Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-6665 EXPLOITDB text VERIFIED
phpmoneybooks 1.0.4 - Path Traversal via File Parameter
Directory traversal vulnerability in index.php in phpMoneyBooks 1.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2012-1669. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue might have been fixed in 1.0.3.
by Mark Stanislav
CVE-2012-1670 EXPLOITDB text VERIFIED
PHP Grade Book < 1.9.5 BETA - Unauthenticated Database Exposure via SaveSQL Action
admin/index.php in PHP Grade Book before 1.9.5 BETA allows remote attackers to read the database via a SaveSQL action.
by Mark Stanislav
CVE-2012-4870 EXPLOITDB text VERIFIED
FreePBX < 2.9 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2) panel/dhtml/index.php; (3) clid or (4) clidname parameters to panel/flash/mypage.php; (5) PATH_INFO to admin/views/freepbx_reload.php; or (6) login parameter to recordings/index.php.
by Martin Tschirsich
EIP-2026-103071 EXPLOITDB text VERIFIED
AtMail 1.04 - Multiple Vulnerabilities
by Yury Maryshev
EIP-2026-101612 EXPLOITDB text
Cyberoam UTM - Multiple Vulnerabilities
by Saurabh Harit
CVE-2012-2740 EXPLOITDB text VERIFIED
phplist < 2.10.18 - SQL Injection via sortby Parameter
SQL injection vulnerability in public_html/lists/admin in phpList before 2.10.18 allows remote attackers to execute arbitrary SQL commands via the sortby parameter in a find action.
by LiquidWorm
EIP-2026-118405 EXPLOITDB ruby VERIFIED
Dell Webcam CrazyTalk - ActiveX BackImage (Metasploit)
by Metasploit
CVE-2012-4864 EXPLOITDB python
Oreans WinLicense 2.1.8.0 - Memory Corruption, DoS
Oreans WinLicense 2.1.8.0 allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted xml file.
by LiquidWorm
CVE-2012-4865 EXPLOITDB text
Oreans Themida 2.1.8.0 - Buffer Overflow via Crafted .TMD File
Buffer overflow in Oreans Themida 2.1.8.0 allows remote attackers to execute arbitrary code via a crafted .TMD file.
by LiquidWorm
CVE-2012-2741 EXPLOITDB text VERIFIED
phplist < 2.10.18 - Cross-Site Scripting via Num Parameter in Reconcileusers Action
Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ in phpList before 2.10.18 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a reconcileusers action.
by LiquidWorm
CVE-2012-1468 EXPLOITDB text VERIFIED
Open Journal Systems < 2.3.7 - Authenticated Remote Code Execution via Executable File Upload
Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension that is not ".php", then accessing it via a direct request to the file in submission/original/ in the associated article directory, as demonstrated using .pHp, .asp, and other extensions.
by High-Tech Bridge
CVE-2012-1467 EXPLOITDB text VERIFIED
Open Journal Systems < 2.3.6 - Authenticated Path Traversal via iBrowser Plugin rfiles.php param Parameter
Multiple directory traversal vulnerabilities in the iBrowser plugin library, as used in Open Journal Systems before 2.3.7, allow remote authenticated users to (1) delete or (2) rename arbitrary files via a .. (dot dot) in the param parameter to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/scripts/rfiles.php.
by High-Tech Bridge
CVE-2012-1469 EXPLOITDB text VERIFIED
Open Journal Systems < 2.3.7 - Cross-Site Scripting via iBrowser Plugin Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Open Journal Systems before 2.3.7 allow remote attackers and remote authenticated users to inject arbitrary web script or HTML via the (1) editor or (2) callback parameters to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php in the iBrowser plugin, (3) authors[][url] parameter to index.php, or (4) Bio Statement or (5) Abstract of Submission fields to the stripUnsafeHtml function in lib/pkp/classes/core/String.inc.php.
by High-Tech Bridge
CVE-2012-1469 EXPLOITDB text VERIFIED
Open Journal Systems < 2.3.7 - Cross-Site Scripting via iBrowser Plugin Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Open Journal Systems before 2.3.7 allow remote attackers and remote authenticated users to inject arbitrary web script or HTML via the (1) editor or (2) callback parameters to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php in the iBrowser plugin, (3) authors[][url] parameter to index.php, or (4) Bio Statement or (5) Abstract of Submission fields to the stripUnsafeHtml function in lib/pkp/classes/core/String.inc.php.
by High-Tech Bridge
EIP-2026-106014 EXPLOITDB text VERIFIED
CMSimple 3.3 - 'index.php' Cross-Site Scripting
by Stefan Schurtz
EIP-2026-102409 EXPLOITDB text VERIFIED
Minify 2.1.x - 'g' Cross-Site Scripting
by Ayoub Aboukir
EIP-2026-101628 EXPLOITDB text
D-Link DIR-605 - Cross-Site Request Forgery
by iqzer0
EIP-2026-116410 EXPLOITDB python VERIFIED
Tiny Server 1.1.9 - HEAD Denial of Service
by brock haun
EIP-2026-116053 EXPLOITDB python
PeerFTP Server 4.01 - Remote Crash (PoC)
by localh0t
CVE-2012-2027 EXPLOITDB text VERIFIED
Adobe Photoshop CS5 < 12.0.5 and CS5.1 < 12.1.1 - Use-After-Free via Crafted TIFF File
Use-after-free vulnerability in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via a crafted TIFF (aka .TIF) file.
by Francis Provencher
EIP-2026-110047 EXPLOITDB text VERIFIED
OneForum - 'topic.php' SQL Injection
by Red Security TEAM
EIP-2026-110043 EXPLOITDB text VERIFIED
OneFileCMS - Failure to Restrict URL Access
by Abhi M Balakrishnan
CVE-2012-4873 EXPLOITDB text VERIFIED
GNUBoard < 4.34 - Cross-Site Scripting via File Download Filename Parameter
Cross-site scripting (XSS) vulnerability in the file_download function in GNUBoard before 4.34.21 allows remote attackers to inject arbitrary web script or HTML via the filename parameter.
by wh1ant
EIP-2026-100928 EXPLOITDB text VERIFIED
WebGlimpse 2.14.1/2.18.8 - 'webglimpse.cgi' Remote Command Injection
by Kevin Perry
EIP-2026-100019 EXPLOITDB text
Android FTPServer 1.9.0 - Remote Denial of Service
by G13