Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2011-5214 EXPLOITDB text VERIFIED
BrowserCRM < 5.100.01 - Cross-Site Scripting via PATH_INFO or Login Parameter
Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php.
by High-Tech Bridge SA
CVE-2011-5214 EXPLOITDB text VERIFIED
BrowserCRM < 5.100.01 - Cross-Site Scripting via PATH_INFO or Login Parameter
Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php.
by High-Tech Bridge SA
CVE-2011-5213 EXPLOITDB text VERIFIED
BrowserCRM < 5.100.01 - SQL Injection via login[username] or parent_id or contact_id Parameter
Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login[username] parameter to index.php, (2) parent_id parameter to modules/Documents/version_list.php, or (3) contact_id parameter to modules/Documents/index.php.
by High-Tech Bridge SA
CVE-2011-5214 EXPLOITDB text VERIFIED
BrowserCRM < 5.100.01 - Cross-Site Scripting via PATH_INFO or Login Parameter
Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php.
by High-Tech Bridge SA
EIP-2026-104000 EXPLOITDB text VERIFIED
Nagios XI - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
by anonymous
CVE-2011-10013 EXPLOITDB CRITICAL ruby VERIFIED
Traq Project Issue Tracking System 2.0-2.3 - Unauthenticated Remote Code Execution via Admin Plugin Injection
Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be exploited via plugins.php to inject and execute arbitrary PHP code.
by Metasploit
CVE-2011-5007 EXPLOITDB ruby VERIFIED
3S CoDeSys < 3.4 - Remote Code Execution via Long URI to CmpWebServer
Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080.
by Metasploit
EIP-2026-113758 EXPLOITDB text VERIFIED
WordPress Plugin flash-album-gallery - 'flagshow.php' Cross-Site Scripting
by Am!r
CVE-2011-4684 EXPLOITDB text VERIFIED
Opera < 11.60 - Certificate Revocation Handling Issue
Opera before 11.60 does not properly handle certificate revocation, which has unspecified impact and remote attack vectors related to "corner cases."
by anonymous
EIP-2026-113800 EXPLOITDB text VERIFIED
WordPress Plugin GRAND FlAGallery 1.57 - 'flagshow.php' Cross-Site Scripting
by Am!r
CVE-2011-4717 EXPLOITDB perl
zFTPServer Suite 6.0.0.52 - Authenticated Path Traversal via RMD Command
Directory traversal vulnerability in zFTPServer Suite 6.0.0.52 allows remote authenticated users to delete arbitrary directories via a crafted RMD (aka rmdir) command.
by Stefan Schurtz
EIP-2026-114464 EXPLOITDB text
Xoops 2.5.4 - Blind SQL Injection
by blkhtc0rp
EIP-2026-114153 EXPLOITDB text VERIFIED
WordPress Plugin UPM Polls 1.0.4 - Blind SQL Injection
by Saif
EIP-2026-111306 EXPLOITDB text VERIFIED
Pixie 1.04 - Blog Post Cross-Site Request Forgery
by hackme
EIP-2026-107065 EXPLOITDB text VERIFIED
FCMS CMS 2.7.2 - Multiple Cross-Site Request Forgery Vulnerabilities
by Ahmed Elhady Mohamed
CVE-2012-0699 EXPLOITDB HIGH text VERIFIED
Family Connections CMS < 2.9.0 - Cross-Site Request Forgery via News or Prayer Add Action
Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add news via an add action to familynews.php or (2) add a prayer via an add action to prayers.php.
by Ahmed Elhady Mohamed
CVSS 8.8
CVE-2011-2777 EXPLOITDB bash
acpid2 < 2.0.16 - Privilege Escalation via pidof Mismanagement
samples/powerbtn/powerbtn.sh in acpid (aka acpid2) 2.0.16 and earlier uses the pidof program incorrectly, which allows local users to gain privileges by running a program with the name kded4 and a DBUS_SESSION_BUS_ADDRESS environment variable containing commands.
by otr
EIP-2026-115295 EXPLOITDB perl VERIFIED
Free Opener - Local Denial of Service
by Iolo Morganwg
CVE-2011-5171 EXPLOITDB python VERIFIED
CyberLink Power2Go 7 build 196 and 8 build 1031 - Remote Code Execution via Crafted Project File Parameters
Multiple stack-based buffer overflows in CyberLink Power2Go 7 (build 196) and 8 (build 1031) allow remote attackers to execute arbitrary code via the (1) src and (2) name parameters in a p2g project file.
by modpr0be
EIP-2026-111996 EXPLOITDB text
SePortal 2.5 - SQL Injection (1)
by Don
EIP-2026-110554 EXPLOITDB text VERIFIED
Pet Listing - 'preview.php' Cross-Site Scripting
by Mr.PaPaRoSSe
CVE-2011-5135 EXPLOITDB php VERIFIED
DoceboLMS < 4.0.4 - Authenticated SQL Injection via coursereportuiconfig Parameters
Multiple SQL injection vulnerabilities in the save_connection function in lib/lib.iotask.php in the iotask module in DoceboLMS 4.0.4 and earlier allow remote authenticated users with admin or teacher privileges to execute arbitrary SQL commands via the (1) coursereportuiconfig[name] or (2) coursereportuiconfig[description] parameters to index.php.
by mr_me
CVE-2011-5033 EXPLOITDB c
ConfigServer Security & Firewall < 5.43 - Stack-Based Buffer Overflow via Admin List File
Stack-based buffer overflow in CFS.c in ConfigServer Security & Firewall (CSF) before 5.43, when running on a DirectAdmin server, allows local users to cause a denial of service (crash) via a long string in an admin.list file.
by FoX HaCkEr
CVE-2014-5329 EXPLOITDB HIGH c
GIGAPOD OfficeHard <3.04.03, GIGAPOD 2010/3 <3.01.02 - DoS via Apache HTTP Request Handling
GIGAPOD file servers (Appliance model and Software model) provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation. 8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HTTP requests (CVE-2011-3192), which may lead to a denial-of-service (DoS) condition.
by Ramon de C Valle
CVSS 7.5
EIP-2026-111890 EXPLOITDB text VERIFIED
SantriaCMS - SQL Injection
by Troy