3) absender_nachricht parameter to the content page; (4) comment_name, (5) comment_subject, or (6) comment_message parameter to the postacomment module; (7) module parameter to index.php; (8) action parameter to the admin login page; (9) pv or (10) pe parameter in a list action to the user module; (11) user_username, (12) user_email, (13) user_forename, (14) user_name, (15) user_street, (16) user_postal, (17) user_city, (18) user_tel, or (19) user_mobil parameter in a newUser action to the user module; (20) group_name or (21) group_desc parameter in a groupNew action to the user module; (22) name, (23) browsername, (24) seostring, (25) keywords, or (26) folder_id parameter in a newPage action to the pages module; (27) element_name or (28) element_cachetime parameter in a newElement action in the pages module; (29) aspect_name parameter in a newAspect action in the system module; (30) filemanager_name, (31) filemanager_path, (32) filemanager_upload_filter, or (33) filemanager_view_filter parameter in a NewRepo action to the filemanager module; or (34) archive_title or (35) archive_path parameter in a newArchive action to the downloads module. NOTE: some of these details are obtained from third party information.
by High-Tech Bridge SA
CVE-2012-1723 EXPLOITDB CRITICAL ruby VERIFIED
Java Applet Field Bytecode Verifier Cache Remote Code Execution
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
by Metasploit
CVSS 9.8
EIP-2026-115045 EXPLOITDB text
Checkpoint Abra - Multiple Vulnerabilities
by Andrey Komarov
EIP-2026-114261 EXPLOITDB text VERIFIED
WordPress Plugin WP-Predict 1.0 - Blind SQL Injection
by Chris Kellum
CVE-2012-10054 EXPLOITDB CRITICAL ruby VERIFIED
Umbraco CMS < 4.7.1 - Unauthenticated Remote Code Execution via codeEditorSave.asmx SaveDLRScript Path Traversal
Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRScript operation that permits arbitrary file uploads without authentication. By exploiting a path traversal flaw in the fileName parameter, attackers can write malicious ASPX scripts directly into the web-accessible /umbraco/ directory and execute them remotely.
by Metasploit
CVSS 9.8
CVE-2012-0911 EXPLOITDB CRITICAL ruby VERIFIED
TikiWiki CMS/Groupware < 6.7 LTS & < 8.4 - RCE
TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b) tiki-print_pages.php; or (4) sendpages, (5) sendstructures, or (6) sendarticles parameter to tiki-send_objects.php, which is not properly handled when processed by the unserialize function.
by Metasploit
CVSS 9.8
CVE-2012-3996 EXPLOITDB ruby VERIFIED
TikiWiki CMS/Groupware < 8.2 - Exposure of Sensitive Information via Direct Request
TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php.
by Metasploit
EIP-2026-109439 EXPLOITDB text VERIFIED
MGB - Multiple Cross-Site Scripting / SQL Injections
by Stefan Schurtz
EIP-2026-107156 EXPLOITDB text VERIFIED
Flogr - 'tag' Multiple Cross-Site Scripting Vulnerabilities
by Nafsh
CVE-2012-3399 EXPLOITDB ruby VERIFIED
Basilic 1.5.14 - Remote Command Execution via Config/diff.php File Parameter
Config/diff.php in Basilic 1.5.14 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter.
by Metasploit
EIP-2026-102960 EXPLOITDB text
Python - Untrusted Search Path/Code Execution
by rogueclown
CVE-2012-4032 EXPLOITDB text VERIFIED
WebsitePanel < 1.2.2.1 - Open Redirect via ReturnUrl Parameter
Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in ReturnUrl to Default.aspx.
by Anastasios Monachos
CVE-2012-10042 EXPLOITDB HIGH text VERIFIED
Sflog! CMS 1.0 - Authenticated Arbitrary File Upload via Blog Management Interface
Sflog! CMS 1.0 contains an authenticated arbitrary file upload vulnerability in the blog management interface. The application ships with default credentials (admin:secret) and allows authenticated users to upload files via manage.php. The upload mechanism fails to validate file types, enabling attackers to upload a PHP backdoor into a web-accessible directory (blogs/download/uploads/). Once uploaded, the file can be executed remotely, resulting in full remote code execution.
by dun
EIP-2026-119043 EXPLOITDB ruby VERIFIED
Poison Ivy 2.3.2 (C2 Server) - Remote Buffer Overflow (Metasploit)
by Metasploit
EIP-2026-118249 EXPLOITDB python VERIFIED
ALLMediaServer 0.8 - Remote Overflow (SEH)
by motaz reda
EIP-2026-114073 EXPLOITDB text VERIFIED
WordPress Plugin SocialFit - 'msg' Cross-Site Scripting
by Sammy FORGIT
EIP-2026-113856 EXPLOITDB text VERIFIED
WordPress Plugin Knews Multilingual Newsletters - Cross-Site Scripting
by Sammy FORGIT
EIP-2026-113627 EXPLOITDB text VERIFIED
WordPress Plugin church_admin - 'id' Cross-Site Scripting
by Sammy FORGIT
CVE-2012-3350 EXPLOITDB text
Webmatic 3.1.1 - SQL Injection via Referer HTTP Header
SQL injection vulnerability in index.php in Webmatic 3.1.1 allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header.
by High-Tech Bridge SA
EIP-2026-112008 EXPLOITDB text VERIFIED
sflog! - 'section' Local File Inclusion
by dun
EIP-2026-106936 EXPLOITDB text
Event Script PHP 1.1 CMS - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2012-2138 EXPLOITDB text VERIFIED
org.apache.sling.servlets.post < 2.1.2 - Denial of Service via @CopyFrom Operation
The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
by IOactive
CVE-2012-0708 EXPLOITDB ruby VERIFIED
IBM Rational ClearQuest <7.1.1.9, <7.1.2.6, <8.0.0.2 - Buffer Overflow
Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByDbSet function-prototype mismatch.
by Metasploit