Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-114332 EXPLOITDB text VERIFIED
WordPress Theme Hybrid 0.9 - 'cpage' Cross-Site Scripting
by SiteWatch
CVE-2011-3855 EXPLOITDB text VERIFIED
F8 Lite < 4.2.2 - Cross-Site Scripting via s Parameter
Cross-site scripting (XSS) vulnerability in the F8 Lite theme before 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
by SiteWatch
CVE-2011-3860 EXPLOITDB text VERIFIED
Cover WP < 1.6.6 - Cross-Site Scripting via s Parameter
Cross-site scripting (XSS) vulnerability in the Cover WP theme before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
by jabdah
EIP-2026-113869 EXPLOITDB text VERIFIED
WordPress Plugin Link Library 5.2.1 - SQL Injection
by Miroslav Stampar
CVE-2011-4671 EXPLOITDB text VERIFIED
AdRotate < 3.6.8 - SQL Injection via Track Parameter
SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter (aka redirect URL).
by Miroslav Stampar
CVE-2011-3579 EXPLOITDB text VERIFIED
IceWarp WebMail <10.3.3 - SSRF/Info Disclosure
server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference.
by David Kirkpatrick
CVE-2012-0788 EXPLOITDB php VERIFIED
PHP < 5.3.9 - Denial of Service via PDORow and Session Interaction
The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
by anonymous
EIP-2026-118566 EXPLOITDB python VERIFIED
Freefloat FTP Server - Remote Buffer Overflow (DEP Bypass)
by blake
EIP-2026-116347 EXPLOITDB text VERIFIED
sunway ForceControl 6.1 sp3 - Multiple Vulnerabilities
by Luigi Auriemma
CVE-2011-3493 EXPLOITDB python VERIFIED
Cogent DataHub <7.1.1.63 - Buffer Overflow
Multiple stack-based buffer overflows in the DH_OneSecondTick function in Cogent DataHub 7.1.1.63 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) domain, (2) report_domain, (3) register_datahub, or (4) slave commands.
by mr_me
EIP-2026-114660 EXPLOITDB text VERIFIED
Zyncro 3.0.1.20 - Social Network Message Menu SQL Injection
by Ferran Pichel Llaquet
EIP-2026-114659 EXPLOITDB text VERIFIED
Zyncro 3.0.1.20 - Multiple HTML Injection Vulnerabilities
by Ferran Pichel Llaquet
CVE-2011-3010 EXPLOITDB text VERIFIED
TWiki < 5.1.0 - Cross-Site Scripting via New Topic Parameter or SlideShow Plugin Query String
Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic; or (2) the query string to SlideShow.pm in the SlideShowPlugin.
by Mesut Timur
CVE-2011-3010 EXPLOITDB text VERIFIED
TWiki < 5.1.0 - Cross-Site Scripting via New Topic Parameter or SlideShow Plugin Query String
Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic; or (2) the query string to SlideShow.pm in the SlideShowPlugin.
by Mesut Timur
EIP-2026-108034 EXPLOITDB php
JAKCMS PRO 2.2.5 - Arbitrary File Upload
by EgiX
EIP-2026-105338 EXPLOITDB text VERIFIED
AWStats 6.95/7.0 - 'awredir.pl' Multiple Cross-Site Scripting Vulnerabilities
by MustLive
CVE-2011-5127 EXPLOITDB text
Blue Coat Reporter 9.x < 9.2.4.13, 9.2.5.x < 9.2.5.1, 9.3 < 9.3.1.2 - Path Traversal
Directory traversal vulnerability in Blue Coat Reporter 9.x before 9.2.4.13, 9.2.5.x before 9.2.5.1, and 9.3 before 9.3.1.2 on Windows allows remote attackers to read arbitrary files, and consequently execute arbitrary code, via an unspecified HTTP request.
by nitr0us
EIP-2026-115623 EXPLOITDB text VERIFIED
MetaServer RT 3.2.1.450 - Multiple Vulnerabilities
by Luigi Auriemma
EIP-2026-115226 EXPLOITDB text VERIFIED
EViews 7.0.0.1 (aka 7.2) - Multiple Vulnerabilities
by Luigi Auriemma
EIP-2026-110042 EXPLOITDB text VERIFIED
OneCMS 2.6.4 - Multiple SQL Injections
by kurdish hackers team
EIP-2026-100357 EXPLOITDB text VERIFIED
i-Gallery 3.4 - 'd' Cross-Site Scripting
by Kurd-Team
CVE-2011-1892 EXPLOITDB text
Microsoft SharePoint and Office Products - XML External Entity Injection in Web Parts
Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."
by Nicolas Gregoire
CVE-2011-3976 EXPLOITDB python VERIFIED
AmmSoft ScriptFTP 3.3 - Buffer Overflow
Stack-based buffer overflow in AmmSoft ScriptFTP 3.3 allows remote FTP servers to execute arbitrary code via a long filename in a response to a LIST command, as demonstrated using (1) GETLIST or (2) GETFILE in a ScriptFTP script.
by modpr0be
CVE-2011-3575 EXPLOITDB python VERIFIED
IBM Lotus Domino 8.5.2 - Buffer Overflow
Stack-based buffer overflow in the NSFComputeEvaluateExt function in Nnotes.dll in IBM Lotus Domino 8.5.2 allows remote authenticated users to execute arbitrary code via a long tHPRAgentName parameter in an fmHttpPostRequest OpenForm action to WebAdmin.nsf.
by rmallof
CVE-2011-3494 EXPLOITDB ruby VERIFIED
eSignal < 10.6.2425 - Stack-Based and Heap-Based Buffer Overflow via Long StyleTemplate or FaceName Field
WinSig.exe in eSignal 10.6.2425 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long StyleTemplate element in a QUO, SUM or POR file, which triggers a stack-based buffer overflow, or (2) a long Font->FaceName field (aka FaceName element), which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
by Metasploit