Exploitdb Exploits

2,012 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-3325 EXPLOITDB html VERIFIED
Microsoft Internet Explorer 6-8 - Info Disclosure
Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka "CSS Special Character Information Disclosure Vulnerability."
by Chris Evans
EIP-2026-119221 EXPLOITDB html VERIFIED
Trend Micro Internet Security Pro 2010 - ActiveX 'extSetOwner()' Remote Code Execution (2)
by Abysssec
EIP-2026-105235 EXPLOITDB html VERIFIED
ArtGK CMS - Cross-Site Scripting / HTML Injection
by High-Tech Bridge SA
EIP-2026-110524 EXPLOITDB html
Pc4Uploader 9.0 - Cross-Site Request Forgery
by RENO
EIP-2026-107686 EXPLOITDB html VERIFIED
Hycus CMS 1.0.1 - Multiple Cross-Site Request Forgery Vulnerabilities
by 10n1z3d
CVE-2010-3202 EXPLOITDB html VERIFIED
Flock Browser 3.0.0.3989 - XSS
Cross-site scripting (XSS) vulnerability in Flock Browser 3.0.0.3989 allows remote attackers to inject arbitrary web script or HTML via a crafted bookmark.
by Lostmon
CVE-2010-3324 EXPLOITDB html VERIFIED
Microsoft Internet Explorer 8 - Auth Bypass
The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.
by Mario Heiderich
EIP-2026-106015 EXPLOITDB html VERIFIED
CMSimple 3.3 - Cross-Site Scripting / Cross-Site Request Forgery
by High-Tech Bridge SA
EIP-2026-114637 EXPLOITDB html VERIFIED
Zomplog 3.9 - Cross-Site Scripting / Cross-Site Request Forgery
by 10n1z3d
EIP-2026-111903 EXPLOITDB html
Saurus CMS Admin Panel - Multiple Cross-Site Request Forgery Vulnerabilities
by Fady Mohammed Osman
EIP-2026-104300 EXPLOITDB html
Kleeja Upload - Cross-Site Request Forgery (Change Admin Password)
by KOLTN S
EIP-2026-119162 EXPLOITDB html VERIFIED
SopCast 3.2.9 - Remote Command Execution
by sud0
EIP-2026-119094 EXPLOITDB html VERIFIED
RSP MP3 Player - OCX ActiveX Buffer Overflow HeapSpray
by Madjix
EIP-2026-110209 EXPLOITDB html VERIFIED
Onyx - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
EIP-2026-109806 EXPLOITDB html VERIFIED
Mystic 0.1.4 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
EIP-2026-104513 EXPLOITDB html
Zendesk - Multiple Vulnerabilities
by Luis Santana
EIP-2026-118400 EXPLOITDB html VERIFIED
dBpowerAMP Audio Player 2 - 'FileExists' ActiveX Buffer Overflow
by s-dz
EIP-2026-114907 EXPLOITDB html VERIFIED
AoAAudioExtractor 2.0.0.0 - ActiveX (PoC) (SEH)
by s-dz
EIP-2026-113448 EXPLOITDB html VERIFIED
wizmall 6.4 - Cross-Site Request Forgery
by pyw1414
EIP-2026-118241 EXPLOITDB html VERIFIED
Advanced File Vault - 'eSellerateControl350.dll' ActiveX HeapSpray
by ThE g0bL!N
EIP-2026-103173 EXPLOITDB html VERIFIED
Nagios XI - Multiple Cross-Site Request Forgery Vulnerabilities
by Adam Baldwin
CVE-2010-3026 EXPLOITDB html
Tomaz Muraus Open Blog 1.2.1 - CSRF
Cross-site request forgery (CSRF) vulnerability in application/modules/admin/controllers/users.php in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests to admin/users/edit that grant administrative privileges.
by High-Tech Bridge SA
CVE-2010-3030 EXPLOITDB html
Tomaz Muraus Open Blog 1.2.1 - CSRF
Cross-site request forgery (CSRF) vulnerability in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests that change the administrative password. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by High-Tech Bridge SA
CVE-2010-3024 EXPLOITDB html VERIFIED
DiamondList 0.1.6 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in user/main/update_user in DiamondList 0.1.6, and possibly earlier, allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrative password or (2) change the site's configuration.
by High-Tech Bridge SA
EIP-2026-105667 EXPLOITDB html
BXR 0.6.8 - Cross-Site Request Forgery
by High-Tech Bridge SA
By Source
All 2,012 Exploitdb 50,121 Writeup 46,637 Nomisec 21,130 Metasploit 3,189 Github 2,236 Vulncheck_xdb 900 Inthewild 518 Gitlab 438 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,730 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 260 c++ 246 shell 68 go 41 postscript 25 xml 24