Exploitdb Exploits

31,344 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-100132 EXPLOITDB text VERIFIED
Aspgwy Access 1.0 - 'matchword' Cross-Site Scripting
by kurdish hackers team
EIP-2026-113660 EXPLOITDB text VERIFIED
WordPress Plugin Count per Day 2.17 - SQL Injection
by Miroslav Stampar
EIP-2026-111192 EXPLOITDB text VERIFIED
phpRS 2.8.1 - Multiple SQL Injections / Cross-Site Scripting
by iM4n
EIP-2026-100115 EXPLOITDB text VERIFIED
ASP Basit Haber Script 1.0 - 'id' SQL Injection
by m3rciL3Ss
EIP-2026-107802 EXPLOITDB text
iManager Plugin 1.2.8 - 'lang' Local File Inclusion
by LiquidWorm
EIP-2026-107801 EXPLOITDB text
iManager Plugin 1.2.8 - 'd' Arbitrary File Deletion
by LiquidWorm
CVE-2010-5281 EXPLOITDB text
CMScout IBrowser TinyMCE Plugin <1.4.1 - Path Traversal
Directory traversal vulnerability in ibrowser.php in the CMScout 2.09 IBrowser TinyMCE Plugin 1.4.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter. NOTE: some of these details are obtained from third party information.
by LiquidWorm
EIP-2026-100154 EXPLOITDB text VERIFIED
Ay Computer (Multiple Products) - Multiple SQL Injections
by m3rciL3Ss
EIP-2026-111584 EXPLOITDB text VERIFIED
PunBB 1.3.5 - Multiple Cross-Site Scripting Vulnerabilities
by Piotr Duszynski
EIP-2026-112422 EXPLOITDB text VERIFIED
StarDevelop LiveHelp 2.0 - 'index.php' Local File Inclusion
by KedAns-Dz
CVE-2011-3502 EXPLOITDB text
Cogent DataHub <7.1.1.63 - Info Disclosure
The web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to obtain the source code of executable files via a request with a trailing (1) space or (2) %2e (encoded dot).
by Luigi Auriemma
CVE-2011-3489 EXPLOITDB text
Rockwell RSLogix <19 - DoS
RnaUtility.dll in RsvcHost.exe 2.30.0.23 in Rockwell RSLogix 19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted rna packet with a long string to TCP port 4446 that triggers (1) "a memset zero overflow" or (2) an out-of-bounds read, related to improper handling of a 32-bit size field.
by Luigi Auriemma
CVE-2011-3499 EXPLOITDB text
Progea Movicon / PowerHMI <11.2.1085 - DoS/Code Injection
Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an EIDP packet with a large size field, which writes a zero byte to an arbitrary memory location.
by Luigi Auriemma
CVE-2011-3497 EXPLOITDB text
Measuresoft ScadaPro <4.0.0 - RCE
service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method.
by Luigi Auriemma
CVE-2011-3494 EXPLOITDB text
eSignal <10.6.2425 - RCE/DoS
WinSig.exe in eSignal 10.6.2425 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long StyleTemplate element in a QUO, SUM or POR file, which triggers a stack-based buffer overflow, or (2) a long Font->FaceName field (aka FaceName element), which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
by Luigi Auriemma
CVE-2011-3488 EXPLOITDB text
Equis MetaStock <11 - RCE
Use-after-free vulnerability in Equis MetaStock 11 and earlier allows remote attackers to execute arbitrary code via a malformed (1) mwc chart, (2) mws chart, (3) mwt template, or (4) mwl layout.
by Luigi Auriemma
CVE-2011-3492 EXPLOITDB text
Azeotech DAQFactory <5.85.1853 - Buffer Overflow
Stack-based buffer overflow in Azeotech DAQFactory 5.85 build 1853 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted NETB packet to UDP port 20034.
by Luigi Auriemma
CVE-2011-3493 EXPLOITDB text
Cogent DataHub <7.1.1.63 - Buffer Overflow
Multiple stack-based buffer overflows in the DH_OneSecondTick function in Cogent DataHub 7.1.1.63 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) domain, (2) report_domain, (3) register_datahub, or (4) slave commands.
by Luigi Auriemma
CVE-2011-3501 EXPLOITDB text
Cogent DataHub <7.1.1.63 - DoS
Integer overflow in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to cause a denial of service (crash) via a negative or large Content-Length value.
by Luigi Auriemma
CVE-2011-3486 EXPLOITDB text VERIFIED
Beckhoff TwinCAT <2.11.0.2004 - DoS
Beckhoff TwinCAT 2.11.0.2004 and earlier allows remote attackers to cause a denial of service via a crafted request to UDP port 48899, which triggers an out-of-bounds read.
by Luigi Auriemma
EIP-2026-113705 EXPLOITDB text VERIFIED
WordPress Plugin E-Commerce 3.8.6 - SQL Injection
by Miroslav Stampar
EIP-2026-113572 EXPLOITDB text VERIFIED
WordPress Plugin Auctions 1.8.8 - 'wpa_id' SQL Injection
by sherl0ck_
EIP-2026-100433 EXPLOITDB text VERIFIED
Microsoft SharePoint 2007/2010 - 'Source' Multiple Open Redirections
by Irene Abezgauz
CVE-2011-3487 EXPLOITDB text
Carel PlantVisor <2.4.4 - Path Traversal
Directory traversal vulnerability in CarelDataServer.exe in Carel PlantVisor 2.4.4 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request.
by Luigi Auriemma
CVE-2011-1248 EXPLOITDB text
Microsoft Windows Server 2003 - Improper Input Validation
WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability."
by Luigi Auriemma
By Source
All 31,344 Writeup 60,290 Exploitdb 50,009 Nomisec 21,867 Metasploit 3,224 Github 2,668 Vulncheck_xdb 906 Inthewild 514 Gitlab 442 Gitee 415 Patchapalooza 312
By Language
text 31,344 python 6,009 ruby 5,913 c 3,574 perl 2,849 html 2,053 php 1,326 bash 460 java 364 c++ 250 javascript 220 shell 92 go 58 postscript 25 xml 24