Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-0067 EXPLOITDB text VERIFIED
Wireshark 1.4.x-1.4.10 and 1.6.x-1.6.4 - Denial of Service via Long Packet in AIX iptrace File
wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file.
by Laurent Butti
CVE-2012-1024 EXPLOITDB perl
Enigma2 Webinterface <1.5 - Path Traversal
Directory traversal vulnerability in file in Enigma2 Webinterface 1.5rc1 and 1.5beta4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
by Todor Donev
CVE-2012-6042 EXPLOITDB python VERIFIED
GPSMapEdit 1.1.73.2 - Denial of Service via Long String in LST File
GPSMapEdit 1.1.73.2 allows user-assisted remote attackers to cause a denial of service (crash) via a long string in a lst file.
by Julien Ahrens
CVE-2012-5293 EXPLOITDB text VERIFIED
SAPID CMS 1.2.3 - Remote Code Execution via GLOBALS[root_path] or root_path Parameter
Multiple PHP remote file inclusion vulnerabilities in SAPID CMS 1.2.3 Stable allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[root_path] parameter to usr/extensions/get_tree.inc.php or (2) root_path parameter to usr/extensions/get_infochannel.inc.php.
by Opa Yong
EIP-2026-110445 EXPLOITDB text
Paddelberg Topsite Script - Authentication Bypass
by Christian Inci
CVE-2012-6529 EXPLOITDB text VERIFIED
Marinet CMS - SQL Injection via id or roomid Parameter
Multiple SQL injection vulnerabilities in Marinet CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) galleryphoto.php or (2) gallery.php; or the roomid parameter to (3) room.php or (4) room2.php.
by H4ckCity Security Team
CVE-2012-6529 EXPLOITDB text VERIFIED
Marinet CMS - SQL Injection via id or roomid Parameter
Multiple SQL injection vulnerabilities in Marinet CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) galleryphoto.php or (2) gallery.php; or the roomid parameter to (3) room.php or (4) room2.php.
by H4ckCity Security Team
CVE-2012-6529 EXPLOITDB text VERIFIED
Marinet CMS - SQL Injection via id or roomid Parameter
Multiple SQL injection vulnerabilities in Marinet CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) galleryphoto.php or (2) gallery.php; or the roomid parameter to (3) room.php or (4) room2.php.
by H4ckCity Security Team
EIP-2026-107498 EXPLOITDB text VERIFIED
Gregarius 0.6.1 - Multiple SQL Injections / Cross-Site Scripting
by sonyy
CVE-2012-6644 EXPLOITDB text
ClipBucket 2.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to channels.php, (2) collections.php, (3) groups.php, or (4) videos.php; (5) query parameter to search_result.php; or (6) type parameter to view_collection.php or (7) view_item.php.
by YaDoY666
CVE-2012-6644 EXPLOITDB text VERIFIED
ClipBucket 2.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to channels.php, (2) collections.php, (3) groups.php, or (4) videos.php; (5) query parameter to search_result.php; or (6) type parameter to view_collection.php or (7) view_item.php.
by YaDoY666
CVE-2012-6644 EXPLOITDB text VERIFIED
ClipBucket 2.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to channels.php, (2) collections.php, (3) groups.php, or (4) videos.php; (5) query parameter to search_result.php; or (6) type parameter to view_collection.php or (7) view_item.php.
by YaDoY666
CVE-2012-6643 EXPLOITDB text VERIFIED
ClipBucket 2.6 - SQL Injection via Time Parameter
Multiple SQL injection vulnerabilities in the update_counter function in includes/functions.php in ClipBucket 2.6 allow remote attackers to execute arbitrary SQL commands via the time parameter to (1) videos.php or (2) channels.php. NOTE: some of these details are obtained from third party information.
by YaDoY666
CVE-2012-6644 EXPLOITDB text VERIFIED
ClipBucket 2.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to channels.php, (2) collections.php, (3) groups.php, or (4) videos.php; (5) query parameter to search_result.php; or (6) type parameter to view_collection.php or (7) view_item.php.
by YaDoY666
CVE-2012-6644 EXPLOITDB text VERIFIED
ClipBucket 2.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to channels.php, (2) collections.php, (3) groups.php, or (4) videos.php; (5) query parameter to search_result.php; or (6) type parameter to view_collection.php or (7) view_item.php.
by YaDoY666
CVE-2012-6644 EXPLOITDB text VERIFIED
ClipBucket 2.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to channels.php, (2) collections.php, (3) groups.php, or (4) videos.php; (5) query parameter to search_result.php; or (6) type parameter to view_collection.php or (7) view_item.php.
by YaDoY666
CVE-2012-6644 EXPLOITDB text VERIFIED
ClipBucket 2.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to channels.php, (2) collections.php, (3) groups.php, or (4) videos.php; (5) query parameter to search_result.php; or (6) type parameter to view_collection.php or (7) view_item.php.
by YaDoY666
CVE-2012-6643 EXPLOITDB text VERIFIED
ClipBucket 2.6 - SQL Injection via Time Parameter
Multiple SQL injection vulnerabilities in the update_counter function in includes/functions.php in ClipBucket 2.6 allow remote attackers to execute arbitrary SQL commands via the time parameter to (1) videos.php or (2) channels.php. NOTE: some of these details are obtained from third party information.
by YaDoY666
CVE-2012-6644 EXPLOITDB text VERIFIED
ClipBucket 2.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to channels.php, (2) collections.php, (3) groups.php, or (4) videos.php; (5) query parameter to search_result.php; or (6) type parameter to view_collection.php or (7) view_item.php.
by YaDoY666
CVE-2012-6040 EXPLOITDB text VERIFIED
File King Advanced File Management 1.4 - Cross-Site Scripting via Page Parameter
Cross-site scripting (XSS) vulnerability in users.php in File King Advanced File Management 1.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
by Am!r
CVE-2012-1025 EXPLOITDB perl
Enigma2 Webinterface <1.7.0 - Path Traversal
Absolute path traversal vulnerability in file in Enigma2 Webinterface 1.6.0 through 1.6.8, 1.6rc3, and 1.7.0 allows remote attackers to read arbitrary files via a full pathname in the file parameter.
by Todor Donev
CVE-2010-3333 EXPLOITDB HIGH python VERIFIED
Microsoft Office - Stack-based Buffer Overflow via Crafted RTF Data
Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."
by b33f & g11tch
CVSS 7.8
CVE-2012-6044 EXPLOITDB perl VERIFIED
M-Player 0.4 - Denial of Service via Crafted MP3 File
M-Player 0.4 allows remote attackers to cause a denial of service (crash) via a crafted MP3 file.
by JaMbA
CVE-2012-5288 EXPLOITDB text VERIFIED
phpMyDirectory 1.3.3 - SQL Injection
SQL injection vulnerability in page.php in phpMyDirectory 1.3.3 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Serseri
CVE-2012-5348 EXPLOITDB text VERIFIED
MangosWeb Enhanced 3.0.3 - SQL Injection
SQL injection vulnerability in MangosWeb Enhanced 3.0.3 allows remote attackers to execute arbitrary SQL commands via the login parameter in a login action to index.php.
by Hood3dRob1n