Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-1011 EXPLOITDB text
AllWebMenus WordPress Plugin 1.1.8 - Unauthenticated Arbitrary File Upload and Remote Code Execution
actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a certain value, then uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory.
by 6Scan
CVE-2012-5231 EXPLOITDB text
miniCMS 1.0 and 2.0 - Remote Code Execution via Pagename or Area Variable
miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted (1) pagename or (2) area variable containing an executable extension, which is not properly handled by (a) update.php when writing files to content/, or (b) updatenews.php when writing files to content/news/.
by Or4nG.M4N
EIP-2026-119119 EXPLOITDB python VERIFIED
Savant Web Server 3.1 - Remote Buffer Overflow (Egghunter)
by red-dragon
EIP-2026-119118 EXPLOITDB python VERIFIED
Savant Web Server 3.1 - Remote Buffer Overflow (4)
by red-dragon
CVE-2012-5312 EXPLOITDB text VERIFIED
tribiq CMS - SQL Injection via id Parameter
SQL injection vulnerability in Tribiq CMS allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by Skote Vahshat
CVE-2012-5315 EXPLOITDB perl VERIFIED
php_ireport 1.0 - Cross-Site Scripting via Message Parameter
Multiple cross-site scripting (XSS) vulnerabilities in php ireport 1.0 allow remote attackers to inject arbitrary web script or HTML via the message parameter to (1) messages_viewer.php, (2) home.php, or (3) history.php.
by Or4nG.M4N
EIP-2026-109961 EXPLOITDB text VERIFIED
Nova CMS - Directory Traversal
by Red Security TEAM
CVE-2012-0932 EXPLOITDB text VERIFIED
Lead Capture Page System - Stored Cross-Site Scripting via Admin Login Message Parameter
Cross-site scripting (XSS) vulnerability in admin/login.php in Lead Capture Page System allows remote attackers to inject arbitrary web script or HTML via the message parameter.
by HashoR
CVE-2011-4823 EXPLOITDB text VERIFIED
Extensionsforjoomla Com Vikrealestate - SQL Injection
Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a results action and (2) imm parameter in a show action to index.php.
by the_cyber_nuxbie
EIP-2026-108656 EXPLOITDB text VERIFIED
Joomla! Component Full - 'id' SQL Injection
by the_cyber_nuxbie
EIP-2026-108548 EXPLOITDB text VERIFIED
Joomla! Component com_some - 'Controller' Local File Inclusion
by the_cyber_nuxbie
CVE-2011-4804 EXPLOITDB text VERIFIED
com_obsuggest < 1.8 - Path Traversal via Controller Parameter
Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
by the_cyber_nuxbie
EIP-2026-108298 EXPLOITDB text VERIFIED
Joomla! Component com_car - Multiple SQL Injections
by the_cyber_nuxbie
EIP-2026-108291 EXPLOITDB text VERIFIED
Joomla! Component com_bulkenquery - 'Controller' Local File Inclusion
by the_cyber_nuxbie
EIP-2026-108287 EXPLOITDB text VERIFIED
Joomla! Component com_boss - 'Controller' Local File Inclusion
by the_cyber_nuxbie
CVE-2012-5326 EXPLOITDB perl
iSupport 1.x - Cross-Site Request Forgery via Administrator Account Addition
Cross-site request forgery (CSRF) vulnerability in admin/function.php in IDevSpot iSupport 1.x allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via an administrators action.
by Or4nG.M4N
EIP-2026-100518 EXPLOITDB text VERIFIED
Raven 1.0 - 'connector.asp' Arbitrary File Upload
by HELLBOY
CVE-2012-0935 EXPLOITDB text
Aryadad CMS - SQL Injection via PageID Parameter
SQL injection vulnerability in Default.aspx in Aryadad CMS allows remote attackers to execute arbitrary SQL commands via the PageID parameter.
by Red Security TEAM
CVE-2012-0933 EXPLOITDB text VERIFIED
acidcat_cms 3.5.1, 3.5.2, 3.5.6 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in Acidcat CMS 3.5.1, 3.5.2, 3.5.6, and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin_colors.asp, (2) admin_config.asp, and (3) admin_cat_add.asp in admin/.
by Avram Marius
CVE-2011-3167 EXPLOITDB ruby VERIFIED
HP OpenView Network Node Manager <7.51-7.53 - RCE
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1210.
by Metasploit
EIP-2026-118292 EXPLOITDB python VERIFIED
Avaya WinPDM UniteHostRouter 3.8.2 - Remote Command Execution
by Abysssec
EIP-2026-116484 EXPLOITDB python VERIFIED
VideoLAN VLC Media Player 1.2.0 - 'libtaglib_pluggin.dll' Denial of Service
by Mitchell Adair
EIP-2026-113400 EXPLOITDB bash VERIFIED
WhatsApp - Remote Change Status
by emgent
EIP-2026-112530 EXPLOITDB text VERIFIED
Syneto Unified Threat Management 1.3.3/1.4.2 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
by Alexander Fuchs
EIP-2026-103115 EXPLOITDB ruby VERIFIED
Gitorious - Arbitrary Command Execution (Metasploit)
by Metasploit