Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2006-3524 EXPLOITDB ruby VERIFIED
SIPfoundry sipXtapi <20060324 - RCE
Buffer overflow in SIPfoundry sipXtapi released before 20060324 allows remote attackers to execute arbitrary code via a long CSeq field value in an INVITE message.
by Metasploit
CVE-2009-0658 EXPLOITDB HIGH ruby VERIFIED
Adobe Reader <9.0 - Buffer Overflow
Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.
by Metasploit
CVSS 7.8
EIP-2026-116559 EXPLOITDB c VERIFIED
Winplot 2010 - Buffer Overflow (PoC)
by fl0 fl0w
CVE-2010-2505 EXPLOITDB c VERIFIED
SaschArt SasCAM Webcam Server <= 2.7 - Denial of Service via Long GET Request
Soft SaschArt SasCAM Webcam Server 2.6.5, 2.7, and earlier allows remote attackers to cause a denial of service (crash) via a large number of requests with a long line, as demonstrated using a long GET request.
by fl0 fl0w
CVE-2010-2330 EXPLOITDB python VERIFIED
iSharer File Sharing Wizard 1.5.0 - Stack-Based Buffer Overflow via Long Content-Length Header
Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Content-Length header.
by m-1-k-3
EIP-2026-111974 EXPLOITDB text VERIFIED
Sell@Site PHP Online Jobs Login - Multiple SQL Injections
by L0rd CrusAd3r
EIP-2026-111476 EXPLOITDB text VERIFIED
Pre Job Board Pro - Authentication Bypass
by L0rd CrusAd3r
EIP-2026-108917 EXPLOITDB ruby VERIFIED
Joomla! Plugin tinybrowser 1.5.12 - Arbitrary File Upload / Code Execution (Metasploit)
by Metasploit
CVE-2010-1748 EXPLOITDB text VERIFIED
CUPS < 1.4.4 - Information Disclosure via Malformed Percent-Encoded URI Parameter
The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstrated by the (1) /admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs.
by Luca Carettoni
CVE-2010-5045 EXPLOITDB text VERIFIED
Smart ASP Survey - Cross-Site Scripting via catid Parameter
Cross-site scripting (XSS) vulnerability in poll/default.asp in Smart ASP Survey allows remote attackers to inject arbitrary web script or HTML via the catid parameter.
by L0rd CrusAd3r
EIP-2026-100538 EXPLOITDB text VERIFIED
SAS Hotel Management System - 'notfound' SQL Injection
by L0rd CrusAd3r
EIP-2026-100526 EXPLOITDB text VERIFIED
Restaurant Listing with Online Ordering - SQL Injection
by L0rd CrusAd3r
EIP-2026-100372 EXPLOITDB text VERIFIED
IISWorks FileMan - fileman.mdb Remote User Database Disclosure
by j0fer
EIP-2026-100180 EXPLOITDB text VERIFIED
Business Classified Listing - SQL Injection
by L0rd CrusAd3r
EIP-2026-100100 EXPLOITDB text VERIFIED
Acuity CMS 2.7.1 - SQL Injection
by L0rd CrusAd3r
CVE-2010-1932 EXPLOITDB text VERIFIED
XnView 1.97.4 - Heap-Based Buffer Overflow via MultiBitMap Paint Data Section
Heap-based buffer overflow in XnView 1.97.4 and possibly earlier allows remote attackers to execute arbitrary code via a MultiBitMap (MBM) file with a Paint Data Section that contains a malformed Encoding field.
by Mauro Olea
EIP-2026-116343 EXPLOITDB text VERIFIED
SumatraPDF 1.1 - Denial of Service (PoC)
by Matthew Bergin
CVE-2010-2089 EXPLOITDB text VERIFIED
Python 2.5.0-2.5.5 - Out-of-bounds Write in audioop Module
The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634.
by haypo
CVE-2010-4971 EXPLOITDB text VERIFIED
VideoWhisper PHP 2 Way Video Chat - Cross-Site Scripting via r Parameter
Cross-site scripting (XSS) vulnerability in VideoWhisper PHP 2 Way Video Chat component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the r parameter to index.php.
by Sid3^effects
EIP-2026-109543 EXPLOITDB text VERIFIED
MODx 1.0.3 - 'index.php' Multiple SQL Injections
by High-Tech Bridge SA
EIP-2026-109404 EXPLOITDB text VERIFIED
Membership Site Script - SQL Injection
by Valentin
EIP-2026-109230 EXPLOITDB text VERIFIED
Lyrics Script - SQL Injection / Cross-Site Scripting
by Valentin
EIP-2026-108123 EXPLOITDB text VERIFIED
Joke Website Script - SQL Injection / Cross-Site Scripting
by Valentin
EIP-2026-106621 EXPLOITDB text VERIFIED
E-Book Store - SQL Injection
by Valentin
EIP-2026-106343 EXPLOITDB text VERIFIED
Daily Inspirational Quotes Script - SQL Injection
by Valentin