Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-108673 EXPLOITDB html VERIFIED
Joomla! Component IDoEditor - 'image.php' Arbitrary File Upload
by Sammy FORGIT
CVE-2012-0677 EXPLOITDB python VERIFIED
Apple iTunes <10.6.3 - Buffer Overflow
Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist.
by LiquidWorm
CVE-2012-1493 EXPLOITDB ruby VERIFIED
F5 BIG-IP Multiple Versions - Unauthenticated SSH Login via Shared Private Key
F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option.
by Metasploit
EIP-2026-115814 EXPLOITDB text VERIFIED
Microsoft Windows OpenType Font - File Format Denial of Service
by Cr4sh
EIP-2026-114470 EXPLOITDB php VERIFIED
XOOPS Cube PROJECT FileManager - 'xupload.php' Arbitrary File Upload
by KedAns-Dz
EIP-2026-113654 EXPLOITDB php VERIFIED
WordPress Plugin Contus Video Gallery - 'upload1.php' Arbitrary File Upload
by Sammy FORGIT
CVE-2012-0297 EXPLOITDB ruby VERIFIED
Symantec Web Gateway < 5.0.3 - Remote Code Execution via Management GUI Script Access
The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.
by Metasploit
EIP-2026-108791 EXPLOITDB php VERIFIED
Joomla! Component mod_artuploader - 'upload.php' Arbitrary File Upload
by Sammy FORGIT
EIP-2026-108629 EXPLOITDB php VERIFIED
Joomla! Component Easy Flash Uploader - 'helper.php' Arbitrary File Upload
by Sammy FORGIT
EIP-2026-108621 EXPLOITDB php VERIFIED
Joomla! Component DentroVideo 1.2 - 'upload.php' Arbitrary File Upload
by Sammy FORGIT
EIP-2026-108544 EXPLOITDB php VERIFIED
Joomla! Component com_simpleswfupload - 'uploadhandler.php' Arbitrary File Upload
by Sammy FORGIT
CVE-2012-2122 EXPLOITDB python VERIFIED
Oracle MySQL 5.1.x < 5.1.63, 5.5.x < 5.5.24, 5.6.x < 5.6.6 - Authentication Bypass via Repeated Failed Authentication
sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.
by David Kennedy (ReL1K)
CVE-2012-1493 EXPLOITDB python VERIFIED
F5 BIG-IP Multiple Versions - Unauthenticated SSH Login via Shared Private Key
F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option.
by David Kennedy (ReL1K)
CVE-2012-0013 EXPLOITDB ruby VERIFIED
MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability
Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."
by Metasploit
CVE-2012-6649 EXPLOITDB CRITICAL text VERIFIED
WordPress WP GPX Maps Plugin 1.1.21 - Remote Code Execution via Unrestricted File Upload
WordPress WP GPX Maps Plugin 1.1.21 allows remote attackers to execute arbitrary PHP code via improper file upload.
by Adrien Thierry
CVSS 9.8
EIP-2026-114155 EXPLOITDB text VERIFIED
WordPress Plugin User Meta 1.1.1 - Arbitrary File Upload
by Adrien Thierry
EIP-2026-114121 EXPLOITDB text VERIFIED
WordPress Plugin Top Quark Architecture 2.10 - Arbitrary File Upload
by Adrien Thierry
EIP-2026-114036 EXPLOITDB text VERIFIED
WordPress Plugin SfBrowser 1.4.5 - Arbitrary File Upload
by Adrien Thierry
EIP-2026-113960 EXPLOITDB text VERIFIED
WordPress Plugin Pica Photo Gallery 1.0 - Arbitrary File Upload
by Adrien Thierry
EIP-2026-113874 EXPLOITDB text VERIFIED
WordPress Plugin Mac Photo Gallery 2.7 - Arbitrary File Upload
by Adrien Thierry
EIP-2026-113691 EXPLOITDB text VERIFIED
WordPress Plugin drag and drop file upload 0.1 - Arbitrary File Upload
by Adrien Thierry
EIP-2026-113674 EXPLOITDB text VERIFIED
WordPress Plugin Custom Content Type Manager 0.9.5.13-pl - Arbitrary File Upload
by Adrien Thierry
EIP-2026-112646 EXPLOITDB php
TheBlog 2.0 - Multiple Vulnerabilities
by WhiteCollarGroup
EIP-2026-108752 EXPLOITDB php VERIFIED
Joomla! Component Joomsport - SQL Injection / Arbitrary File Upload
by KedAns-Dz
EIP-2026-105875 EXPLOITDB text VERIFIED
ClanSuite 2.9 - Arbitrary File Upload
by Adrien Thierry