Exploitdb Exploits

2,012 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-113060 EXPLOITDB html
ViArt Shop 4.0.5 - Cross-Site Request Forgery
by Or4nG.M4N
CVE-2010-3749 EXPLOITDB html
Realnetworks Realplayer - Code Injection
The browser-plugin implementation in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1 allows remote attackers to arguments to the RecordClip method, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a " (double quote) in an argument to the RecordClip method, aka "parameter injection."
by Sean de Regge
CVE-2011-0027 EXPLOITDB html VERIFIED
Microsoft Data Access Components (MDAC) <2.8 SP1 & WDAC 6.0 - RCE
Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118.
by Peter Vreugdenhil
EIP-2026-118961 EXPLOITDB html VERIFIED
Newv SmartClient 1.1.0 - 'NewvCommon.ocx' ActiveX Control Multiple Vulnerabilities
by wsn1983
EIP-2026-111856 EXPLOITDB html
S40 CMS 0.4.1 - Cross-Site Request Forgery (Change Admin Password)
by pentesters.ir
EIP-2026-114548 EXPLOITDB html
YourTube 1.0 - Cross-Site Request Forgery (Add User)
by AtT4CKxT3rR0r1ST
EIP-2026-118648 EXPLOITDB html VERIFIED
HP Photo Creative 2.x audio.Record.1 - ActiveX Control Remote Stack Buffer Overflow
by rgod
EIP-2026-118356 EXPLOITDB html VERIFIED
Chilkat Software FTP2 - ActiveX Component Remote Code Execution
by rgod
EIP-2026-111309 EXPLOITDB html VERIFIED
PiXie CMS 1.04 - Multiple Cross-Site Request Forgery Vulnerabilities
by Ali Raheem
CVE-2010-4693 EXPLOITDB html VERIFIED
Coppermine Photo Gallery <1.5.10 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php.
by waraxe
EIP-2026-110536 EXPLOITDB html
pecio CMS 2.0.5 - Cross-Site Request Forgery (Add Admin)
by P0C T34M
EIP-2026-106271 EXPLOITDB html VERIFIED
CubeCart 3.0.6 - Cross-Site Request Forgery (Add Admin)
by P0C T34M
CVE-2010-3973 EXPLOITDB html VERIFIED
Microsoft Wmi Administrative Tools < 1.1 - Code Injection
The WMITools ActiveX control in WBEMSingleView.ocx 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted argument to the AddContextRef method, possibly an untrusted pointer dereference, aka "Microsoft WMITools ActiveX Control Vulnerability."
by WooYun
CVE-2010-4588 EXPLOITDB html VERIFIED
Microsoft Wmi Administrative Tools < 1.1 - Code Injection
The WBEMSingleView.ocx ActiveX control 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier allows remote attackers to execute arbitrary code via a crafted argument to the ReleaseContext method, a different vector than CVE-2010-3973, possibly an untrusted pointer dereference.
by WooYun
EIP-2026-101621 EXPLOITDB html
D-Link DIR-300 - Cross-Site Request Forgery (Change Admin Account Settings)
by outlaw.dll
CVE-2010-2590 EXPLOITDB html VERIFIED
SAP Crystal Reports - Memory Corruption
Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 12.3.2.753 in SAP Crystal Reports 2008 SP3 Fix Pack 3.2 allows remote attackers to execute arbitrary code via a long ServerResourceVersion property value.
by Dr_IDE
EIP-2026-103920 EXPLOITDB html VERIFIED
Helix Server 14.0.1.571 - Administration Interface Cross-Site Request Forgery
by John Leitch
CVE-2010-3971 EXPLOITDB html VERIFIED
Microsoft Internet Explorer - Resource Management Error
Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka "CSS Memory Corruption Vulnerability."
by WooYun
EIP-2026-118067 EXPLOITDB html VERIFIED
Viscom VideoEdit Gold ActiveX 8.0 - Code Execution
by Rew
EIP-2026-115255 EXPLOITDB html VERIFIED
Flash Player - 'Flash6.ocx' AllowScriptAccess Denial of Service (PoC)
by Dr_IDE
EIP-2026-114959 EXPLOITDB html VERIFIED
AVG Internet Security 2011 - Safe Search for IE Denial of Service
by Dr_IDE
EIP-2026-111102 EXPLOITDB html
PHPKF Forum 1.80 - 'profil_degistir.php' Cross-Site Request Forgery
by FreWaL
CVE-2010-5193 EXPLOITDB html VERIFIED
Viscom Image Viewer CP Pro/Gold <8.0-6.0 - Buffer Overflow
Stack-based buffer overflow in the TIFMergeMultiFiles function in the SCRIBBLE.ScribbleCtrl.1 ActiveX control (ImageViewer2.ocx) in Viscom Image Viewer CP Pro 8.0 and Gold 6.0 allows remote attackers to execute arbitrary code via a long strDelimit parameter.
by Dr_IDE
EIP-2026-118703 EXPLOITDB html VERIFIED
J-Integra 2.11 - Remote Code Execution
by bz1p
EIP-2026-118702 EXPLOITDB html VERIFIED
J-Integra 2.11 - ActiveX SetIdentity() Buffer Overflow
by Dr_IDE
By Source
All 2,012 Exploitdb 50,121 Writeup 46,628 Nomisec 21,129 Metasploit 3,189 Github 2,234 Vulncheck_xdb 900 Inthewild 518 Gitlab 438 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,729 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 260 c++ 246 shell 68 go 41 postscript 25 xml 24