Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-110914 EXPLOITDB python VERIFIED
phpAcounts 0.5.3 - SQL Injection
by loneferret
CVE-2012-10064 EXPLOITDB CRITICAL php VERIFIED
Omni Secure Files < 0.1.14 - Unauthenticated Arbitrary File Upload via plupload Example Endpoint
Omni Secure Files plugin versions prior to 0.1.14 contain an arbitrary file upload vulnerability in the bundled plupload example endpoint. The /wp-content/plugins/omni-secure-files/plupload/examples/upload.php handler allows unauthenticated uploads without enforcing safe file type restrictions, enabling an attacker to place attacker-controlled files under the plugin's uploads directory. This can lead to remote code execution if a server-executable file type is uploaded and subsequently accessed.
by Adrien Thierry
CVE-2012-2915 EXPLOITDB python VERIFIED
Lattice Semiconductor PAC-Designer <6.2.1344 - Buffer Overflow
Stack-based buffer overflow in Lattice Semiconductor PAC-Designer 6.2.1344 allows remote attackers to execute arbitrary code via a long string in a Value tag in a SymbolicSchematicData definition tag in PAC Design (.pac) file.
by b33f
EIP-2026-114175 EXPLOITDB php VERIFIED
WordPress Plugin VideoWhisper Video Presentation 3.17 - 'vw_upload.php' Arbitrary File Upload
by Sammy FORGIT
EIP-2026-113771 EXPLOITDB php VERIFIED
WordPress Plugin Front End Upload 0.5.3 - Arbitrary File Upload
by Adrien Thierry
CVE-2012-3578 EXPLOITDB php VERIFIED
FCChat Widget < 2.2.13.1 - Unauthenticated Arbitrary File Upload via HTML Upload Endpoint
Unrestricted file upload vulnerability in html/Upload.php in the FCChat Widget plugin 2.2.13.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in html/images.
by Sammy FORGIT
EIP-2026-113718 EXPLOITDB text VERIFIED
WordPress Plugin Email NewsLetter 8.0 - 'option' Information Disclosure
by Sammy FORGIT
EIP-2026-112258 EXPLOITDB text VERIFIED
SN News 1.2 - '/admin/loger.php' Authentication Bypass
by Yakir Wizman
EIP-2026-111175 EXPLOITDB php VERIFIED
PHPNet 1.8 - 'ler.php' SQL Injection
by WhiteCollarGroup
CVE-2011-3400 EXPLOITDB ruby VERIFIED
Microsoft Windows XP <SP2-SP3 & Server 2003 <SP2 - RCE
Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability."
by Metasploit
EIP-2026-114948 EXPLOITDB python VERIFIED
Audio Editor Master 5.4.1.217 - Denial of Service
by Onying
CVE-2012-3574 EXPLOITDB php VERIFIED
MM Forms Community 2.2.5-2.2.6 - Unauthenticated Arbitrary File Upload via doajaxfileupload.php
Unrestricted file upload vulnerability in includes/doajaxfileupload.php in the MM Forms Community plugin 2.2.5 and 2.2.6 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/temp.
by Sammy FORGIT
EIP-2026-113779 EXPLOITDB php VERIFIED
WordPress Plugin Gallery 3.06 - Arbitrary File Upload
by Sammy FORGIT
CVE-2012-3814 EXPLOITDB php VERIFIED
Font Uploader 1.2.4 - Unauthenticated Arbitrary PHP File Upload via .php.ttf Extension
Unrestricted file upload vulnerability in font-upload.php in the Font Uploader plugin 1.2.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a .php.ttf extension, then accessing it via a direct request to the file in font-uploader/fonts.
by Sammy FORGIT
EIP-2026-112965 EXPLOITDB text VERIFIED
vanilla kpoll plugin 1.2 - Persistent Cross-Site Scripting
by Henry Hoggard
EIP-2026-112259 EXPLOITDB php VERIFIED
SN News 1.2 - 'visualiza.php' SQL Injection
by WhiteCollarGroup
EIP-2026-109695 EXPLOITDB text VERIFIED
MyBB 1.6.8 - 'member.php' SQL Injection
by MR.XpR
CVE-2012-10027 EXPLOITDB CRITICAL php VERIFIED
WP-Property < 1.35.0 - Unauthenticated Arbitrary File Upload via uploadify.php
WP-Property plugin for WordPress up to and including version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party `uploadify.php` script. A remote attacker can upload arbitrary PHP files to a temporary directory without authentication, leading to remote code execution.
by Sammy FORGIT
CVE-2012-10026 EXPLOITDB CRITICAL php VERIFIED
WordPress Plugin Asset-Manager < 2.0 - Unauthenticated Arbitrary File Upload via upload.php
The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary file upload vulnerability in upload.php. The endpoint fails to properly validate and restrict uploaded file types, allowing remote attackers to upload malicious PHP scripts to a predictable temporary directory. Once uploaded, the attacker can execute the file via a direct HTTP GET request, resulting in remote code execution under the web server’s context.
by Sammy FORGIT
EIP-2026-119129 EXPLOITDB ruby VERIFIED
Sielco Sistemi Winlog 2.07.16 - Remote Buffer Overflow
by m-1-k-3
EIP-2026-113881 EXPLOITDB php VERIFIED
WordPress Plugin Marketplace Plugin 1.5.0 < 1.6.1 - Arbitrary File Upload
by Sammy FORGIT
EIP-2026-113812 EXPLOITDB php VERIFIED
WordPress Plugin HTML5 AV Manager 0.2.7 - Arbitrary File Upload
by Sammy FORGIT
EIP-2026-113796 EXPLOITDB php VERIFIED
WordPress Plugin Google Maps via Store Locator 2.7.1 < 3.0.1 - Multiple Vulnerabilities
by Sammy FORGIT
EIP-2026-113768 EXPLOITDB php VERIFIED
WordPress Plugin Foxypress 0.4.1.1 < 0.4.2.1 - Arbitrary File Upload
by Sammy FORGIT
EIP-2026-111604 EXPLOITDB text
pyrocms 2.1.1 - Multiple Vulnerabilities
by LiquidWorm