Exploitdb Exploits

CVE-2011-1985 EXPLOITDB HIGH text VERIFIED

Microsoft Windows - Privilege Escalation

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability."

by KiDebug

CVSS 7.1

View

CVE-2011-4094 EXPLOITDB CRITICAL text

Jara 1.6 - SQL Injection

Jara 1.6 has a SQL injection vulnerability.

by muuratsalo

CVSS 9.8

View

EIP-2026-107901 EXPLOITDB text

InverseFlow 2.4 - Cross-Site Request Forgery (Add Admin)

by EjRaM HaCkEr

View

EIP-2026-103481 EXPLOITDB text VERIFIED

Google Chrome - Denial of Service

by Prashant Uniyal

View

EIP-2026-115346 EXPLOITDB text VERIFIED

Google Chrome - Killing Thread (PoC)

by pigtail23

View

EIP-2026-119006 EXPLOITDB text VERIFIED

Oracle AutoVue 20.0.1 AutoVueX - ActiveX Control SaveViewStateToFile

by rgod

View

CVE-2013-6246 EXPLOITDB text VERIFIED

Dell Quest One Password Manager - Access Control

The Dell Quest One Password Manager, possibly 5.0, allows remote attackers to bypass CAPTCHA protections and obtain sensitive information (user's full name) by sending a login request with a valid domain and username but without the CaptchaType, UseCaptchaEveryTime, and CaptchaResponse parameters.

by Johnny Bravo

View

CVE-2011-4024 EXPLOITDB text

OCS Inventory NG <2.0.1 - XSS

Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

by Nicolas DEROUET

View

EIP-2026-116463 EXPLOITDB text VERIFIED

UnrealIRCd 3.2.8.1 - Local Configuration Stack Overflow

by DiGMi

View

EIP-2026-116014 EXPLOITDB text VERIFIED

Oracle DataDirect - Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Buffer Overflows (PoC)

by rgod

View

EIP-2026-112863 EXPLOITDB text VERIFIED

Uiga Personal Portal - Multiple Vulnerabilities

by Eyup CELIK

View

EIP-2026-112698 EXPLOITDB text VERIFIED

Tine 2.0 - Multiple Cross-Site Scripting Vulnerabilities

by High-Tech Bridge SA

View

EIP-2026-112098 EXPLOITDB text

Simple Free PHP Forum Script - SQL Injection

by Skraps

View

EIP-2026-110354 EXPLOITDB text VERIFIED

osCommerce - Arbitrary File Upload / File Disclosure

by indoushka

View

EIP-2026-107847 EXPLOITDB text VERIFIED

Innovate Portal 2.0 - 'cat' Cross-Site Scripting

by Eyup CELIK

View

EIP-2026-107098 EXPLOITDB text

fims File Management System 1.2.1a - Multiple Vulnerabilities

by Skraps

View

EIP-2026-105993 EXPLOITDB text

CMS mini 0.2.2 - Local File Inclusion

by BeopSeong/I2Sec

View

EIP-2026-104338 EXPLOITDB text VERIFIED

Metasploit Web UI 4.1.0 - Persistent Cross-Site Scripting

by Stefan Schurtz

View

EIP-2026-104085 EXPLOITDB text VERIFIED

Splunk 4.1.6 - 'segment' Cross-Site Scripting

by Filip Palian

View

EIP-2026-103658 EXPLOITDB text VERIFIED

Splunk 4.1.6 Web Component - Remote Denial of Service

by Filip Palian

View

CVE-2011-5139 EXPLOITDB text VERIFIED

Preprojects Business Cards Designer - SQL Injection

SQL injection vulnerability in page.php in Pre Studio Business Cards Designer allows remote attackers to execute arbitrary SQL commands via the id parameter.

by dr_zig

View

EIP-2026-114529 EXPLOITDB text

Yet Another CMS 1.0 - SQL Injection / Cross-Site Scripting

by Stefan Schurtz

View

EIP-2026-113408 EXPLOITDB text

WHMCompleteSolution (WHMCS) 3.x < 4.0.x - 'cart.php' Local File Disclosure

by Lagripe-Dz & Mca-Crb

View

EIP-2026-110301 EXPLOITDB text VERIFIED

Openemr-4.1.0 - SQL Injection

by I2sec-dae jin Oh

View

EIP-2026-105596 EXPLOITDB text VERIFIED

Boonex Dolphin 6.1 - 'get_list.php' SQL Injection

by Yuri Goltsev

View