Exploitdb Exploits

31,344 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-2554 EXPLOITDB HIGH text VERIFIED
Microsoft Windows 7 - Access Control
The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability."
by Cesar Cerrudo
CVSS 7.8
CVE-2010-1897 EXPLOITDB text VERIFIED
Microsoft Windows 2003 Server - Improper Input Validation
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability."
by Core Security
EIP-2026-112535 EXPLOITDB text VERIFIED
SyntaxCMS - 'rows_per_page' SQL Injection
by High-Tech Bridge SA
CVE-2009-4869 EXPLOITDB text VERIFIED
Hitronsoft Nasim Guest Book - XSS
Cross-site scripting (XSS) vulnerability in index.php in Nasim Guest Book 1.2 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
by Moudi
CVE-2010-4941 EXPLOITDB text VERIFIED
Joomla! com_teams - SQL Injection
SQL injection vulnerability in the Teams (com_teams) component 1_1028_100809_1711 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PlayerID parameter in a player save action to index.php.
by Salvatore Fresta
CVE-2010-4937 EXPLOITDB text VERIFIED
Amblog 1.0 - SQL Injection
Multiple SQL injection vulnerabilities in the Amblog (com_amblog) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) articleid or (2) catid parameter to index.php.
by Salvatore Fresta
EIP-2026-104050 EXPLOITDB text VERIFIED
Play! Framework 1.0.3.1 - Directory Traversal
by kripthor
EIP-2026-111482 EXPLOITDB text VERIFIED
Preation Eden Platform 27.7.2010 - Multiple HTML Injection Vulnerabilities
by High-Tech Bridge SA
CVE-2010-5083 EXPLOITDB text
PHP-Nuke 8.0 - SQL Injection
SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php.
by ITSecTeam
EIP-2026-108607 EXPLOITDB text VERIFIED
Joomla! Component com_yellowpages - SQL Injection
by al bayraqim
CVE-2010-4922 EXPLOITDB text VERIFIED
Allinta CMS 22.07.2010 - SQL Injection
Multiple SQL injection vulnerabilities in Allinta CMS 22.07.2010 allow remote attackers to execute arbitrary SQL commands via the i parameter in an edit action to (1) contentAE.asp or (2) templatesAE.asp.
by High-Tech Bridge SA
CVE-2010-3027 EXPLOITDB text VERIFIED
Tycoon Baseball Script 1.0.9 - SQL Injection
SQL injection vulnerability in index.php in Tycoon Baseball Script 1.0.9 allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a game_player action.
by Silic0n
EIP-2026-108810 EXPLOITDB text
Joomla! Component NeoRecruit 1.4 - SQL Injection
by v3n0m
CVE-2010-2939 EXPLOITDB text VERIFIED
OpenSSL <1.0.0a-0.9.7 - Use After Free
Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue.
by Georgi Guninski
CVE-2010-2482 EXPLOITDB text VERIFIED
Libtiff < 3.9.4 - Denial of Service
LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443.
by Tomas Hoger
EIP-2026-111461 EXPLOITDB text VERIFIED
Prado Portal 1.2 - 'page' Cross-Site Scripting
by High-Tech Bridge SA
EIP-2026-108304 EXPLOITDB text VERIFIED
Joomla! Component com_cgtestimonial 2.2 - Multiple Vulnerabilities
by Salvatore Fresta
EIP-2026-106360 EXPLOITDB text VERIFIED
Dataface 1.0 - 'admin.php' Cross-Site Scripting
by MustLive
EIP-2026-112518 EXPLOITDB text VERIFIED
sX-Shop - Multiple SQL Injections
by CoBRa_21
EIP-2026-112517 EXPLOITDB text VERIFIED
sX-Shop - 'view_image.php' SQL Injection
by secret
EIP-2026-111051 EXPLOITDB text VERIFIED
PHPFinance 0.6 - '/group.php' SQL Injection / HTML Injection
by skskilL
CVE-2010-4925 EXPLOITDB text VERIFIED
Nuked-Klan Partenaires 1.5 - SQL Injection
SQL injection vulnerability in clic.php in the Partenaires module 1.5 for Nuked-Klan allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Metropolis
EIP-2026-109648 EXPLOITDB text VERIFIED
Muraus Open Blog - Multiple HTML Injection Vulnerabilities
by High-Tech Bridge SA
CVE-2010-4963 EXPLOITDB text VERIFIED
Hulihan BXR 0.6.8 - SQL Injection
SQL injection vulnerability in folder/list in Hulihan BXR 0.6.8 allows remote attackers to execute arbitrary SQL commands via the order_by parameter.
by High-Tech Bridge SA
EIP-2026-107672 EXPLOITDB text VERIFIED
Hulihan Applications Amethyst 0.1.5 - Multiple HTML Injection Vulnerabilities
by High-Tech Bridge SA
By Source
All 31,344 Writeup 60,398 Exploitdb 50,009 Nomisec 21,907 Metasploit 3,227 Github 2,752 Vulncheck_xdb 907 Inthewild 514 Gitlab 442 Gitee 415 Patchapalooza 312
By Language
text 31,344 python 6,044 ruby 5,916 c 3,579 perl 2,849 html 2,054 php 1,326 bash 460 java 364 c++ 251 javascript 220 shell 97 go 61 postscript 25 xml 24