Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-1196 EXPLOITDB text VERIFIED
Lenovo ThinkManagement Console 9.0.3 - Path Traversal and Arbitrary File Deletion via VulCore Web Service
Directory traversal vulnerability in the VulCore web service (WSVulnerabilityCore/VulCore.asmx) in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to delete arbitrary files via a .. (dot dot) in the filename parameter in a SetTaskLogByFile SOAP request.
by rgod
CVE-2012-1195 EXPLOITDB text VERIFIED
Lenovo ThinkManagement Console 9.0.3 - Unauthenticated Remote Code Execution via ServerSetup Web Service File Upload
Unrestricted file upload vulnerability in andesk/managementsuite/core/core.anonymous/ServerSetup.asmx in the ServerSetup web service in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via a PutUpdateFileCore command in a RunAMTCommand SOAP request, then accessing the file via a direct request to the file in the web root.
by rgod
EIP-2026-118406 EXPLOITDB text VERIFIED
Dell Webcam Software Bundled - ActiveX Remote Buffer Overflow
by rgod
EIP-2026-118219 EXPLOITDB text VERIFIED
2X Client for RDP 10.1.1204 - ClientSystem Class ActiveX Control Download and Execute
by rgod
CVE-2012-1065 EXPLOITDB text VERIFIED
2X ApplicationServer 10.1 Build 1224 - Arbitrary File Write via TuxSystem ActiveX ExportSettings Method
Insecure method vulnerability in TuxScripting.dll in the TuxSystem ActiveX control in 2X ApplicationServer 10.1 Build 1224 allows remote attackers to create or overwrite arbitrary files via the ExportSettings method.
by rgod
CVE-2012-5329 EXPLOITDB python VERIFIED
TYPSoft FTP Server 1.1 - Authenticated Denial of Service via APPE Command Buffer Overflow
Buffer overflow in TYPSoft FTP Server 1.1 allows remote authenticated users to cause a denial of service (application crash) via a long string in an APPE command.
by brock haun
EIP-2026-108181 EXPLOITDB perl VERIFIED
Joomla! 2.5.0 < 2.5.1 - Blind SQL Injection
by A. Ramos
EIP-2026-105896 EXPLOITDB text VERIFIED
ClassifiedsGeek.com Vacation Packages - 'listing_search' SQL Injection
by r45c4l
EIP-2026-103849 EXPLOITDB text VERIFIED
Apache Tomcat - Account Scanner / 'PUT' Request Command Execution
by kingcope
EIP-2026-102495 EXPLOITDB text VERIFIED
ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet - Directory Traversal
by rgod
CVE-2012-5334 EXPLOITDB text VERIFIED
Pre Printing Press - SQL Injection via product_desc.php pid Parameter
SQL injection vulnerability in product_desc.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the pid parameter.
by Easy Laster
EIP-2026-102379 EXPLOITDB text VERIFIED
JavaBB 0.99 - 'userId' Cross-Site Scripting
by sonyy
CVE-2009-5112 EXPLOITDB text VERIFIED
iwork WebGlimpse <= 2.18.7 - Exposure of Sensitive Information via wgarcmin.cgi
wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to obtain the installation path via a crafted request.
by Websecurity
CVE-2012-5329 EXPLOITDB python
TYPSoft FTP Server 1.1 - Authenticated Denial of Service via APPE Command Buffer Overflow
Buffer overflow in TYPSoft FTP Server 1.1 allows remote authenticated users to cause a denial of service (application crash) via a long string in an APPE command.
by brock haun
CVE-2012-5333 EXPLOITDB text VERIFIED
Pre Printing Press - SQL Injection via id Parameter
SQL injection vulnerability in page.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the id parameter.
by r45c4l
CVE-2007-2675 EXPLOITDB text
Pre Classifieds Listings 1.0 - SQL Injection
SQL injection vulnerability in search.php in Pre Classifieds Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the category parameter.
by r45c4l
CVE-2012-5335 EXPLOITDB perl VERIFIED
Tiny Server 1.1.5 - Authenticated Path Traversal via URI
Directory traversal vulnerability in Tiny Server 1.1.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the URI of an HTTP request.
by KaHPeSeSe
EIP-2026-117874 EXPLOITDB ruby
RM Downloader 3.1.3.3.2010.06.26 - '.m3u' Local Buffer Overflow (Metasploit)
by KaHPeSeSe
CVE-2012-0002 EXPLOITDB text VERIFIED
Windows RDP - Remote Code Execution via Crafted RDP Packets
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability."
by Luigi Auriemma
EIP-2026-110046 EXPLOITDB text VERIFIED
OneFileCMS 1.1.5 - Local File Inclusion
by mr.pr0n
EIP-2026-108927 EXPLOITDB text VERIFIED
JPM Article Script 6 - 'page2' SQL Injection
by Vulnerability Research Laboratory
EIP-2026-107148 EXPLOITDB text VERIFIED
FlexCMS 3.2.1 - Persistent Cross-Site Scripting
by storm
CVE-2012-1901 EXPLOITDB text VERIFIED
FlexCMS < 3.2.1 - Cross-Site Request Forgery via Profile Edit and Page Creation
Multiple cross-site request forgery (CSRF) vulnerabilities in FlexCMS 3.2.1 and earlier allow remote attackers to (1) hijack the authentication of users for requests that change account settings via a request to index.php/profile-edit-save or (2) hijack the authentication of administrators for requests that add a new page via a request to admin/pages-new-save.
by Ivano Binetti
CVE-2012-10061 EXPLOITDB HIGH text VERIFIED
Sockso Music Host Server <=1.5 - Path Traversal
Sockso Music Host Server versions <= 1.5 are vulnerable to a path traversal flaw that allows unauthenticated remote attackers to read arbitrary files from the server’s filesystem. The vulnerability exists in the HTTP interface on port 4444, where the endpoint /file/ fails to properly sanitize user-supplied input. Attackers can traverse directories and access sensitive files outside the intended web root.
by Luigi Auriemma
CVE-2012-1465 EXPLOITDB ruby VERIFIED
NetMechanica NetDecision < 4.5.1 - Denial of Service via Long URL
Stack-based buffer overflow in the HTTP Server in NetMechanica NetDecision before 4.6.1 allows remote attackers to cause a denial of service (application crash) via a long URL in an HTTP request. NOTE: some of these details are obtained from third party information.
by Metasploit