Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-115794 EXPLOITDB python VERIFIED
Microsoft Windows Explorer - Denial of Service
by Level
EIP-2026-115300 EXPLOITDB text VERIFIED
freeSSHd - Denial of Service (PoC)
by Level
CVE-2011-5196 EXPLOITDB python VERIFIED
Open Journal Systems < 2.3.6 - Cross-Site Request Forgery via File Upload
Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Journal Systems 2.3.6 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files.
by mr_me
CVE-2011-5195 EXPLOITDB python VERIFIED
Open Conference Systems < 2.3.4 - Cross-Site Request Forgery via File Upload
Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Conference Systems 2.3.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload a PHP file.
by mr_me
CVE-2011-5197 EXPLOITDB python VERIFIED
Open Harvester Systems < 2.3.1 - Cross-Site Request Forgery via File Upload
Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Harvester Systems 2.3.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files.
by mr_me
CVE-2011-4558 EXPLOITDB HIGH text
Tiki < 8.2 - Authenticated Remote Code Execution via Regex Parameters
Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters.
by EgiX
CVSS 7.2
CVE-2011-5039 EXPLOITDB text
Infoproject Biznis Heroj - SQL Injection via login.php or widget.dokumenti_lista.php
Multiple SQL injection vulnerabilities in Infoproject Biznis Heroj allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to login.php, (3) the filter parameter to widget.dokumenti_lista.php, and (4) the fin_nalog_id parameter to nalozi_naslov.php.
by LiquidWorm
CVE-2011-5149 EXPLOITDB text VERIFIED
SpamTitan < 5.08 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) testaddr or (2) testpass parameter to auth-settings.php; (3) hostname, (4) domainname, or (5) mailserver parameter to setup-relay.php; or (6) subnetmask or (7) defaultroute parameter to setup-network.php.
by Vulnerability-Lab
EIP-2026-117375 EXPLOITDB text VERIFIED
Kaspersky Internet Security/Anti-Virus - '.cfg' File Memory Corruption
by Vulnerability Research Laboratory
CVE-2011-5150 EXPLOITDB text VERIFIED
SpamTitan < 5.07 - Cross-Site Scripting via setup-network.php Parameters
Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.07 and possibly earlier allow remote attackers or authenticated users to inject arbitrary web script or HTML via the (1) ipaddress or (2) domain parameter to setup-network.php, different vectors than CVE-2011-5149. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Vulnerability-Lab
CVE-2011-5040 EXPLOITDB text
Infoproject Biznis Heroj - Stored Cross-Site Scripting via config Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Infoproject Biznis Heroj allow remote attackers to inject arbitrary web script or HTML via the config parameter to (1) nalozi_naslov.php and (2) widget.dokumenti_lista.php.
by LiquidWorm
EIP-2026-106898 EXPLOITDB text VERIFIED
epesi BIM 1.2 rev 8154 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
CVE-2011-3587 EXPLOITDB text VERIFIED
Plone 4.0-4.0.9, 4.1, 4.2-4.2a2 - Remote Code Execution via p_ Class in OFS/misc_.py
Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.
by Nick Miles
EIP-2026-102460 EXPLOITDB text VERIFIED
Barracuda Control Center 620 - Multiple Web Vulnerabilities
by Vulnerability-Lab
EIP-2026-101171 EXPLOITDB text VERIFIED
Barracuda Control Center 620 - Cross-Site Scripting / HTML Injection
by Vulnerability-Lab
CVE-2011-4620 EXPLOITDB c VERIFIED
PLIB 1.8.5 - Buffer Overflow in ulSetError Function
Buffer overflow in the ulSetError function in util/ulError.cxx in PLIB 1.8.5, as used in TORCS 1.3.1 and other products, allows user-assisted remote attackers to execute arbitrary code via vectors involving a long error message, as demonstrated by a crafted acc file for TORCS. NOTE: some of these details are obtained from third party information.
by Andrés Gómez
CVE-2012-0025 EXPLOITDB text VERIFIED
FlashPix PlugIn 4.2.2.0 for IrfanView - Denial of Service via Crafted FPX Image
Double free vulnerability in the Free_All_Memory function in jpeg/dectile.c in libfpx before 1.3.1-1, as used in the FlashPix PlugIn 4.2.2.0 for IrfanView, allows remote attackers to cause a denial of service (crash) via a crafted FPX image.
by Francis Provencher
CVE-2011-5233 EXPLOITDB text VERIFIED
IrfanView < 4.32 - Remote Code Execution via TIFF Rows Per Strip and Samples Per Pixel
Heap-based buffer overflow in IrfanView before 4.32 allows remote attackers to execute arbitrary code via crafted "Rows Per Strip" and "Samples Per Pixel" values in a TIFF image file.
by Francis Provencher
CVE-2011-4551 EXPLOITDB text VERIFIED
TikiWiki CMS/Groupware < 8.1 - Cross-Site Scripting via tiki-cookie-jar.php Parameters
Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters.
by Stefan Schurtz
EIP-2026-111207 EXPLOITDB text VERIFIED
PHPShop CMS 3.4 - Multiple Cross-Site Scripting / SQL Injections
by High-Tech Bridge SA
EIP-2026-108572 EXPLOITDB text VERIFIED
Joomla! Component com_tsonymf - 'idofitem' SQL Injection
by CoBRa_21
EIP-2026-108297 EXPLOITDB text VERIFIED
Joomla! Component com_caproductprices - 'id' SQL Injection
by CoBRa_21
CVE-2011-5050 EXPLOITDB text VERIFIED
Cyberoam Unified Threat Management < 10.01.2 - Authenticated SQL Injection via tableid Parameter
SQL injection vulnerability in corporate/Controller in Elitecore Technologies Cyberoam UTM before 10.01.2 build 059 allows remote authenticated administrators to execute arbitrary SQL commands via the tableid parameter. NOTE: some of these details are obtained from third party information.
by Benjamin Kunz Mejri
CVE-2011-5228 EXPLOITDB text
appRain CMF 0.1.5 - Cross-Site Scripting via Search Module ss Parameter
Cross-site scripting (XSS) vulnerability in the Search module (quickstart/search) in appRain CMF 0.1.5 allows remote attackers to inject arbitrary web script or HTML via the ss parameter.
by Vulnerability-Lab
CVE-2011-5043 EXPLOITDB perl
TomatoSoft Free Mp3 Player 1.0 - Denial of Service via Long String in MP3 File
TomatoSoft Free Mp3 Player 1.0 allows remote attackers to cause a denial of service (application crash) via a long string in an MP3 file, possibly a buffer overflow.
by JaMbA