Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-116265 EXPLOITDB perl VERIFIED
Solar FTP Server - Denial of Service
by coolkaveh
EIP-2026-113959 EXPLOITDB text VERIFIED
WordPress Plugin PHPFreeChat - 'url' Cross-Site Scripting
by Sammy FORGIT
EIP-2026-107521 EXPLOITDB text
Guestbook Scripts PHP 1.5 - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-107240 EXPLOITDB text
Freeside SelfService CGI/API 2.3.3 - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-105955 EXPLOITDB text
CLscript CMS 3.0 - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2012-3375 EXPLOITDB c VERIFIED
Linux Kernel < 3.2.24 - Denial of Service via EPOLL_CTL_ADD Circular Dependency
The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083.
by Yurij M. Plotnikov
CVE-2012-3996 EXPLOITDB php VERIFIED
TikiWiki CMS/Groupware < 8.2 - Exposure of Sensitive Information via Direct Request
TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php.
by EgiX
EIP-2026-114819 EXPLOITDB text VERIFIED
.NET Framework - Tilde Character Denial of Service
by Soroush Dalili
EIP-2026-113905 EXPLOITDB text VERIFIED
WordPress Plugin MoodThingy Widget 0.8.7 - Blind SQL Injection
by Chris Kellum
EIP-2026-113307 EXPLOITDB text VERIFIED
Webify Link Directory - SQL Injection
by Daniel Godoy
CVE-2012-0911 EXPLOITDB CRITICAL php VERIFIED
TikiWiki CMS/Groupware < 6.7 LTS & < 8.4 - RCE
TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b) tiki-print_pages.php; or (4) sendpages, (5) sendstructures, or (6) sendarticles parameter to tiki-send_objects.php, which is not properly handled when processed by the unserialize function.
by EgiX
CVSS 9.8
EIP-2026-105890 EXPLOITDB text VERIFIED
Classified Ads Script PHP - 'admin.php' Multiple SQL Injections
by snup
CVE-2012-10051 EXPLOITDB HIGH text VERIFIED
Photodex ProShow Producer <5.0.3256 - Buffer Overflow
Photodex ProShow Producer version 5.0.3256 contains a stack-based buffer overflow vulnerability in the handling of plugin load list files. When a specially crafted load file is placed in the installation directory, the application fails to properly validate its contents, leading to a buffer overflow when the file is parsed during startup. Exploitation requires local access to place the file and user interaction to launch the application.
by Julien Ahrens
EIP-2026-113677 EXPLOITDB text VERIFIED
WordPress Plugin custom tables - 'key' Cross-Site Scripting
by Sammy FORGIT
EIP-2026-111143 EXPLOITDB text VERIFIED
phpMyBackupPro 2.2 - Local File Inclusion
by dun
EIP-2026-110724 EXPLOITDB text VERIFIED
PHP MBB - Cross-Site Scripting / SQL Injection
by TheCyberNuxbie
EIP-2026-107465 EXPLOITDB text
gpEasy CMS Minishop 1.5 Plugin - Persistent Cross-Site Scripting
by Carlos Mario Penagos Hollmann
EIP-2026-105954 EXPLOITDB text
CLscript Classified Script 3.0 - SQL Injection
by Daniel Godoy
EIP-2026-103635 EXPLOITDB text VERIFIED
plow - '.plowrc' File Buffer Overflow
by Jean Pascal Pereira
CVE-2012-2738 EXPLOITDB text VERIFIED
VteTerminal < 0.32.2 - Authenticated Denial of Service via Escape Sequence with Large Repeat Count
The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value.
by Kevin Fenzi
EIP-2026-119404 EXPLOITDB text VERIFIED
Microsoft IIS - Short File/Folder Name Disclosure
by Soroush Dalili
EIP-2026-116665 EXPLOITDB perl VERIFIED
Zoom Player - '.avi' Divide-by-Zero Denial of Service
by Dark-Puzzle
EIP-2026-113581 EXPLOITDB text VERIFIED
WordPress Plugin Backup 2.0.1 - Information Disclosure
by Stephan Knauss
EIP-2026-107400 EXPLOITDB php VERIFIED
Getsimple CMS Items Manager Plugin - 'PHP.php' Arbitrary File Upload
by Sammy FORGIT
EIP-2026-102963 EXPLOITDB text VERIFIED
python-wrapper - Untrusted Search Path/Code Execution
by ShadowHatesYou