Exploitdb Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2011-1985 EXPLOITDB HIGH text VERIFIED
Microsoft Windows - Privilege Escalation
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability."
by KiDebug
CVSS 7.1
CVE-2011-4094 EXPLOITDB CRITICAL text
jara 1.6 - SQL Injection
Jara 1.6 has a SQL injection vulnerability.
by muuratsalo
CVSS 9.8
EIP-2026-107901 EXPLOITDB text
InverseFlow 2.4 - Cross-Site Request Forgery (Add Admin)
by EjRaM HaCkEr
EIP-2026-103481 EXPLOITDB text VERIFIED
Google Chrome - Denial of Service
by Prashant Uniyal
EIP-2026-115346 EXPLOITDB text VERIFIED
Google Chrome - Killing Thread (PoC)
by pigtail23
EIP-2026-119006 EXPLOITDB text VERIFIED
Oracle AutoVue 20.0.1 AutoVueX - ActiveX Control SaveViewStateToFile
by rgod
CVE-2013-6246 EXPLOITDB text VERIFIED
Dell Quest One Password Manager - Unauthenticated Information Disclosure via CAPTCHA Bypass
The Dell Quest One Password Manager, possibly 5.0, allows remote attackers to bypass CAPTCHA protections and obtain sensitive information (user's full name) by sending a login request with a valid domain and username but without the CaptchaType, UseCaptchaEveryTime, and CaptchaResponse parameters.
by Johnny Bravo
CVE-2011-4024 EXPLOITDB text
OCS Inventory NG < 2.0.1 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by Nicolas DEROUET
EIP-2026-116463 EXPLOITDB text VERIFIED
UnrealIRCd 3.2.8.1 - Local Configuration Stack Overflow
by DiGMi
EIP-2026-116014 EXPLOITDB text VERIFIED
Oracle DataDirect - Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Buffer Overflows (PoC)
by rgod
EIP-2026-112863 EXPLOITDB text VERIFIED
Uiga Personal Portal - Multiple Vulnerabilities
by Eyup CELIK
EIP-2026-112698 EXPLOITDB text VERIFIED
Tine 2.0 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
EIP-2026-112098 EXPLOITDB text
Simple Free PHP Forum Script - SQL Injection
by Skraps
EIP-2026-110354 EXPLOITDB text VERIFIED
osCommerce - Arbitrary File Upload / File Disclosure
by indoushka
EIP-2026-107847 EXPLOITDB text VERIFIED
Innovate Portal 2.0 - 'cat' Cross-Site Scripting
by Eyup CELIK
EIP-2026-107098 EXPLOITDB text
fims File Management System 1.2.1a - Multiple Vulnerabilities
by Skraps
EIP-2026-105993 EXPLOITDB text
CMS mini 0.2.2 - Local File Inclusion
by BeopSeong/I2Sec
EIP-2026-104338 EXPLOITDB text VERIFIED
Metasploit Web UI 4.1.0 - Persistent Cross-Site Scripting
by Stefan Schurtz
EIP-2026-104085 EXPLOITDB text VERIFIED
Splunk 4.1.6 - 'segment' Cross-Site Scripting
by Filip Palian
EIP-2026-103658 EXPLOITDB text VERIFIED
Splunk 4.1.6 Web Component - Remote Denial of Service
by Filip Palian
CVE-2011-5139 EXPLOITDB text VERIFIED
Pre Studio Business Cards Designer - SQL Injection via Page ID Parameter
SQL injection vulnerability in page.php in Pre Studio Business Cards Designer allows remote attackers to execute arbitrary SQL commands via the id parameter.
by dr_zig
EIP-2026-114529 EXPLOITDB text
Yet Another CMS 1.0 - SQL Injection / Cross-Site Scripting
by Stefan Schurtz
EIP-2026-113408 EXPLOITDB text
WHMCompleteSolution (WHMCS) 3.x < 4.0.x - 'cart.php' Local File Disclosure
by Lagripe-Dz & Mca-Crb
EIP-2026-110301 EXPLOITDB text VERIFIED
Openemr-4.1.0 - SQL Injection
by I2sec-dae jin Oh
EIP-2026-105596 EXPLOITDB text VERIFIED
Boonex Dolphin 6.1 - 'get_list.php' SQL Injection
by Yuri Goltsev