Exploitdb Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-102460 EXPLOITDB text VERIFIED
Barracuda Control Center 620 - Multiple Web Vulnerabilities
by Vulnerability-Lab
EIP-2026-101171 EXPLOITDB text VERIFIED
Barracuda Control Center 620 - Cross-Site Scripting / HTML Injection
by Vulnerability-Lab
CVE-2012-0025 EXPLOITDB text VERIFIED
FlashPix PlugIn 4.2.2.0 for IrfanView - Denial of Service via Crafted FPX Image
Double free vulnerability in the Free_All_Memory function in jpeg/dectile.c in libfpx before 1.3.1-1, as used in the FlashPix PlugIn 4.2.2.0 for IrfanView, allows remote attackers to cause a denial of service (crash) via a crafted FPX image.
by Francis Provencher
CVE-2011-5233 EXPLOITDB text VERIFIED
IrfanView < 4.32 - Remote Code Execution via TIFF Rows Per Strip and Samples Per Pixel
Heap-based buffer overflow in IrfanView before 4.32 allows remote attackers to execute arbitrary code via crafted "Rows Per Strip" and "Samples Per Pixel" values in a TIFF image file.
by Francis Provencher
CVE-2011-4551 EXPLOITDB text VERIFIED
TikiWiki CMS/Groupware < 8.1 - Cross-Site Scripting via tiki-cookie-jar.php Parameters
Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters.
by Stefan Schurtz
EIP-2026-111207 EXPLOITDB text VERIFIED
PHPShop CMS 3.4 - Multiple Cross-Site Scripting / SQL Injections
by High-Tech Bridge SA
EIP-2026-108572 EXPLOITDB text VERIFIED
Joomla! Component com_tsonymf - 'idofitem' SQL Injection
by CoBRa_21
EIP-2026-108297 EXPLOITDB text VERIFIED
Joomla! Component com_caproductprices - 'id' SQL Injection
by CoBRa_21
CVE-2011-5050 EXPLOITDB text VERIFIED
Cyberoam Unified Threat Management < 10.01.2 - Authenticated SQL Injection via tableid Parameter
SQL injection vulnerability in corporate/Controller in Elitecore Technologies Cyberoam UTM before 10.01.2 build 059 allows remote authenticated administrators to execute arbitrary SQL commands via the tableid parameter. NOTE: some of these details are obtained from third party information.
by Benjamin Kunz Mejri
CVE-2011-5228 EXPLOITDB text
appRain CMF 0.1.5 - Cross-Site Scripting via Search Module ss Parameter
Cross-site scripting (XSS) vulnerability in the Search module (quickstart/search) in appRain CMF 0.1.5 allows remote attackers to inject arbitrary web script or HTML via the ss parameter.
by Vulnerability-Lab
CVE-2011-5045 EXPLOITDB text VERIFIED
PHP Booking Calendar 10e - Cross-Site Scripting via page_info_message Parameter
Cross-site scripting (XSS) vulnerability in details_view.php in PHP Booking Calendar 10e allows remote attackers to inject arbitrary web script or HTML via the page_info_message parameter.
by G13
EIP-2026-108335 EXPLOITDB text VERIFIED
Joomla! Component com_dshop - SQL Injection
by CoBRa_21
CVE-2011-5218 EXPLOITDB text VERIFIED
DotA OpenStats <= 1.3.9 - SQL Injection via Index.php ID Parameter
SQL injection vulnerability in DotA OpenStats 1.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by HvM17
CVE-2011-5229 EXPLOITDB text
appRain CMF 0.1.5 - SQL Injection via PATH_INFO in Forum Module
SQL injection vulnerability in quickstart/profile/index.php in the Forum module in appRain CMF 0.1.5 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO.
by Vulnerability-Lab
CVE-2011-5046 EXPLOITDB text VERIFIED
Microsoft Windows GDI - Remote Code Execution via IFRAME Height Attribute
The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability."
by webDEViL
EIP-2026-113083 EXPLOITDB text VERIFIED
Video Community Portal - 'userID' SQL Injection
by Lazmania61
CVE-2011-5028 EXPLOITDB text
Novell Sentinel Log Manager < 1.2.0.1_938 - Authenticated Path Traversal via FileDownload Filename Parameter
Directory traversal vulnerability in novelllogmanager/FileDownload in Novell Sentinel Log Manager 1.2.0.1_938 and earlier, as used in Novell Sentinel before 7.0.1.0, allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter.
by Andrea Fabrizi
EIP-2026-112292 EXPLOITDB text VERIFIED
Social Network Community 2 - 'userID' SQL Injection
by Lazmania61
CVE-2011-5222 EXPLOITDB text VERIFIED
PHP Flirt-Projekt 4.8 - SQL Injection via rub Parameter
SQL injection vulnerability in rub2_w.php in PHP Flirt-Projekt 4.8 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the rub parameter.
by Lazmania61
CVE-2011-5230 EXPLOITDB text VERIFIED
Seotoaster < 1.9 - SQL Injection via Login or Member Login Parameter
Multiple SQL injection vulnerabilities in the selectUserIdByLoginPass function in seotoaster_core/application/models/LoginModel.php in Seotoaster 1.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to sys/login/index or (2) memberLoginName parameter to sys/login/member.
by Stefan Schurtz
EIP-2026-107185 EXPLOITDB text VERIFIED
Fork CMS 3.1.5 - Multiple Cross-Site Scripting Vulnerabilities
by Avram Marius
CVE-2011-5031 EXPLOITDB text VERIFIED
capexweb 1.1 - SQL Injection via dfuserid and dfpassword Parameters
Multiple SQL injection vulnerabilities in servlet/capexweb.parentvalidatepassword in cApexWEB 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) dfuserid and (2) dfpassword parameters. NOTE: some of these details are obtained from third party information.
by D1rt3 Dud3
EIP-2026-110429 EXPLOITDB text VERIFIED
Owl Intranet Engine 1.00 - 'userid' Authentication Bypass
by RedTeam Pentesting GmbH
EIP-2026-100932 EXPLOITDB text VERIFIED
Websense 7.6 Triton - 'ws_irpt.exe' Remote Command Execution
by Ben Williams
EIP-2026-100931 EXPLOITDB text VERIFIED
Websense 7.6 Products - 'favorites.exe' Authentication Bypass
by Ben Williams