Exploitdb Exploits

31,344 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-3449 EXPLOITDB text VERIFIED
Redback <1.2.4 - CSRF
Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1; and Apache Continuum 1.3.6, 1.4.0, and 1.1 through 1.2.3.1; allows remote attackers to hijack the authentication of administrators for requests that modify credentials.
by Anatolia Security
CVE-2010-4297 EXPLOITDB text
Vmware Workstation - Improper Input Validation
The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a "command injection" issue.
by Nahuel Grisolia
CVE-2010-3770 EXPLOITDB text VERIFIED
Mozilla Firefox < 2.0.10 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allow remote attackers to inject arbitrary web script or HTML via (1) x-mac-arabic, (2) x-mac-farsi, or (3) x-mac-hebrew characters that may be converted to angle brackets during rendering.
by Yosuke Hasegawa
EIP-2026-100938 EXPLOITDB text VERIFIED
WWWThread 5.0.8 Pro - 'showflat.pl' Cross-Site Scripting
by Aliaksandr Hartsuyeu
EIP-2026-118113 EXPLOITDB text VERIFIED
Winamp 5.6 - 'MIDI Parser' Arbitrary Code Execution
by Kryptos Logic
CVE-2010-4518 EXPLOITDB text VERIFIED
Wobeo Wp-safe-search - XSS
Cross-site scripting (XSS) vulnerability in wp-safe-search/wp-safe-search-jx.php in the Safe Search plugin 0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the v1 parameter.
by John Leitch
CVE-2010-4747 EXPLOITDB text VERIFIED
WordPress Processing Embed <0.5 - XSS
Cross-site scripting (XSS) vulnerability in wordpress-processing-embed/data/popup.php in the Processing Embed plugin 0.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pluginurl parameter.
by John Leitch
EIP-2026-106595 EXPLOITDB text VERIFIED
Drupal Module Embedded Media Field/Media 6.x : Video Flotsam/Media: Audio Flotsam - Multiple Vulnerabilities
by Justin Klein Keane
CVE-2010-4557 EXPLOITDB text
Invensys Wonderware Inbatch - Memory Corruption
Buffer overflow in the lm_tcp service in Invensys Wonderware InBatch 8.1 and 9.0, as used in Invensys Foxboro I/A Series Batch 8.1 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted request to port 9001.
by Luigi Auriemma
CVE-2010-4513 EXPLOITDB text VERIFIED
Zimplit Cms < 3.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Zimplit CMS 3.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter in a load action to zimplit.php and (2) client parameter to English_manual_version_2.php.
by High-Tech Bridge SA
CVE-2010-4513 EXPLOITDB text VERIFIED
Zimplit Cms < 3.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Zimplit CMS 3.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter in a load action to zimplit.php and (2) client parameter to English_manual_version_2.php.
by High-Tech Bridge SA
EIP-2026-114130 EXPLOITDB text VERIFIED
WordPress Plugin Twitter Feed - 'url' Cross-Site Scripting
by John Leitch
CVE-2010-4503 EXPLOITDB text VERIFIED
Aigaion - SQL Injection
SQL injection vulnerability in indexlight.php in Aigaion 1.3.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter in an export action.
by KnocKout
EIP-2026-104058 EXPLOITDB text
RDM Embedded Lock Manager < 9.x - 'lm_tcp' Service Buffer Overflow
by Luigi Auriemma
EIP-2026-102612 EXPLOITDB text VERIFIED
GNU InetUtils 1.8-1 - FTP Client Heap Overflow
by Rew
EIP-2026-100569 EXPLOITDB text
SOOP Portal Raven 1.0b - Arbitrary File Upload
by Sun Army
EIP-2026-100567 EXPLOITDB text VERIFIED
SolarWinds Orion Network Performance Monitor (NPM) 10.1 - Multiple Cross-Site Scripting Vulnerabilities
by x0skel
EIP-2026-118564 EXPLOITDB text VERIFIED
Freefloat FTP Server - Directory Traversal
by Pr0T3cT10n
EIP-2026-116757 EXPLOITDB text VERIFIED
Alice 2.2 - Arbitrary Code Execution
by Rew
EIP-2026-116568 EXPLOITDB text VERIFIED
WinZip 15.0 - WZFLDVW.OCX Text Property Denial of Service
by Fady Mohammed Osman
EIP-2026-116567 EXPLOITDB text VERIFIED
WinZip 15.0 - WZFLDVW.OCX IconIndex Property Denial of Service
by Fady Mohammed Osman
CVE-2010-4480 EXPLOITDB text VERIFIED
Phpmyadmin - XSS
error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]".
by emgent white_sheep & scox
EIP-2026-109548 EXPLOITDB text
MODx REvolution CMS 2.0.4-pl2 - POST injection Cross-Site Scripting
by LiquidWorm
EIP-2026-105078 EXPLOITDB text VERIFIED
Alguest 1.1 - 'start' SQL Injection
by Aliaksandr Hartsuyeu
EIP-2026-113500 EXPLOITDB text
WordPress Core 3.0.1 - 'do_trackbacks()' SQL Injection
by M4g
By Source
All 31,344 Writeup 60,382 Exploitdb 50,009 Nomisec 21,890 Metasploit 3,227 Github 2,735 Vulncheck_xdb 907 Inthewild 514 Gitlab 442 Gitee 415 Patchapalooza 312
By Language
text 31,344 python 6,038 ruby 5,916 c 3,576 perl 2,849 html 2,053 php 1,326 bash 460 java 364 c++ 251 javascript 220 shell 96 go 61 postscript 25 xml 24