Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-114505 EXPLOITDB text VERIFIED
Yamamah Photo Gallery 1.1 - Database Information Disclosure
by L3b-r1'z
EIP-2026-110784 EXPLOITDB text VERIFIED
PHP Volunteer Management System 1.0.2 - Multiple SQL Injections
by loneferret
EIP-2026-110509 EXPLOITDB text VERIFIED
PBBoard 2.1.4 - Local File Inclusion
by n4ss1m
CVE-2012-0297 EXPLOITDB ruby VERIFIED
Symantec Web Gateway < 5.0.3 - Remote Code Execution via Management GUI Script Access
The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.
by Metasploit
CVE-2011-10011 EXPLOITDB CRITICAL ruby VERIFIED
WeBid < 1.0.2 - Unauthenticated Remote Code Execution via Converter.php to Parameter
WeBid 1.0.2 contains a remote code injection vulnerability in the converter.php script, where unsanitized input in the to parameter of a POST request is written directly into includes/currencies.php. This allows unauthenticated attackers to inject arbitrary PHP code, resulting in persistent remote code execution when the modified script is accessed or included by the application.
by Metasploit
CVE-2011-10010 EXPLOITDB CRITICAL ruby VERIFIED
QuickShare File Server 1.2.1 - Path Traversal
QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit this flaw by submitting crafted sequences to access or write files outside the intended virtual directory. When the "Writable" option is enabled (default during account creation), this allows attackers to upload arbitrary files to privileged locations such as system32, enabling remote code execution via MOF injection or executable placement.
by Metasploit
EIP-2026-109935 EXPLOITDB text VERIFIED
Nilehoster Topics Viewer 2.3 - Multiple SQL Injections / Local File Inclusion
by n4ss1m
EIP-2026-105358 EXPLOITDB text VERIFIED
b2ePms 1.0 - Multiple SQL Injection Vulnerabilities
by loneferret
EIP-2026-105346 EXPLOITDB text VERIFIED
AzDGDatingMedium 1.9.3 - Multiple Remote Vulnerabilities
by AkaStep
EIP-2026-112224 EXPLOITDB php VERIFIED
Small-Cms - 'hostname' Remote PHP Code Injection
by L3b-r1'z
EIP-2026-111113 EXPLOITDB text VERIFIED
phpList 2.10.9 - 'Sajax.php' PHP Code Injection
by L3b-r1'z
CVE-2012-0297 EXPLOITDB python VERIFIED
Symantec Web Gateway < 5.0.3 - Remote Code Execution via Management GUI Script Access
The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.
by muts
CVE-2012-10058 EXPLOITDB CRITICAL ruby VERIFIED
RabidHamster R4 v1.25 - Buffer Overflow
RabidHamster R4 v1.25 contains a stack-based buffer overflow vulnerability due to unsafe use of sprintf() when logging malformed HTTP requests. A remote attacker can exploit this flaw by sending a specially crafted URI, resulting in arbitrary code execution under the context of the web server process.
by Metasploit
CVE-2008-0320 EXPLOITDB ruby VERIFIED
OpenOffice OLE Importer DocumentSummaryInformation Stream Handling Overflow
Heap-based buffer overflow in the OLE importer in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an OLE file with a crafted DocumentSummaryInformation stream.
by Metasploit
EIP-2026-115012 EXPLOITDB php VERIFIED
bsnes 0.87 - Local Denial of Service
by Yakir Wizman
EIP-2026-106608 EXPLOITDB text VERIFIED
DynPage 1.0 - 'ckfinder' Multiple Arbitrary File Upload Vulnerabilities
by KedAns-Dz
CVE-2012-1153 EXPLOITDB ruby VERIFIED
appRain CMF <= 0.1.5 - Unauthenticated Arbitrary File Upload and Remote Code Execution
Unrestricted file upload vulnerability in addons/uploadify/uploadify.php in appRain CMF 0.1.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory.
by Metasploit
EIP-2026-102155 EXPLOITDB ruby VERIFIED
Apple iOS 5.1.1 Safari Browser - 'JS match()' / 'search()' Crash (PoC)
by Alberto Ortega
EIP-2026-111020 EXPLOITDB text VERIFIED
phpCollab 2.5 - Direct Request Multiple Protected Page Access
by team ' & 1=1--
EIP-2026-111018 EXPLOITDB text VERIFIED
PHPCollab 2.5 - 'uploadfile.php' Crafted Request Arbitrary Non-PHP File Upload
by team ' & 1=1--
CVE-2012-2952 EXPLOITDB text
Jaow < 2.4.5 - SQL Injection via add_ons Parameter
SQL injection vulnerability in add_ons.php in Jaow 2.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the add_ons parameter.
by kallimero
CVE-2012-3826 EXPLOITDB text VERIFIED
Wireshark 1.4.x < 1.4.13 and 1.6.x < 1.6.8 - Denial of Service via R3 Dissector Integer Underflow
Multiple integer underflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (loop) via vectors related to the R3 dissector, a different vulnerability than CVE-2012-2392.
by Laurent Butti
CVE-2012-2394 EXPLOITDB text VERIFIED
Wireshark <1.4.13 & 1.6.x <1.6.8 - DoS
Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet.
by Klaus Heckelmann
CVE-2012-2393 EXPLOITDB text VERIFIED
Wireshark 1.4.x < 1.4.13 and 1.6.x < 1.6.8 - Denial of Service in DIAMETER Dissector
epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers incorrect memory allocation.
by Wireshark
CVE-2012-2760 EXPLOITDB text VERIFIED
mod_auth_openid <0.7 - Info Disclosure
mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
by Peter Ellehauge