Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-5313 EXPLOITDB text VERIFIED
Snitz Forums 2000 - SQL Injection via TOPIC_ID Parameter
SQL injection vulnerability in forum.asp in Snitz Forums 2000 allows remote attackers to execute arbitrary SQL commands via the TOPIC_ID parameter.
by snup
CVE-2012-0913 EXPLOITDB text VERIFIED
ICloudCenter ICTimeAttendance 1.0 - SQL Injection
SQL injection vulnerability in checklogin.aspx in ICloudCenter ICTimeAttendance 1.0 allows remote attackers to execute arbitrary SQL commands via the passw parameter. NOTE: Some of these details are obtained from third party information.
by v3n0m
EIP-2026-100297 EXPLOITDB text VERIFIED
EasyPage - SQL Injection
by Red Security TEAM
EIP-2026-114132 EXPLOITDB text VERIFIED
WordPress Plugin ucan post 1.0.09 - Persistent Cross-Site Scripting
by Gianluca Brindisi
EIP-2026-112967 EXPLOITDB text VERIFIED
Vastal EzineShop - 'view_mags.php' SQL Injection
by Lazmania61
EIP-2026-111442 EXPLOITDB text VERIFIED
PostNuke pnAddressbook Module - 'id' SQL Injection
by Robert Cooper
EIP-2026-106590 EXPLOITDB text VERIFIED
Drupal Module CKEditor 3.0 < 3.6.2 - Persistent EventHandler Cross-Site Scripting
by MaXe
CVE-2012-1153 EXPLOITDB php
appRain CMF <= 0.1.5 - Unauthenticated Arbitrary File Upload and Remote Code Execution
Unrestricted file upload vulnerability in addons/uploadify/uploadify.php in appRain CMF 0.1.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory.
by EgiX
CVE-2012-6530 EXPLOITDB python
Sysax Multi Server < 5.52 - Authenticated Stack-Based Buffer Overflow via HTTP Request
Stack-based buffer overflow in Sysax Multi Server before 5.52, when HTTP is enabled, allows remote authenticated users with the create folder permission to execute arbitrary code via a crafted request.
by Craig Freyman
CVE-2011-4786 EXPLOITDB ruby VERIFIED
HP Easy Printer Care Software < 2.5 - Remote Code Execution via HPTicketMgr.dll ActiveX Control
A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4787.
by Metasploit
EIP-2026-112744 EXPLOITDB text VERIFIED
Toner Cart - 'show_series_ink.php' SQL Injection
by Lazmania61
CVE-2012-6525 EXPLOITDB text VERIFIED
phpbridges - SQL Injection via id Parameter
SQL injection vulnerability in members.php in PHPBridges allows remote attackers to execute arbitrary SQL commands via the id parameter.
by 3spi0n
CVE-2012-6524 EXPLOITDB text VERIFIED
powie pGB 2.12 - SQL Injection via kommentar.php id Parameter
SQL injection vulnerability in kommentar.php in pGB 2.12 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by 3spi0n
CVE-2012-0989 EXPLOITDB text VERIFIED
OneOrZero AIMS 2.8.0 Trial Edition build231211 - Cross-Site Scripting via PATH_INFO to index.php
Cross-site scripting (XSS) vulnerability in OneOrZero AIMS 2.8.0 Trial Edition build231211 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
by High-Tech Bridge SA
EIP-2026-109519 EXPLOITDB text VERIFIED
MMORPG Zone - 'view_news.php' SQL Injection
by Lazmania61
CVE-2012-6526 EXPLOITDB text VERIFIED
Vastal I-Tech Freelance Zone - SQL Injection via show_code.php code_id Parameter
SQL injection vulnerability in show_code.php in Vastal I-Tech Freelance Zone allows remote attackers to execute arbitrary SQL commands via the code_id parameter.
by Lazmania61
CVE-2012-0905 EXPLOITDB text VERIFIED
deV!L'z Clanportal Gamebase Addon - SQL Injection via gameid Parameter
SQL injection vulnerability in deV!L'z Clanportal (DZCP) Gamebase addon allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a detail action to index.php.
by Easy Laster
CVE-2012-0906 EXPLOITDB text VERIFIED
Moviebase addon <1.5.5 - SQL Injection
SQL injection vulnerability in the Moviebase addon for deV!L'z Clanportal (DZCP) 1.5.5 allows remote attackers to execute arbitrary SQL commands via the id parameter in a showkat action to index.php.
by Easy Laster
CVE-2010-10016 EXPLOITDB CRITICAL ruby VERIFIED
BS.Player Free and Pro Editions < 2.57 (build 1051) - Buffer Overflow via M3U Playlist Import
BS.Player version 2.57 (build 1051) contains a vulnerability in its playlist import functionality. When processing .m3u files, the application fails to properly validate the length of playlist entries, resulting in a buffer overflow condition. This flaw occurs during parsing of long URLs embedded in the playlist, allowing overwrite of Structured Exception Handler (SEH) records. The vulnerability is triggered upon opening a crafted playlist file and affects the Unicode parsing logic in the Windows client.
by Metasploit
EIP-2026-118764 EXPLOITDB ruby VERIFIED
McAfee SaaS MyCioScan ShowReport - Remote Command Execution (Metasploit)
by Metasploit
EIP-2026-108331 EXPLOITDB text VERIFIED
Joomla! Component com_discussions - SQL Injection
by Red Security TEAM
CVE-2011-0065 EXPLOITDB ruby VERIFIED
Mozilla Firefox <3.5.19 & SeaMonkey <2.0.14 - Use After Free
Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mChannel.
by Metasploit
CVE-2012-0221 EXPLOITDB text VERIFIED
Rockwell Automation FactoryTalk CPR9-SR5 and RSLogix 5000 17-20 - Denial of Service via RNADiagReceiver Service
The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation Allen-Bradley FactoryTalk CPR9 through SR5 and RSLogix 5000 17 through 20 does not properly handle the return value from an unspecified function, which allows remote attackers to cause a denial of service (service outage) via a crafted packet.
by Luigi Auriemma
CVE-2012-0055 EXPLOITDB HIGH bash VERIFIED
Linux Kernel < 3.0.0 - Missing Authorization in OverlayFS
OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions.
by Gary Poster
CVSS 7.8
CVE-2012-0207 EXPLOITDB HIGH c
Linux Kernel < 3.2.1 - Denial of Service via IGMP Packet Divide-By-Zero
The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets.
by kingcope
CVSS 7.5