Exploitdb Exploits

31,344 exploits tracked across all sources.

Sort: Activity Stars
CVE-2011-1564 EXPLOITDB text
DATAC RealFlex RealWin <2.1 Build 6.1.10.10 - RCE
Multiple integer overflows in the HMI application in DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and earlier allow remote attackers to execute arbitrary code via crafted (1) On_FC_MISC_FCS_MSGBROADCAST and (2) On_FC_MISC_FCS_MSGSEND packets, which trigger a heap-based buffer overflow.
by Luigi Auriemma
CVE-2011-1525 EXPLOITDB text
RealNetworks RealPlayer <14.0.2 - RCE
Heap-based buffer overflow in rvrender.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted frame in an Internet Video Recording (IVR) file.
by Luigi Auriemma
EIP-2026-112019 EXPLOITDB text VERIFIED
Shimbi CMS - Multiple SQL Injections
by p0pc0rn
EIP-2026-111362 EXPLOITDB text VERIFIED
PluggedOut Blog 1.9.9 - 'year' Cross-Site Scripting
by kurdish hackers team
EIP-2026-110183 EXPLOITDB text VERIFIED
Online store PHP script - Multiple Cross-Site Scripting / SQL Injections
by kurdish hackers team
EIP-2026-109928 EXPLOITDB text VERIFIED
Newsportal 0.37 - 'post.php' Cross-Site Scripting
by kurdish hackers team
EIP-2026-105978 EXPLOITDB text
CMS Lokomedia 1.5 - Arbitrary File Upload
by eidelweiss
EIP-2026-100307 EXPLOITDB text VERIFIED
Element-IT PowUpload 1.3 - Arbitrary File Upload
by Daniel Godoy
EIP-2026-100295 EXPLOITDB text VERIFIED
EAFlashUpload 2.5 - Arbitrary File Upload
by Daniel Godoy
CVE-2011-1569 EXPLOITDB text VERIFIED
Douran Portal 3.9.7.8 - Info Disclosure
download.aspx in Douran Portal 3.9.7.8 allows remote attackers to obtain source code of arbitrary files under the web root via (1) a trailing ".", (2) a trailing space, or (3) mixed case in the FileNameAttach parameter.
by AJAX Security Team
EIP-2026-113221 EXPLOITDB text VERIFIED
Web Poll Pro 1.0.3 - 'error' HTML Injection
by Hector.x90
EIP-2026-110998 EXPLOITDB text
Phpbuddies - Arbitrary File Upload
by Xr0b0t
EIP-2026-109019 EXPLOITDB text
Kleophatra 0.1.4 - Arbitrary File Upload
by Xr0b0t
EIP-2026-105960 EXPLOITDB text VERIFIED
CMS Balitbang 3.3 - Arbitrary File Upload
by eidelweiss
EIP-2026-105382 EXPLOITDB text VERIFIED
Balitbang CMS 3.3 - Multiple Vulnerabilities
by Xr0b0t
EIP-2026-114468 EXPLOITDB text VERIFIED
XOOPS 2.x - Multiple Cross-Site Scripting Vulnerabilities
by Aung Khant
EIP-2026-112805 EXPLOITDB text VERIFIED
Tugux CMS - 'nid' Blind SQL Injection
by eidelweiss
EIP-2026-105976 EXPLOITDB text
CMS Loko Media - Local File Download
by Xr0b0t
CVE-2011-0421 EXPLOITDB text
Php < 5.3.5 - Denial of Service
The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation.
by Maksymilian Arciemowicz
EIP-2026-117508 EXPLOITDB text
Microsoft Source Code Analyzer for SQL Injection 1.3 - Improper Permissions
by LiquidWorm
EIP-2026-114074 EXPLOITDB text VERIFIED
WordPress Plugin Sodahead Polls 2.0.2 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
EIP-2026-113996 EXPLOITDB text VERIFIED
WordPress Plugin Rating-Widget 1.3.1 - Multiple Cross-Site Scripting Vulnerabilities
by Todor Donev
EIP-2026-112806 EXPLOITDB text
Tugux CMS 1.0_final - Multiple Vulnerabilities
by Aodrulez
EIP-2026-108286 EXPLOITDB text
Joomla! Component com_booklibrary - SQL Injection
by Marc Doudiet
EIP-2026-108177 EXPLOITDB text
Joomla! 1.6 - Multiple SQL Injections
by Aung Khant
By Source
All 31,344 Writeup 60,344 Exploitdb 50,009 Nomisec 21,883 Metasploit 3,225 Github 2,709 Vulncheck_xdb 906 Inthewild 514 Gitlab 442 Gitee 415 Patchapalooza 312
By Language
text 31,344 python 6,029 ruby 5,914 c 3,575 perl 2,849 html 2,053 php 1,326 bash 460 java 364 c++ 251 javascript 220 shell 95 go 61 postscript 25 xml 24