Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-105116 EXPLOITDB html
almnzm 2.4 - Cross-Site Request Forgery (Add Admin)
by HaNniBaL KsA
CVE-2012-4361 EXPLOITDB python VERIFIED
HP SAN/iQ < 9.5 - Authenticated OS Command Injection via Ping Parameter
lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the second parameter.
by Nicolas Gregoire
CVE-2012-1221 EXPLOITDB text VERIFIED
RabidHamster R2/Extreme - Unauthenticated Path Traversal via Telnet File Command
Directory traversal vulnerability in the telnet server in RabidHamster R2/Extreme 1.65 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the File command.
by Luigi Auriemma
CVE-2012-0292 EXPLOITDB python
Symantec pcAnywhere <= 12.5.3 - Denial of Service via Crafted TCP Session
The awhost32 service in Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allows remote attackers to cause a denial of service (daemon crash) via a crafted TCP session on port 5631.
by Johnathan Norman
EIP-2026-110456 EXPLOITDB text
Pandora Fms 4.0.1 - Local File Inclusion
by Vulnerability-Lab
EIP-2026-110455 EXPLOITDB text VERIFIED
Pandora FMS 4.0.1 - 'sec2' Local File Inclusion
by Ucha Gobejishvili
EIP-2026-105662 EXPLOITDB text VERIFIED
ButorWiki 3.0 - 'service' Cross-Site Scripting
by sonyy
CVE-2012-0209 EXPLOITDB ruby VERIFIED
Horde Groupware 1.2.10 and Horde 3.3.12 - Remote Code Execution via Trojanized JavaScript Template
Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code.
by Metasploit
EIP-2026-102380 EXPLOITDB text VERIFIED
JaWiki - 'versionNo' Cross-Site Scripting
by sonyy
CVE-2012-4362 EXPLOITDB python VERIFIED
HP SAN/iQ < 9.5 - Unauthenticated Remote Access via Hardcoded Password
hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838.
by Nicolas Gregoire
CVE-2010-0842 EXPLOITDB ruby VERIFIED
Oracle Java SE/JFB - Unspecified Vuln
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an uncontrolled array index that allows remote attackers to execute arbitrary code via a MIDI file with a crafted MixerSequencer object, related to the GM_Song structure.
by Metasploit
EIP-2026-116624 EXPLOITDB text VERIFIED
xnview 1.98.5 - Multiple Vulnerabilities
by Luigi Auriemma
EIP-2026-115966 EXPLOITDB text VERIFIED
Novell Groupwise Messenger Client 2.1.0 - Unicode Stack Overflow
by Luigi Auriemma
EIP-2026-115965 EXPLOITDB text VERIFIED
Novell Groupwise Messenger 2.1.0 - Memory Corruption
by Luigi Auriemma
EIP-2026-115964 EXPLOITDB text VERIFIED
Novell Groupwise Messenger 2.1.0 - Arbitrary Memory Corruption
by Luigi Auriemma
CVE-2012-1029 EXPLOITDB text VERIFIED
Tube Ace 1.6 - SQL Injection via q Parameter
SQL injection vulnerability in mobile/search/index.php in Tube Ace (Adult PHP Tube Script) 1.6 allows remote attackers to execute arbitrary SQL commands via the q parameter. NOTE: some of these details are obtained from third party information.
by Daniel Godoy
CVE-2012-1416 EXPLOITDB html
SocialCMS 1.0.2 - Cross-Site Request Forgery in Administrator Account Management
Multiple cross-site request forgery (CSRF) vulnerabilities in SocialCMS 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrator accounts via a member_new action to my_admin/admin1_members.php or (2) modify the default site title via a save action to my_admin/admin1_configuration.php.
by Ivano Binetti
CVE-2012-1294 EXPLOITDB text VERIFIED
CONTIMEX Impulsio CMS - SQL Injection via id Parameter
SQL injection vulnerability in CONTIMEX Impulsio CMS allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by sonyy
EIP-2026-105966 EXPLOITDB text VERIFIED
CMS Faethon 1.3.4 - 'articles.php' Multiple SQL Injections
by tempe_mendoan
EIP-2026-109095 EXPLOITDB text VERIFIED
LEPTON 1.1.3 - Cross-Site Scripting
by High-Tech Bridge SA
CVE-2012-0997 EXPLOITDB text VERIFIED
11in1 1.2.1 - Cross-Site Request Forgery in admin/index.php
Cross-site request forgery (CSRF) vulnerability in admin/index.php in 11in1 1.2.1 stable 12-31-2011 allows remote attackers to hijack the authentication of administrators for requests that add new topics via an addTopic action.
by High-Tech Bridge SA
CVE-2012-0996 EXPLOITDB text VERIFIED
11in1 1.2.1 - Path Traversal via Class Parameter
Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php.
by High-Tech Bridge SA
CVE-2012-0996 EXPLOITDB text VERIFIED
11in1 1.2.1 - Path Traversal via Class Parameter
Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php.
by High-Tech Bridge SA
CVE-2012-1213 EXPLOITDB text VERIFIED
Zimbra Collaboration Suite 6.x-6.0.15 7.x-7.1.3 - Cross-Site Scripting via Calendar View Parameter
Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in Zimbra Web Client in Zimbra Collaboration Suite (ZCS) 6.x before 6.0.15 and 7.x before 7.1.3 allows remote attackers to inject arbitrary web script or HTML via the view parameter.
by sonyy
CVE-2012-1217 EXPLOITDB text VERIFIED
STHS v2 Web Portal 2.2 - Cross-Site Scripting via Team Parameter
Multiple cross-site scripting (XSS) vulnerabilities in STHS v2 Web Portal 2.2 allow remote attackers to inject arbitrary web script or HTML via the team parameter to (1) prospects.php, (2) prospect.php, or (3) team.php.
by Liyan Oz