Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2011-5166 EXPLOITDB python VERIFIED
KnFTP 1.0.0 - Remote Code Execution via Multiple Stack-Based Buffer Overflows
Multiple stack-based buffer overflows in KnFTP 1.0.0 allow remote attackers to execute arbitrary code via a long string to the (1) USER, (2) PASS, (3) REIN, (4) QUIT, (5) PORT, (6) PASV, (7) TYPE, (8) STRU, (9) MODE, (10) RETR, (11) STOR, (12) APPE, (13) ALLO, (14) REST, (15) RNFR, (16) RNTO, (17) ABOR, (18) DELE, (19) CWD, (20) LIST, (21) NLST, (22) SITE, (23) STST, (24) HELP, (25) NOOP, (26) MKD, (27) RMD, (28) PWD, (29) CDUP, (30) STOU, (31) SNMT, (32) SYST, and (33) XPWD commands.
by loneferret
EIP-2026-113660 EXPLOITDB text VERIFIED
WordPress Plugin Count per Day 2.17 - SQL Injection
by Miroslav Stampar
EIP-2026-111192 EXPLOITDB text VERIFIED
phpRS 2.8.1 - Multiple SQL Injections / Cross-Site Scripting
by iM4n
EIP-2026-100115 EXPLOITDB text VERIFIED
ASP Basit Haber Script 1.0 - 'id' SQL Injection
by m3rciL3Ss
CVE-2011-2950 EXPLOITDB ruby VERIFIED
RealPlayer 11.0-11.1 and 14.0.0-14.0.5 and RealPlayer SP 1.0-1.1.5 - Remote Code Execution via Crafted QCP File
Heap-based buffer overflow in qcpfformat.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted QCP file.
by Metasploit
EIP-2026-117657 EXPLOITDB python VERIFIED
MY MP3 Player 3.0 - '.m3u' DEP Bypass
by blake
EIP-2026-107802 EXPLOITDB text
iManager Plugin 1.2.8 - 'lang' Local File Inclusion
by LiquidWorm
EIP-2026-107801 EXPLOITDB text
iManager Plugin 1.2.8 - 'd' Arbitrary File Deletion
by LiquidWorm
CVE-2010-5281 EXPLOITDB text
CMScout IBrowser TinyMCE Plugin <1.4.1 - Path Traversal
Directory traversal vulnerability in ibrowser.php in the CMScout 2.09 IBrowser TinyMCE Plugin 1.4.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter. NOTE: some of these details are obtained from third party information.
by LiquidWorm
EIP-2026-100154 EXPLOITDB text VERIFIED
Ay Computer (Multiple Products) - Multiple SQL Injections
by m3rciL3Ss
CVE-2011-3490 EXPLOITDB ruby VERIFIED
Measuresoft ScadaPro <4.0.0 - Buffer Overflow
Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command.
by Metasploit
CVE-2011-3496 EXPLOITDB ruby VERIFIED
Measuresoft ScadaPro <4.0.0 - Command Injection
service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command.
by Metasploit
CVE-2009-1325 EXPLOITDB python VERIFIED
Mini-stream Ripper 3.0.1.1 - Stack-based Buffer Overflow via Long URI in Playlist File
Stack-based buffer overflow in Mini-stream Ripper 3.0.1.1 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
by blake
EIP-2026-111584 EXPLOITDB text VERIFIED
PunBB 1.3.5 - Multiple Cross-Site Scripting Vulnerabilities
by Piotr Duszynski
EIP-2026-112422 EXPLOITDB text VERIFIED
StarDevelop LiveHelp 2.0 - 'index.php' Local File Inclusion
by KedAns-Dz
EIP-2026-102512 EXPLOITDB php VERIFIED
Nortel Contact Recording Centralized Archive 6.5.1 - SQL Injection
by rgod
CVE-2011-3502 EXPLOITDB text
Cogent DataHub <7.1.1.63 - Info Disclosure
The web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to obtain the source code of executable files via a request with a trailing (1) space or (2) %2e (encoded dot).
by Luigi Auriemma
CVE-2011-3489 EXPLOITDB text
Rockwell RSLogix < 19 - Denial of Service via Crafted RNA Packet
RnaUtility.dll in RsvcHost.exe 2.30.0.23 in Rockwell RSLogix 19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted rna packet with a long string to TCP port 4446 that triggers (1) "a memset zero overflow" or (2) an out-of-bounds read, related to improper handling of a 32-bit size field.
by Luigi Auriemma
CVE-2011-3499 EXPLOITDB text
Progea Movicon / PowerHMI <11.2.1085 - DoS/Code Injection
Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an EIDP packet with a large size field, which writes a zero byte to an arbitrary memory location.
by Luigi Auriemma
CVE-2011-3497 EXPLOITDB text
Measuresoft ScadaPro < 4.0.0 - Remote Code Execution via XF Function
service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method.
by Luigi Auriemma
CVE-2011-3494 EXPLOITDB text
eSignal < 10.6.2425 - Stack-Based and Heap-Based Buffer Overflow via Long StyleTemplate or FaceName Field
WinSig.exe in eSignal 10.6.2425 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long StyleTemplate element in a QUO, SUM or POR file, which triggers a stack-based buffer overflow, or (2) a long Font->FaceName field (aka FaceName element), which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
by Luigi Auriemma
CVE-2011-3488 EXPLOITDB text
Equis MetaStock < 11.0 - Use-After-Free via Malformed Chart or Template
Use-after-free vulnerability in Equis MetaStock 11 and earlier allows remote attackers to execute arbitrary code via a malformed (1) mwc chart, (2) mws chart, (3) mwt template, or (4) mwl layout.
by Luigi Auriemma
CVE-2011-3492 EXPLOITDB text
Azeotech DAQFactory <5.85.1853 - Buffer Overflow
Stack-based buffer overflow in Azeotech DAQFactory 5.85 build 1853 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted NETB packet to UDP port 20034.
by Luigi Auriemma
CVE-2011-3493 EXPLOITDB text
Cogent DataHub <7.1.1.63 - Buffer Overflow
Multiple stack-based buffer overflows in the DH_OneSecondTick function in Cogent DataHub 7.1.1.63 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) domain, (2) report_domain, (3) register_datahub, or (4) slave commands.
by Luigi Auriemma
CVE-2011-3501 EXPLOITDB text
Cogent DataHub <= 7.1.1.63 - Denial of Service via Content-Length Header
Integer overflow in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to cause a denial of service (crash) via a negative or large Content-Length value.
by Luigi Auriemma