Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-0694 EXPLOITDB CRITICAL php
SugarCRM CE <= 6.3.1 - Code Injection
SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code.
by EgiX
CVSS 9.8
EIP-2026-112054 EXPLOITDB text VERIFIED
SilverStripe CMS Pixlr Image Editor - 'upload.php' Arbitrary File Upload
by Sammy FORGIT
EIP-2026-105157 EXPLOITDB text VERIFIED
Amazon S3 Uploadify Script - 'Uploadify.php' Arbitrary File Upload
by Sammy FORGIT
EIP-2026-119427 EXPLOITDB text VERIFIED
SoftPerfect Bandwidth Manager 2.9.10 - Authentication Bypass
by Gitsnik
CVE-2012-0276 EXPLOITDB text VERIFIED
XnView < 1.99 - Heap-Based Buffer Overflow via SGI32LogLum Compressed TIFF Image
Multiple heap-based buffer overflows in XnView before 1.99 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a (1) SGI32LogLum compressed TIFF image or (2) SGI32LogLum compressed TIFF image with the PhotometricInterpretation encoding set to LogL.
by Francis Provencher
CVE-2012-0276 EXPLOITDB text VERIFIED
XnView < 1.99 - Heap-Based Buffer Overflow via SGI32LogLum Compressed TIFF Image
Multiple heap-based buffer overflows in XnView before 1.99 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a (1) SGI32LogLum compressed TIFF image or (2) SGI32LogLum compressed TIFF image with the PhotometricInterpretation encoding set to LogL.
by Francis Provencher
CVE-2012-0277 EXPLOITDB text VERIFIED
XnView < 1.99 - Heap-Based Buffer Overflow via Crafted PCT Image
Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PCT image.
by Francis Provencher
CVE-2012-0282 EXPLOITDB text VERIFIED
XnView < 1.98.8 - Heap-Based Buffer Overflow via GIF ImageDescriptor ImageLeftPosition
Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ImageLeftPosition value in an ImageDescriptor structure in a GIF image.
by Francis Provencher
EIP-2026-116140 EXPLOITDB text
Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) (PoC)
by Debasish Mandal
CVE-2012-2614 EXPLOITDB text VERIFIED
Lattice Diamond Programmer 1.4.2 - Buffer Overflow
Buffer overflow in programmer.exe in Lattice Diamond Programmer 1.4.2 allows user-assisted remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long string in a version attribute of an ispXCF element in an .xcf file.
by Core Security
EIP-2026-114846 EXPLOITDB text VERIFIED
ACDSee PRO 5.1 - '.RLE' Image Processing Heap Overflow
by Francis Provencher
EIP-2026-114845 EXPLOITDB text VERIFIED
ACDSee PRO 5.1 - '.PCT' Image Processing Heap Overflow
by Francis Provencher
EIP-2026-114844 EXPLOITDB text VERIFIED
ACDSee PRO 5.1 - '.gif' Image Processing Heap Overflow
by Francis Provencher
EIP-2026-114843 EXPLOITDB text VERIFIED
ACDSee PRO 5.1 - '.CUR' Image Processing Heap Overflow
by Francis Provencher
EIP-2026-109140 EXPLOITDB text VERIFIED
LimeSurvey 1.92+ build120620 - Multiple Vulnerabilities
by dun
EIP-2026-106176 EXPLOITDB text VERIFIED
Cotonti - 'admin.php' SQL Injection
by AkaStep
EIP-2026-105977 EXPLOITDB text VERIFIED
CMS Lokomedia - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
by the_cyber_nuxbie
EIP-2026-105024 EXPLOITDB text VERIFIED
agora project 2.13.1 - Multiple Vulnerabilities
by Chris Russell
CVE-2012-2172 EXPLOITDB text
IBM DS Storage Manager Host Software < 10.83 - Cross-Site Scripting via SoftwareRegistration.do updateRegn Parameter
Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote attackers to inject arbitrary web script or HTML via the updateRegn parameter.
by LiquidWorm
EIP-2026-118273 EXPLOITDB ruby VERIFIED
Apple iTunes 10.6.1.7 - Extended m3u Stack Buffer Overflow (Metasploit)
by Rh0
EIP-2026-118042 EXPLOITDB c VERIFIED
URL Hunter - Local Buffer Overflow (DEP Bypass)
by Ayrbyte
EIP-2026-112786 EXPLOITDB text VERIFIED
traq 2.3.5 - Multiple Vulnerabilities
by AkaStep
EIP-2026-108557 EXPLOITDB text VERIFIED
Joomla! Component com_szallasok - 'id' SQL Injection
by CoBRa_21
EIP-2026-106079 EXPLOITDB text
Commentics 2.0 - Multiple Vulnerabilities
by Jean Pascal Pereira
EIP-2026-104952 EXPLOITDB text VERIFIED
Adiscan LogAnalyzer 3.4.3 - Cross-Site Scripting
by Sooraj K.S