Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-1803 EXPLOITDB text
RuggedCom Rugged Operating System < 3.10.1 - Unauthenticated Backdoor Account Access via MAC Address Calculation
RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a factory account with a password derived from the MAC Address field in the banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) TELNET, (2) remote shell (aka rsh), or (3) serial-console session.
by jc
CVE-2012-0163 EXPLOITDB text
Microsoft .NET Framework Remote Code Execution via Improper Function Parameter Validation
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability."
by Akita Software Security
EIP-2026-114986 EXPLOITDB text VERIFIED
BeyondCHM 1.1 - Buffer Overflow
by shinnai
CVE-2012-6516 EXPLOITDB text VERIFIED
PHP Ticket System Beta 1 - SQL Injection via q Parameter
SQL injection vulnerability in PHP Ticket System Beta 1 allows remote attackers to execute arbitrary SQL commands via the q parameter to index.php.
by G13
EIP-2026-108577 EXPLOITDB text VERIFIED
Joomla! Component com_videogallery - Local File Inclusion / SQL Injection
by KedAns-Dz
CVE-2012-2441 EXPLOITDB text
RuggedCom ROS <3.3 - Info Disclosure
RuggedCom Rugged Operating System (ROS) before 3.3 has a factory account with a password derived from the MAC Address field in a banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) SSH or (2) HTTPS session, a different vulnerability than CVE-2012-1803.
by jc
CVE-2012-1495 EXPLOITDB CRITICAL php VERIFIED
WebCalendar < 1.2.5 - Remote Code Execution via form_single_user_login Parameter
install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter.
by EgiX
CVSS 9.8
EIP-2026-116344 EXPLOITDB text
SumatraPDF 2.0.1 - '.chm' / '.mobi' Memory Corruption
by shinnai
EIP-2026-115845 EXPLOITDB text VERIFIED
Mobipocket Reader 6.2 Build 608 - Buffer Overflow
by shinnai
CVE-2012-1496 EXPLOITDB HIGH php VERIFIED
WebCalendar < 1.2.5 - Local File Inclusion
Local file inclusion in WebCalendar before 1.2.5.
by EgiX
CVSS 8.8
CVE-2011-5099 EXPLOITDB text VERIFIED
chillcreations mod_ccnewsletter 1.0.7-1.0.9 - SQL Injection via id Parameter
SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
by E1nzte1N
CVE-2012-5919 EXPLOITDB text
Havalite CMS < 1.0.4 - Cross-Site Scripting via Multiple Input Fields
Multiple cross-site scripting (XSS) vulnerabilities in Havalite 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) find or (2) replace fields to havalite/findReplace.php; (3) username parameter to havalite/hava_login.php, (4) the Edit Article module, or (5) hava_post.php in the postAuthor module; (6) postId parameter to hava_post.php; (7) userId parameter to hava_user.php; or (8) linkId parameter to hava_link.php.
by Vulnerability-Lab
EIP-2026-106970 EXPLOITDB text VERIFIED
exponentcms 2.0.5 - Multiple Vulnerabilities
by Onur Yılmaz
CVE-2012-4334 EXPLOITDB text VERIFIED
Samsung NET-i viewer - Remote Code Execution via ConnectDDNS Method
The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) STWConfig 1.1.14.13 ActiveX controls in Samsung NET-i viewer 1.37.120316 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information.
by Luigi Auriemma
CVE-2012-4333 EXPLOITDB text VERIFIED
Samsung NET-i viewer 1.37.120316 - Remote Code Execution via BackupToAvi Method
Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0 ActiveX controls in Samsung NET-i viewer 1.37.120316 allow remote attackers to execute arbitrary code via a long string in the fname parameter. NOTE: some of these details are obtained from third party information.
by Luigi Auriemma
CVE-2012-0551 EXPLOITDB text
Oracle Java SE <7u4 & <6u32 - Info Disclosure
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Container or Deployment.
by Roberto Suggi Liverani
CVE-2012-0550 EXPLOITDB text
Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1 - Info ...
Unspecified vulnerability in the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web Container.
by Roberto Suggi Liverani
CVE-2012-4335 EXPLOITDB text VERIFIED
Samsung NET-i viewer 1.37.120316 - Denial of Service via Negative Size Value in TCP Request
Samsung NET-i viewer 1.37.120316 allows remote attackers to cause a denial of service (infinite loop) via a negative size value in a TCP request to (1) NiwMasterService or (2) NiwStorageService. NOTE: some of these details are obtained from third party information.
by Luigi Auriemma
CVE-2012-4867 EXPLOITDB text VERIFIED
vtiger CRM 5.1.0 - Path Traversal via module_name Parameter
Directory traversal vulnerability in modules/com_vtiger_workflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the module_name parameter.
by Pi3rrot
EIP-2026-109396 EXPLOITDB text VERIFIED
Mega File Manager - File Download
by i2sec-Min Gi Jo
EIP-2026-103968 EXPLOITDB text
Liferay 6.0.x - WebDAV File Reading
by Jelmer Kuperus
CVE-2008-1611 EXPLOITDB ruby VERIFIED
TFTP Server SP 1.4 - Buffer Overflow
Stack-based buffer overflow in TFTP Server SP 1.4 for Windows allows remote attackers to cause a denial of service or execute arbitrary code via a long filename in a read or write request.
by Metasploit
EIP-2026-118190 EXPLOITDB ruby VERIFIED
xRadio 0.95b - Local Buffer Overflow (Metasploit)
by Metasploit
EIP-2026-113185 EXPLOITDB text VERIFIED
Waylu CMS - '/products_xx.php' SQL Injection / HTML Injection
by TheCyberNuxbie
EIP-2026-110543 EXPLOITDB text VERIFIED
Pendulab ChatBlazer 8.5 - 'Username' Cross-Site Scripting
by sonyy