Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-2915 EXPLOITDB ruby VERIFIED
Lattice Semiconductor PAC-Designer <6.2.1344 - Buffer Overflow
Stack-based buffer overflow in Lattice Semiconductor PAC-Designer 6.2.1344 allows remote attackers to execute arbitrary code via a long string in a Value tag in a SymbolicSchematicData definition tag in PAC Design (.pac) file.
by Metasploit
CVE-2012-2698 EXPLOITDB text VERIFIED
MediaWiki <1.17.5, <1.18.4, <1.19.1 - XSS
Cross-site scripting (XSS) vulnerability in the outputPage function in includes/SkinTemplate.php in MediaWiki before 1.17.5, 1.18.x before 1.18.4, and 1.19.x before 1.19.1 allows remote attackers to inject arbitrary web script or HTML via the uselang parameter to index.php/Main_page.
by anonymous
EIP-2026-108672 EXPLOITDB php VERIFIED
Joomla! Component hwdVideoShare - 'flash_upload.php' Arbitrary File Upload
by Sammy FORGIT
EIP-2026-107309 EXPLOITDB text VERIFIED
Funeral Script PHP - Cross-Site Scripting / SQL Injection
by snup
CVE-2012-6666 EXPLOITDB MEDIUM text VERIFIED
vBSeo < 3.8.7 - Cross-Site Scripting via member.php u Parameter
vBSeo before 3.6.0PL2 allows XSS via the member.php u parameter.
by MegaMan
CVSS 6.1
CVE-2012-1889 EXPLOITDB HIGH ruby VERIFIED
Microsoft XML Core Services 3.0, 4.0, 5.0, 6.0 - Remote Code Execution via Uninitialized Memory Access
Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
by Metasploit
CVSS 8.8
EIP-2026-116622 EXPLOITDB text VERIFIED
XnView - '.RAS' Image Processing Heap Overflow
by Francis Provencher
EIP-2026-116621 EXPLOITDB text VERIFIED
XnView - '.FlashPix' Image Processing Heap Overflow
by Francis Provencher
EIP-2026-116620 EXPLOITDB text VERIFIED
XnView - '.ECW' Image Processing Heap Overflow
by Francis Provencher
EIP-2026-115499 EXPLOITDB perl VERIFIED
Karafun Player 1.20.86 - '.m3u' Crash (PoC)
by Styxosaurus
EIP-2026-113576 EXPLOITDB text VERIFIED
WordPress Plugin Automatic 2.0.3 - SQL Injection
by nick58
EIP-2026-113333 EXPLOITDB text VERIFIED
webo site speedup 1.6.1 - Multiple Vulnerabilities
by dun
EIP-2026-113303 EXPLOITDB text VERIFIED
Webify (Multiple Products) - Multiple HTML Injection / Local File Inclusions
by snup
EIP-2026-112087 EXPLOITDB text VERIFIED
Simple Document Management System 1.1.5 - Multiple SQL Injections
by JosS
EIP-2026-110683 EXPLOITDB text VERIFIED
PHP Decoda 3.3.1 - Local File Inclusion
by Number 7
EIP-2026-109987 EXPLOITDB text VERIFIED
Nuked Klan SP CMS 4.5 - SQL Injection
by Vulnerability-Lab
EIP-2026-109909 EXPLOITDB text VERIFIED
News Script PHP 1.2 - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-108778 EXPLOITDB php VERIFIED
Joomla! Component Maian Media - 'uploadhandler.php' Arbitrary File Upload
by Sammy FORGIT
EIP-2026-107958 EXPLOITDB text VERIFIED
iScripts EasyCreate 2.0 - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-101786 EXPLOITDB text
Huawei HG866 - Authentication Bypass
by hkm
CVE-2012-10055 EXPLOITDB CRITICAL ruby VERIFIED
ComSndFTP FTP Server <1.3.7 Beta - Code Injection
ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command. By sending a specially crafted username containing format specifiers, a remote attacker can overwrite a hardcoded function pointer in memory (specifically WSACleanup from Ws2_32.dll). This allows the attacker to redirect execution flow and bypass DEP protections using a ROP chain, ultimately leading to arbitrary code execution. The vulnerability is exploitable without authentication and affects default configurations.
by Metasploit
EIP-2026-118002 EXPLOITDB ruby VERIFIED
TFM MMPlayer - '.m3u' / '.ppl' Local Buffer Overflow (Metasploit)
by Metasploit
EIP-2026-113944 EXPLOITDB text VERIFIED
WordPress Plugin ORGanizer - Multiple Vulnerabilities
by MustLive
EIP-2026-112932 EXPLOITDB python VERIFIED
Useresponse 1.0.2 - Privilege Escalation / Remote Code Execution
by mr_me
EIP-2026-108690 EXPLOITDB text VERIFIED
Joomla! Component JCal Pro Calendar - SQL Injection
by Taurus Omar