Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-100098 EXPLOITDB text VERIFIED
Acuity CMS 2.6.2 - '/admin/file_manager/browse.asp?path' Traversal Arbitrary File Access
by Aung Khant
EIP-2026-106129 EXPLOITDB text VERIFIED
Concrete5 CMS FlashUploader - Arbitrary '.SWF' File Upload
by AkaStep
EIP-2026-106122 EXPLOITDB perl VERIFIED
Concrete CMS < 5.5.21 - Multiple Vulnerabilities
by AkaStep
EIP-2026-105341 EXPLOITDB text VERIFIED
AZ Photo Album - Cross-Site Scripting / Arbitrary File Upload
by Eyup CELIK
CVE-2012-6559 EXPLOITDB text
FreeNAC 3.02 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in FreeNAC 3.02 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) mac, (3) graphtype, (4) name, or (5) type parameter to stats.php; or (6) comment parameter to deviceadd.php.
by blake
CVE-2008-3257 EXPLOITDB ruby VERIFIED
Oracle WebLogic Server <10.3 - Buffer Overflow
Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
by Metasploit
EIP-2026-110639 EXPLOITDB text VERIFIED
PHP Address Book 7.0.0 - Multiple Vulnerabilities
by Stefan Schurtz
CVE-2012-6560 EXPLOITDB text
FreeNAC 3.02 - SQL Injection via Device Add Status Parameter
SQL injection vulnerability in deviceadd.php in FreeNAC 3.02 allows remote attackers to execute arbitrary SQL commands via the status parameter.
by blake
CVE-2012-6554 EXPLOITDB ruby VERIFIED
activeCollab Chat Module < 1.5.2 - Authenticated Remote Code Execution via Message Text Parameter
functions/html_to_text.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the message[message_text] parameter to chat/add_messag, which is not properly handled when executing the preg_replace function with the eval switch.
by Metasploit
EIP-2026-104087 EXPLOITDB ruby VERIFIED
Squiggle 1.7 - SVG Browser Java Code Execution (Metasploit)
by Metasploit
CVE-2012-0181 EXPLOITDB text VERIFIED
Windows 7 and Windows Server 2008 - Privilege Escalation via Keyboard Layout File
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability."
by Cr4sh
CVE-2012-6555 EXPLOITDB text VERIFIED
LatestComment 1.1 - Cross-Site Scripting via Discussion Title
Cross-site scripting (XSS) vulnerability in the LatestComment plugin 1.1 for Vanilla Forums allows remote attackers to inject arbitrary web script or HTML via the discussion title.
by Henry Hoggard
CVE-2012-2271 EXPLOITDB text VERIFIED
SkinCrafter 3.0 - Buffer Overflow via InitLicenKeys reg_name Argument
Buffer overflow in the InitLicenKeys function in a certain ActiveX control in SkinCrafter3_vs2005.dll in SkinCrafter 3.0 allows remote attackers to execute arbitrary code via a long string in the first argument (aka the reg_name argument).
by saurabh sharma
EIP-2026-110638 EXPLOITDB text VERIFIED
PHP Address Book 7.0 - Multiple Cross-Site Scripting Vulnerabilities
by Stefan Schurtz
CVE-2012-2906 EXPLOITDB text VERIFIED
Artiphp CMS 5.5.0 Neo - Cross-Site Scripting via artpublic/recommandation/index.php Parameters
Multiple cross-site scripting (XSS) vulnerabilities in artpublic/recommandation/index.php in Artiphp CMS 5.5.0 Neo (r422) allow remote attackers to inject arbitrary web script or HTML via the (1) add_img_name_post, (2) asciiart_post, (3) expediteur, (4) titre_sav, or (5) z39d27af885b32758ac0e7d4014a61561 parameter.
by Gjoko Krstic
EIP-2026-102459 EXPLOITDB text VERIFIED
Atlassian JIRA FishEye 2.5.7 / Crucible 2.5.7 Plugins - XML Parsing Security
by anonymous
CVE-2012-2926 EXPLOITDB CRITICAL text VERIFIED
Atlassian Bamboo < 3.3.4 - XML External Entity Injection
Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
by anonymous
CVSS 9.1
CVE-2012-2914 EXPLOITDB text VERIFIED
Unijimpe Captcha - Cross-Site Scripting via PATH_INFO
Cross-site scripting (XSS) vulnerability in captchademo.php in Unijimpe Captcha allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
by Daniel Godoy
CVE-2012-2910 EXPLOITDB text VERIFIED
SiliSoftware phpThumb() <1.7.11 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in SiliSoftware phpThumb() 1.7.11 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter to demo/phpThumb.demo.random.php or (2) title parameter to demo/phpThumb.demo.showpic.php.
by Gjoko Krstic
CVE-2012-2910 EXPLOITDB text VERIFIED
SiliSoftware phpThumb() <1.7.11 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in SiliSoftware phpThumb() 1.7.11 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter to demo/phpThumb.demo.random.php or (2) title parameter to demo/phpThumb.demo.showpic.php.
by Gjoko Krstic
CVE-2012-2904 EXPLOITDB text VERIFIED
LongTail JW Player 5.9 - Cross-Site Scripting via Debug Parameter
player.swf in LongTail JW Player 5.9 allows remote attackers to conduct cross-site scripting (XSS) attacks to inject arbitrary web script or HTML via multiple "javascript:" sequences in the debug parameter.
by gainover
CVE-2012-2911 EXPLOITDB text VERIFIED
SiliSoftware backupDB <1.2.7a - XSS
Cross-site scripting (XSS) vulnerability in backupDB.php in SiliSoftware backupDB() 1.2.7a allows remote attackers to inject arbitrary web script or HTML via the onlyDB parameter.
by LiquidWorm
CVE-2012-2629 EXPLOITDB HIGH text VERIFIED
Axous < 1.1.1 - Cross-Site Request Forgery and Cross-Site Scripting
Multiple cross-site request forgery (CSRF) and cross-site scripting (XSS) vulnerabilities in Axous 1.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator account via an addnew action to admin/administrators_add.php; or (2) conduct cross-site scripting (XSS) attacks via the page_title parameter to admin/content_pages_edit.php; the (3) category_name[] parameter to admin/products_category.php; the (4) site_name, (5) seo_title, or (6) meta_keywords parameter to admin/settings_siteinfo.php; the (7) company_name, (8) address1, (9) address2, (10) city, (11) state, (12) country, (13) author_first_name, (14) author_last_name, (15) author_email, (16) contact_first_name, (17) contact_last_name, (18) contact_email, (19) general_email, (20) general_phone, (21) general_fax, (22) sales_email, (23) sales_phone, (24) support_email, or (25) support_phone parameter to admin/settings_company.php; or the (26) system_email, (27) sender_name, (28) smtp_server, (29) smtp_username, (30) smtp_password, or (31) order_notice_email parameter to admin/settings_email.php.
by Ivano Binetti
CVSS 8.8
CVE-2012-2905 EXPLOITDB text VERIFIED
Artiphp CMS 5.5.0 Neo - Info Disclosure
Artiphp CMS 5.5.0 Neo (r422) stores database backups with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request.
by LiquidWorm
EIP-2026-103523 EXPLOITDB text
Java - Trigerring Java Code from a .SVG Image
by Nicolas Gregoire