Stack

155 exploits Active since Mar 2006
EIP-2026-115909 EXPLOITDB html WORKING POC
NCTVideoStudio ActiveX DLLs 1.6 - Remote Heap Overflow (PoC)
EIP-2026-116091 EXPLOITDB html WORKING POC
PowerPoint Viewer OCX 3.1 - Remote File Overwrite
CVE-2009-3812 EXPLOITDB text WORKING POC
Otslabs Otsav DJ - Memory Corruption
Heap-based buffer overflow in OtsAV DJ trial version 1.85.64.0, Radio trial version 1.85.64.0, TV trial version 1.85.64.0, and Free version 1.77.001 allows remote attackers to execute arbitrary code via a long playlist in an Ots File List (.ofl) file.
EIP-2026-115620 EXPLOITDB python WORKING POC
Mereo 1.8.0 - GET Remote Denial of Service
CVE-2009-1257 EXPLOITDB perl WORKING POC
Magic Iso Maker - Memory Corruption
Heap-based buffer overflow in Magic ISO Maker 5.5 build 0274 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted CCD file.
CVE-2008-5754 EXPLOITDB perl WORKING POC
BulletProof FTP Client - Buffer Overflow
Stack-based buffer overflow in BulletProof FTP Client allows user-assisted attackers to execute arbitrary code via a .bps file (aka Session-File) with a long second line, possibly a related issue to CVE-2008-5753.
EIP-2026-115130 EXPLOITDB perl WORKING POC
dBpowerAMP Audio Player 2 - '.pls' Local Buffer Overflow (PoC)
EIP-2026-115195 EXPLOITDB ruby WORKING POC
Easy Web Password 1.2 - Local Heap Memory Consumption (PoC)
EIP-2026-114897 EXPLOITDB perl WORKING POC
Amaya Web Editor 11.0 - Remote Buffer Overflow (PoC)
EIP-2026-114946 EXPLOITDB python WORKING POC
Audacity 1.6.2 - '.aup' Remote Off-by-One Crash
CVE-2008-5042 EXPLOITDB text WRITEUP
Zeeways Photovideotube < 1.1 - Authentication Bypass
Zeeways PhotoVideoTube 1.1 and earlier allows remote attackers to bypass authentication and perform administrative tasks via a direct request to admin/home.php.
EIP-2026-114633 EXPLOITDB text WORKING POC
Zomplog 3.8.2 - 'force_download.php' File Disclosure
CVE-2008-6032 EXPLOITDB php WORKING POC
WSN Links Free 4.0.34P - SQL Injection
SQL injection vulnerability in comments.php in WSN Links Free 4.0.34P allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-0461 EXPLOITDB text WORKING POC
Whole Hog Password Protect: Enhanced 1.x - Auth Bypass
Whole Hog Password Protect: Enhanced 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.
EIP-2026-113684 EXPLOITDB text WORKING POC
WordPress Plugin DM Albums 1.9.2 - Remote File Disclosure
CVE-2009-0461 EXPLOITDB text WORKING POC
Whole Hog Password Protect: Enhanced 1.x - Auth Bypass
Whole Hog Password Protect: Enhanced 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.
CVE-2008-4469 EXPLOITDB text WORKING POC
Vastal I-tech Freelance Zone - SQL Injection
SQL injection vulnerability in view_cresume.php in Vastal I-Tech Freelance Zone allows remote attackers to execute arbitrary SQL commands via the coder_id parameter.
CVE-2008-4466 EXPLOITDB text WORKING POC
Vastal I-tech Cosmetics Zone - SQL Injection
SQL injection vulnerability in view_products_cat.php in Vastal I-Tech Cosmetics Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
CVE-2008-4463 EXPLOITDB text WORKING POC
Vastal I-tech Jobs Zone - SQL Injection
SQL injection vulnerability in view_news.php in Vastal I-Tech Jobs Zone allows remote attackers to execute arbitrary SQL commands via the news_id parameter.
CVE-2008-4464 EXPLOITDB text WORKING POC
Vastal I-tech Mag Zone - SQL Injection
SQL injection vulnerability in view_mags.php in Vastal I-Tech Mag Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
CVE-2008-4460 EXPLOITDB text WORKING POC
Vastal I-tech Mmorpg Zone - SQL Injection
SQL injection vulnerability in game.php in Vastal I-Tech MMORPG Zone allows remote attackers to execute arbitrary SQL commands via the game_id parameter.
CVE-2008-5784 EXPLOITDB CRITICAL text WORKING POC
V3 Chat - Profiles/Dating Script 3.0.2 - Auth Bypass
V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.
CVSS 9.8
CVE-2008-7119 EXPLOITDB text WORKING POC
Webid - SQL Injection
SQL injection vulnerability in item.php in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-7180 EXPLOITDB perl WORKING POC
Telephone Directory 2008 - RCE
del_query1.php in Telephone Directory 2008 allows remote attackers to delete arbitrary contacts via a direct request with a modified id variable.
CVE-2009-4816 EXPLOITDB text WORKING POC
Andy Stedemos The Uploader - Path Traversal
Directory traversal vulnerability in api/download_checker.php in MegaLab The Uploader 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.