Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-118550 EXPLOITDB ruby VERIFIED
FlexNet License Server Manager - lmgrd Buffer Overflow (Metasploit)
by Metasploit
CVE-2012-0289 EXPLOITDB text
Symantec Endpoint Protection/SNAC <11.0.710x - Privilege Escalation
Buffer overflow in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.710x and Symantec Network Access Control (SNAC) 11.0.600x through 11.0.710x allows local users to gain privileges, and modify data or cause a denial of service, via a crafted script.
by 41.w4r10r
EIP-2026-114517 EXPLOITDB text VERIFIED
Yellow Duck Framework 2.0 Beta1 - Local File Disclosure
by L3b-r1'z
EIP-2026-111848 EXPLOITDB text VERIFIED
Ruubikcms 1.1.x - Cross-Site Scripting / Information Disclosure / Directory Traversal
by AkaStep
CVE-2012-2452 EXPLOITDB MEDIUM text VERIFIED
pragmaMx 1.0-1.12.1 - Cross-Site Scripting via Name Parameter or Image URL
Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx 1.x before 1.12.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to modules.php or (2) img_url to includes/wysiwyg/spaw/editor/plugins/imgpopup/img_popup.php.
by High-Tech Bridge SA
CVSS 6.1
CVE-2012-2452 EXPLOITDB MEDIUM text VERIFIED
pragmaMx 1.0-1.12.1 - Cross-Site Scripting via Name Parameter or Image URL
Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx 1.x before 1.12.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to modules.php or (2) img_url to includes/wysiwyg/spaw/editor/plugins/imgpopup/img_popup.php.
by High-Tech Bridge SA
CVSS 6.1
CVE-2012-2436 EXPLOITDB text VERIFIED
Pligg CMS < 1.2.2 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter in a move or (2) minimize action to admin/admin_index.php; (3) the karma_username parameter to module.php in the karma module; (4) q_1_low, (5) q_1_high, (6) q_2_low, or (7) q_2_high parameter in a configure action to module.php in the captcha module; or (8) the edit parameter to module.php in the admin_language module.
by High-Tech Bridge SA
EIP-2026-111019 EXPLOITDB text VERIFIED
phpCollab 2.5 - Database Backup Information Disclosure
by team ' & 1=1--
EIP-2026-105059 EXPLOITDB text VERIFIED
Ajaxmint Gallery 1.0 - Local File Inclusion
by AkaStep
CVE-2007-5762 EXPLOITDB python VERIFIED
Novell NetWare Client 4.91 SP4 - Local Privilege Escalation via NICM.SYS IOCTL
NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, allows local users to execute arbitrary code by opening the \\.\nicm device and providing crafted kernel addresses via IOCTLs with the METHOD_NEITHER buffering mode.
by sickness
CVE-2007-6587 EXPLOITDB text VERIFIED
Plogger 1.0 Beta 3.0 - SQL Injection
SQL injection vulnerability in plog-rss.php in Plogger 1.0 Beta 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Eyup CELIK
CVE-2012-2385 EXPLOITDB text VERIFIED
mosh < 1.2.1 - Authenticated Denial of Service via Escape Sequence with Large Repeat Count
The terminal dispatcher in mosh before 1.2.1 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value.
by Timo Juhani Lindfors
CVE-2012-4361 EXPLOITDB ruby VERIFIED
HP SAN/iQ < 9.5 - Authenticated OS Command Injection via Ping Parameter
lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the second parameter.
by Metasploit
CVE-2009-0837 EXPLOITDB ruby VERIFIED
Foxit Reader <3.0 Build 1506 - Buffer Overflow
Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, including 1120 and 1301, allows remote attackers to execute arbitrary code via a long (1) relative path or (2) absolute path in the filename argument in an action, as demonstrated by the "Open/Execute a file" action.
by Metasploit
CVE-2012-2940 EXPLOITDB ruby VERIFIED
MediaChance Real-DRAW PRO 5.2.4 - DoS
MediaChance Real-DRAW PRO 5.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted (1) PNG, (2) WMF, (3) PSD, (4) TGA, (5) TTF, (6) BMP, (7) TIFF, or (8) PCX file.
by Ahmed Elhady Mohamed
EIP-2026-115174 EXPLOITDB ruby VERIFIED
DVD-Lab Studio 1.25 - '.DAL' File Open Crash
by Ahmed Elhady Mohamed
CVE-2012-2941 EXPLOITDB text VERIFIED
Yandex.Server 2010 9.0 Enterprise - XSS
Cross-site scripting (XSS) vulnerability in search/ in Yandex.Server 2010 9.0 Enterprise allows remote attackers to inject arbitrary web script or HTML via the text parameter.
by MustLive
CVE-2012-6557 EXPLOITDB text VERIFIED
AboutMe plugin 1.1.1 for Vanilla Forums - Stored Cross-Site Scripting via Edit My Details Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the AboutMe plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the (1) AboutMe/RealName, (2) AboutMe/Name, (3) AboutMe/Quote, (4) AboutMe/Loc, (5) AboutMe/Emp, (6) AboutMe/JobTit, (7) AboutMe/HS, (8) AboutMe/Col, (9) AboutMe/Bio, (10) AboutMe/Inter, (11) AboutMe/Mus, (12) AboutMe/Gam, (13) AboutMe/Mov, (14) AboutMe/FTV, or (15) AboutMe/Bks parameter to the Edit My Details page. NOTE: some of these details are obtained from third party information.
by Henry Hoggard
CVE-2012-6556 EXPLOITDB text VERIFIED
FirstLastNames 1.1.1 - Cross-Site Scripting via User FirstName or LastName Parameter
Multiple cross-site scripting (XSS) vulnerabilities in the FirstLastNames plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the (1) User/FirstName or (2) User/LastName parameter to the edit user page. NOTE: some of these details are obtained from third party information.
by Henry Hoggard
EIP-2026-112491 EXPLOITDB php VERIFIED
Supernews 2.6.1 - SQL Injection
by WhiteCollarGroup
EIP-2026-111074 EXPLOITDB text VERIFIED
PHPhq.Net phAlbum 1.5.1 - 'index.php' Cross-Site Scripting
by Eyup CELIK
EIP-2026-104663 EXPLOITDB php VERIFIED
PHP 5.4.3 - wddx_serialize_* / stream_bucket_* Variant Object Null Ptr Dereference
by condis
EIP-2026-104662 EXPLOITDB php VERIFIED
PHP 5.4.3 - 'com_event_sink' Denial of Service
by condis
CVE-2012-4362 EXPLOITDB ruby VERIFIED
HP SAN/iQ < 9.5 - Unauthenticated Remote Access via Hardcoded Password
hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838.
by Metasploit
EIP-2026-100099 EXPLOITDB text VERIFIED
Acuity CMS 2.6.2 - '/admin/file_manager/file_upload_submit.asp' Multiple Arbitrary File Upload / Code Executions
by Aung Khant