Exploitdb Exploits

2,009 exploits tracked across all sources.

Sort: Activity Stars
CVE-2011-0027 EXPLOITDB html VERIFIED
Microsoft Data Access Components (MDAC) <2.8 SP1 & WDAC 6.0 - RCE
Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118.
by Peter Vreugdenhil
EIP-2026-118961 EXPLOITDB html VERIFIED
Newv SmartClient 1.1.0 - 'NewvCommon.ocx' ActiveX Control Multiple Vulnerabilities
by wsn1983
EIP-2026-111856 EXPLOITDB html
S40 CMS 0.4.1 - Cross-Site Request Forgery (Change Admin Password)
by pentesters.ir
EIP-2026-114548 EXPLOITDB html
YourTube 1.0 - Cross-Site Request Forgery (Add User)
by AtT4CKxT3rR0r1ST
EIP-2026-118648 EXPLOITDB html VERIFIED
HP Photo Creative 2.x audio.Record.1 - ActiveX Control Remote Stack Buffer Overflow
by rgod
EIP-2026-118356 EXPLOITDB html VERIFIED
Chilkat Software FTP2 - ActiveX Component Remote Code Execution
by rgod
EIP-2026-111309 EXPLOITDB html VERIFIED
PiXie CMS 1.04 - Multiple Cross-Site Request Forgery Vulnerabilities
by Ali Raheem
CVE-2010-4693 EXPLOITDB html VERIFIED
Coppermine Photo Gallery <1.5.10 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php.
by waraxe
EIP-2026-110536 EXPLOITDB html
pecio CMS 2.0.5 - Cross-Site Request Forgery (Add Admin)
by P0C T34M
EIP-2026-106271 EXPLOITDB html VERIFIED
CubeCart 3.0.6 - Cross-Site Request Forgery (Add Admin)
by P0C T34M
CVE-2010-3973 EXPLOITDB html VERIFIED
WMI Administrative Tools < 1.1 - Remote Code Execution via WBEMSingleView.ocx AddContextRef Method
The WMITools ActiveX control in WBEMSingleView.ocx 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted argument to the AddContextRef method, possibly an untrusted pointer dereference, aka "Microsoft WMITools ActiveX Control Vulnerability."
by WooYun
CVE-2010-4588 EXPLOITDB html VERIFIED
WMI Administrative Tools < 1.1 - Remote Code Execution via WBEMSingleView.ocx ReleaseContext Method
The WBEMSingleView.ocx ActiveX control 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier allows remote attackers to execute arbitrary code via a crafted argument to the ReleaseContext method, a different vector than CVE-2010-3973, possibly an untrusted pointer dereference.
by WooYun
EIP-2026-101621 EXPLOITDB html
D-Link DIR-300 - Cross-Site Request Forgery (Change Admin Account Settings)
by outlaw.dll
CVE-2010-2590 EXPLOITDB html VERIFIED
SAP Crystal Reports 2008 SP3 Fix Pack 3.2 - Remote Code Execution via Long ServerResourceVersion Property
Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 12.3.2.753 in SAP Crystal Reports 2008 SP3 Fix Pack 3.2 allows remote attackers to execute arbitrary code via a long ServerResourceVersion property value.
by Dr_IDE
EIP-2026-103920 EXPLOITDB html VERIFIED
Helix Server 14.0.1.571 - Administration Interface Cross-Site Request Forgery
by John Leitch
CVE-2010-3971 EXPLOITDB html VERIFIED
Internet Explorer 6-8 - Use-After-Free in CSS Parser via Self-Referential @import Rule
Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka "CSS Memory Corruption Vulnerability."
by WooYun
EIP-2026-118067 EXPLOITDB html VERIFIED
Viscom VideoEdit Gold ActiveX 8.0 - Code Execution
by Rew
EIP-2026-115255 EXPLOITDB html VERIFIED
Flash Player - 'Flash6.ocx' AllowScriptAccess Denial of Service (PoC)
by Dr_IDE
EIP-2026-114959 EXPLOITDB html VERIFIED
AVG Internet Security 2011 - Safe Search for IE Denial of Service
by Dr_IDE
EIP-2026-111102 EXPLOITDB html
PHPKF Forum 1.80 - 'profil_degistir.php' Cross-Site Request Forgery
by FreWaL
CVE-2010-5193 EXPLOITDB html VERIFIED
Viscom Image Viewer CP Pro/Gold <8.0-6.0 - Buffer Overflow
Stack-based buffer overflow in the TIFMergeMultiFiles function in the SCRIBBLE.ScribbleCtrl.1 ActiveX control (ImageViewer2.ocx) in Viscom Image Viewer CP Pro 8.0 and Gold 6.0 allows remote attackers to execute arbitrary code via a long strDelimit parameter.
by Dr_IDE
EIP-2026-118703 EXPLOITDB html VERIFIED
J-Integra 2.11 - Remote Code Execution
by bz1p
EIP-2026-118702 EXPLOITDB html VERIFIED
J-Integra 2.11 - ActiveX SetIdentity() Buffer Overflow
by Dr_IDE
CVE-2010-4850 EXPLOITDB html
Diferior 8.03 - Stored Cross-Site Scripting via Post Content or Admin Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Diferior 8.03 allow remote attackers to inject arbitrary web script or HTML via the (1) post_content parameter to post/edit/2/p1.html, related to views/post.php; the (2) slogan parameter to admin/site/2.html, related to views/admin.php; or the (3) subcatname or (4) description parameter to admin/forum/create_sub.html, related to views/admin.php.
by High-Tech Bridge SA
EIP-2026-105712 EXPLOITDB html VERIFIED
Car Portal 2.0 - 'car_make' Cross-Site Scripting
by Underground Stockholm
By Source
All 2,009 Writeup 62,029 Exploitdb 50,076 Nomisec 22,334 Github 3,515 Metasploit 3,299 Vulncheck_xdb 927 Inthewild 514 Gitlab 470 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,514 ruby 5,989 c 3,622 perl 2,849 html 2,072 php 1,332 bash 462 java 370 c++ 257 javascript 228 shell 130 go 72 postscript 25 typescript 25