Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-115057 EXPLOITDB text VERIFIED
Citrix 11.6.1 - Licensing Administration Console Denial of Service
by Rune
CVE-2012-1184 EXPLOITDB text
Asterisk 1.8.x < 1.8.10.1 and 10.x < 10.2.1 - Stack-Based Buffer Overflow via HTTP Digest Authentication Header
Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in an HTTP Digest Authentication header.
by Russell Bryant
CVE-2012-5330 EXPLOITDB text
asaanCart 0.9 - Cross-Site Scripting via PATH_INFO or Page Parameter
Multiple cross-site scripting (XSS) vulnerabilities in asaanCart 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to calc.php, (2) chat.php, (3) register.php, or (4) index.php in libs/smarty_ajax/; or the (5) page parameter to libs/smarty_ajax/index.php.
by Number 7
CVE-2008-6359 EXPLOITDB text VERIFIED
Max's Guestbook - Cross-Site Scripting via Name Email or Message Parameters
Cross-site scripting (XSS) vulnerability in index.php in Max's Guestbook allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, and (3) message parameters.
by n0tch
EIP-2026-119448 EXPLOITDB text VERIFIED
TVersity 1.9.7 - Arbitrary File Download
by Luigi Auriemma
EIP-2026-115221 EXPLOITDB text VERIFIED
Epson EventManager 2.50 - Denial of Service
by Luigi Auriemma
EIP-2026-112136 EXPLOITDB text VERIFIED
Simple Posting System - Multiple Vulnerabilities
by n0tch
EIP-2026-109544 EXPLOITDB text
ModX 2.2.0 - Multiple Vulnerabilities
by n0tch
EIP-2026-109355 EXPLOITDB text VERIFIED
Max's PHP Photo Album 1.0 - 'id' Local File Inclusion
by n0tch
EIP-2026-109353 EXPLOITDB text VERIFIED
Max's Guestbook 1.0 - Multiple Remote Vulnerabilities
by n0tch
EIP-2026-106869 EXPLOITDB text
Encaps PHP Gallery - SQL Injection
by Daniel Godoy
CVE-2012-5331 EXPLOITDB text
asaanCart 0.9 - Path Traversal via Page Parameter
Directory traversal vulnerability in asaanCart 0.9 allows remote attackers to include arbitrary local files via a .. (dot dot) in the page parameter to index.php.
by Number 7
EIP-2026-103697 EXPLOITDB c VERIFIED
VideoLAN VLC Media Player 1.1.11 - '.NSV' File Denial of Service
by Dan Fosco
EIP-2026-103696 EXPLOITDB c VERIFIED
VideoLAN VLC Media Player 1.1.11 - '.EAC3' File Denial of Service
by Dan Fosco
EIP-2026-103637 EXPLOITDB text VERIFIED
presto! pagemanager 9.01 - Multiple Vulnerabilities
by Luigi Auriemma
EIP-2026-103458 EXPLOITDB text VERIFIED
EMC NetWorker 7.6 sp3 - Denial of Service
by Luigi Auriemma
CVE-2012-1922 EXPLOITDB text
Sitecom WLM-2501 - Cross-Site Request Forgery in Multiple Admin Forms
Multiple cross-site request forgery (CSRF) vulnerabilities in Sitecom WLM-2501 allow remote attackers to hijack the authentication of administrators for requests that modify settings for (1) Mac Filtering via admin/formFilter, (2) IP/Port Filtering via formFilter, (3) Port Forwarding via formPortFw, (4) Wireless Access Control via admin/formWlAc, (5) Wi-Fi Protected Setup via formWsc, (6) URL Blocking Filter via formURL, (7) Domain Blocking Filter via formDOMAINBLK, and (8) IP Address ACL Filter via admin/formACL in goform/, different vectors than CVE-2012-1921.
by Ivano Binetti
EIP-2026-101270 EXPLOITDB text VERIFIED
F5 FirePass 7.0 - SQL Injection
by anonymous
CVE-2005-2892 EXPLOITDB text
PBLang 4.65 - Directory Traversal via setcookie.php u Parameter
Directory traversal vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to read arbitrary files via ".." sequences and "%00" (trailing null byte) in the u parameter.
by Number 7
EIP-2026-110032 EXPLOITDB text VERIFIED
Omnistar Live - Cross-Site Scripting / SQL Injection
by sonyy
EIP-2026-106323 EXPLOITDB text VERIFIED
Cycade Gallery - SQL Injection
by -DownFall
EIP-2026-104850 EXPLOITDB text
4Images Image Gallery Management System - Cross-Site Request Forgery
by Dmar al3noOoz
CVE-2012-0943 EXPLOITDB text VERIFIED
Light Display Manager <1.0.6, <1.1.7 - Info Disclosure
debian/guest-account in Light Display Manager (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT per ADT1/ADT2 due to different codebases and affected versions. CVE-2012-6648 has been assigned for the gdm-guest-session issue.
by Ryan Lortie
EIP-2026-116626 EXPLOITDB text VERIFIED
XnView FlashPix Image Processing - Heap Overflow
by Francis Provencher
EIP-2026-115931 EXPLOITDB python VERIFIED
Network Instrument Observer - SNMP SetRequest Denial of Service
by Francis Provencher