Exploitdb Exploits

31,344 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-3591 EXPLOITDB text
Oracle Document Capture - Info Disclosure
Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Internal Operations. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from the original researcher that remote attackers can overwrite or delete arbitrary files via a full pathname in the second argument to the DownloadSingleMessageToFile method in the EMPOP3Lib ActiveX component (empop3.dll).
by Evdokimov Dmitriy
CVE-2010-3595 EXPLOITDB text
Oracle Fusion Middleware <10.1.3.5 - Info Disclosure
Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect confidentiality via unknown vectors related to Import Server. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from the original researcher that remote attackers can read arbitrary files via a full pathname in the first argument to the ImportBodyText method in the EasyMail ActiveX control (emsmtp.dll).
by Alexey Sintsov
EIP-2026-114443 EXPLOITDB text VERIFIED
Xnova Legacies 2009.2 - Cross-Site Request Forgery
by Xploit A Day
EIP-2026-112061 EXPLOITDB text VERIFIED
SimpGB 1.49.2 - 'Guestbook.php' Multiple Cross-Site Scripting Vulnerabilities
by MustLive
EIP-2026-111032 EXPLOITDB text VERIFIED
PHPDirector Game Edition - 'game.php' SQL Injection
by AtT4CKxT3rR0r1ST
EIP-2026-109643 EXPLOITDB text VERIFIED
MultiPowUpload 2.1 - Arbitrary File Upload
by DIES3L
EIP-2026-107266 EXPLOITDB text
Froxlor 0.9.15 - Remote File Inclusion
by DIES3L
EIP-2026-105888 EXPLOITDB text
class.upload.php 0.30 - Arbitrary File Upload
by DIES3L
CVE-2011-0903 EXPLOITDB text VERIFIED
Awcm-cms AR Web Content Manager - Path Traversal
Multiple directory traversal vulnerabilities in AR Web Content Manager (AWCM) 2.2 allow remote attackers to read arbitrary files and possibly have other unspecified impact via a .. (dot dot) in the (1) awcm_theme or (2) awcm_lang cookie to (a) index.php or (b) header.php.
by Cucura
EIP-2026-114177 EXPLOITDB text VERIFIED
WordPress Plugin Videox7 UGC 2.5.3.2 - 'listid' Cross-Site Scripting
by AutoSec Tools
EIP-2026-113741 EXPLOITDB text VERIFIED
WordPress Plugin Featured Content 0.0.1 - 'listid' Cross-Site Scripting
by AutoSec Tools
EIP-2026-113739 EXPLOITDB text VERIFIED
WordPress Plugin FCChat Widget 2.1.7 - 'path' Cross-Site Scripting
by AutoSec Tools
EIP-2026-113595 EXPLOITDB text VERIFIED
WordPress Plugin BezahlCode Generator 1.0 - 'gen_name' Cross-Site Scripting
by AutoSec Tools
EIP-2026-113235 EXPLOITDB text VERIFIED
web@all 1.1 - 'url' Cross-Site Scripting
by AutoSec Tools
CVE-2011-0773 EXPLOITDB text VERIFIED
Pivotx < 2.2.2 - XSS
Cross-site scripting (XSS) vulnerability in pivotx/modules/module_image.php in PivotX before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the image parameter.
by AutoSec Tools
CVE-2011-0772 EXPLOITDB text VERIFIED
Pivotx - XSS
Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color parameter to includes/blogroll.php or (2) src parameter to includes/timwrapper.php.
by High-Tech Bridge SA
CVE-2011-0772 EXPLOITDB text VERIFIED
Pivotx - XSS
Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color parameter to includes/blogroll.php or (2) src parameter to includes/timwrapper.php.
by High-Tech Bridge SA
EIP-2026-104884 EXPLOITDB text
ab Web CMS 1.35 - Multiple Vulnerabilities
by Dr.0rYX & Cr3W-DZ
CVE-2011-0902 EXPLOITDB text
Sun Microsystems SunScreen Firewall <5.9 - RCE
Multiple untrusted search path vulnerabilities in the Java Service in Sun Microsystems SunScreen Firewall on SunOS 5.9 allow local users to execute arbitrary code via a modified (1) PATH or (2) LD_LIBRARY_PATH environment variable.
by kingcope
CVE-2011-0678 EXPLOITDB text VERIFIED
Lomtec Activeweb - Unrestricted File Upload
Unrestricted file upload vulnerability in the EasyEdit module in Lomtec ActiveWeb Professional 3.0 allows remote attackers to execute arbitrary code by uploading an executable file via the UploadDirectory and Accepted Extensions fields in the getImagefile component of EasyEdit.cfm.
by StenoPlasma
EIP-2026-117490 EXPLOITDB text VERIFIED
Microsoft Fax - Cover Page Editor 5.2.3790.3959 Double-Free Memory Corruption
by Luigi Auriemma
EIP-2026-114150 EXPLOITDB text VERIFIED
WordPress Plugin Uploader 1.0 - 'num' Cross-Site Scripting
by AutoSec Tools
EIP-2026-113978 EXPLOITDB text VERIFIED
WordPress Plugin Powerhouse Museum Collection Image Grid 0.9.1.1 - 'tbpv_username' Cross-Site Scripting
by AutoSec Tools
EIP-2026-113942 EXPLOITDB text VERIFIED
WordPress Plugin oQey-Gallery 0.2 - 'tbpv_domain' Cross-Site Scripting
by AutoSec Tools
EIP-2026-113740 EXPLOITDB text VERIFIED
WordPress Plugin Feature Slideshow 1.0.6 - 'src' Cross-Site Scripting
by AutoSec Tools
By Source
All 31,344 Writeup 60,350 Exploitdb 50,009 Nomisec 21,883 Metasploit 3,225 Github 2,716 Vulncheck_xdb 906 Inthewild 514 Gitlab 442 Gitee 415 Patchapalooza 312
By Language
text 31,344 python 6,034 ruby 5,914 c 3,575 perl 2,849 html 2,053 php 1,326 bash 460 java 364 c++ 251 javascript 220 shell 95 go 61 postscript 25 xml 24