Exploitdb Exploits

31,346 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-1344 EXPLOITDB text VERIFIED
Cookex Agency CKForms <1.3.3 - SQL Injection
SQL injection vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the fid parameter in a detail action to index.php.
by ALTBTA
CVE-2010-1225 EXPLOITDB text VERIFIED
Microsoft Virtual PC <2007 Gold & SP1 - Memory Corruption
The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS."
by Core Security
CVE-2010-1042 EXPLOITDB text VERIFIED
Microsoft Windows Media Player 11 - Memory Corruption
Microsoft Windows Media Player 11 does not properly perform colorspace conversion, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .AVI file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ITSecTeam
EIP-2026-111487 EXPLOITDB text
Preisschlacht Multi Liveshop System - 'index.php?aid' SQL Injection
by Easy Laster
EIP-2026-111437 EXPLOITDB text
PostNuke FormExpress Module - Blind SQL Injection
by Ali Abbasi
EIP-2026-110993 EXPLOITDB text VERIFIED
PHPBB2 Plus 1.53 - 'kb.php' SQL Injection
by Gamoscu
EIP-2026-110830 EXPLOITDB text
PHP-Nuke - ratedownload SQL Injection
by ITSecTeam
EIP-2026-108589 EXPLOITDB text VERIFIED
Joomla! Component com_vxdate - Multiple Vulnerabilities
by MustLive
EIP-2026-108377 EXPLOITDB text
Joomla! Component com_include - SQL Injection
by DevilZ TM
CVE-2010-1345 EXPLOITDB text VERIFIED
Cookex Agency CKForms <1.3.3 - Path Traversal
Directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
by ALTBTA
EIP-2026-108260 EXPLOITDB text VERIFIED
Joomla! Component com_alert - 'q_item' SQL Injection
by N2n-Hacker
CVE-2010-1003 EXPLOITDB text VERIFIED
eFront 3.5.x-3.5.5 - Path Traversal via Language Parameter
Directory traversal vulnerability in www/editor/tiny_mce/langs/language.php in eFront 3.5.x through 3.5.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langname parameter.
by 7Safe
CVE-2010-3313 EXPLOITDB text VERIFIED
EGroupware <1.6.003-9.2.20100309 - Command Injection
phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) aspell_path or (2) spellchecker_lang parameters.
by Nahuel Grisolia
CVE-2010-1060 EXPLOITDB text VERIFIED
Phpkobo Short URL 1.01 - Path Traversal
Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Short URL 1.01, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter.
by Pouya Daneshmand
CVE-2010-1270 EXPLOITDB text VERIFIED
Multi Auktions Komplett System 2 - SQL Injection
SQL injection vulnerability in auktion.php in Multi Auktions Komplett System 2 allows remote attackers to execute arbitrary SQL commands via the id_auk parameter.
by Easy Laster
EIP-2026-110398 EXPLOITDB text VERIFIED
OSSIM 2.2 - Multiple Vulnerabilities
by Nahuel Grisolia
EIP-2026-110352 EXPLOITDB text
osCMax 2.0 - 'FCKeditor' Arbitrary File Upload
by ITSecTeam
EIP-2026-110075 EXPLOITDB text VERIFIED
Online Community CMS by I-net - SQL Injection
by Th3 RDX
EIP-2026-108522 EXPLOITDB text VERIFIED
Joomla! Component com_rwcards - Local File Inclusion
by ALTBTA
EIP-2026-108270 EXPLOITDB text VERIFIED
Joomla! Component com_as - 'catid' SQL Injection
by N2n-Hacker
CVE-2010-1062 EXPLOITDB text
Phpkobo Free Real Estate Contact Form 1.09 - Path Traversal
Directory traversal vulnerability in codelib/sys/common.inc.php in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter. NOTE: some of these details are obtained from third party information.
by Pouya Daneshmand
CVE-2010-3314 EXPLOITDB text VERIFIED
EGroupware 1.4.001+.002 1.6.001+.002 - Cross-Site Scripting via lang Parameter
Cross-site scripting (XSS) vulnerability in login.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
by Nahuel Grisolia
EIP-2026-102760 EXPLOITDB text VERIFIED
WFTPD 3.3 - Remote REST Denial of Service
by dmnt
EIP-2026-118282 EXPLOITDB text VERIFIED
ArGoSoft FTP Server .NET 1.0.2.1 - Directory Traversal
by dmnt
EIP-2026-112750 EXPLOITDB text
Torrent Hoster - Remount Upload
by EL-KAHINA
By Source
All 31,346 Writeup 60,479 Exploitdb 50,014 Nomisec 21,938 Metasploit 3,232 Github 2,886 Vulncheck_xdb 908 Inthewild 514 Gitlab 443 Gitee 415 Patchapalooza 312
By Language
text 31,346 python 6,149 ruby 5,922 c 3,588 perl 2,849 html 2,054 php 1,327 bash 460 java 364 c++ 252 javascript 220 shell 99 go 64 postscript 25 xml 24