Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-113857 EXPLOITDB text VERIFIED
WordPress Plugin KNR Author List Widget 2.0.0 - SQL Injection
by Miroslav Stampar
EIP-2026-111323 EXPLOITDB text
PlaySms 0.9.5.2 - Remote File Inclusion
by NoGe
EIP-2026-107383 EXPLOITDB text VERIFIED
GeoClassifieds Lite 2.0.x - Multiple Cross-Site Scripting / SQL Injections
by Yassin Aboukir
EIP-2026-107210 EXPLOITDB text VERIFIED
Free Help Desk 1.1b - Multiple Input Validation Vulnerabilities
by High-Tech Bridge SA
EIP-2026-100389 EXPLOITDB text VERIFIED
Kisanji - 'gr' Cross-Site Scripting
by Bl4ck.Viper
EIP-2026-118349 EXPLOITDB python VERIFIED
Cerberus FTP Server 4.0.9.8 - Remote Buffer Overflow
by KedAns-Dz
EIP-2026-118205 EXPLOITDB perl VERIFIED
ZipX 1.71 - '.ZIP' File Buffer Overflow
by C4SS!0 G0M3S
EIP-2026-116995 EXPLOITDB python
CoolPlayer Portable 2.19.2 - Local Buffer Overflow (ASLR Bypass) (1)
by blake
EIP-2026-116576 EXPLOITDB perl
World Of Warcraft - 'chat-cache.txt' Local Stack Overflow Denial of Service
by BSOD Digital
EIP-2026-116426 EXPLOITDB perl
TOWeb 3.0 - Local Format String Denial of Service 'TOWeb.MO' File Corruption
by BSOD Digital
CVE-2011-3979 EXPLOITDB text VERIFIED
Zikula Application Framework <1.3.0-1.2.7 - XSS
Cross-site scripting (XSS) vulnerability in ztemp/view_compiled/Theme/theme_admin_setasdefault.php in the theme module in Zikula Application Framework 1.3.0 build 3168, 1.2.7, and probably other versions allows remote attackers to inject arbitrary web script or HTML via the themename parameter in the setasdefault action to index.php.
by High-Tech Bridge SA
EIP-2026-113940 EXPLOITDB text VERIFIED
WordPress Plugin oQey Gallery 0.4.8 - SQL Injection
by Miroslav Stampar
EIP-2026-113332 EXPLOITDB text VERIFIED
Webmobo WB News System - Blind SQL Injection
by Eyup CELIK
EIP-2026-106835 EXPLOITDB text
Elite Gaming Ladders 3.6 - SQL Injection
by J.O
EIP-2026-106715 EXPLOITDB text VERIFIED
EasyGallery 5 - 'index.php' Multiple SQL Injections
by Eyup CELIK
EIP-2026-104985 EXPLOITDB text VERIFIED
Advanced Image Hosting Script 2.3 - 'report.php' Cross-Site Scripting
by R3d-D3V!L
CVE-2010-4073 EXPLOITDB c VERIFIED
Linux Kernel < 2.6.37 - Information Disclosure via Uninitialized IPC Structures
The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize certain structures, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the (1) compat_sys_semctl, (2) compat_sys_msgctl, and (3) compat_sys_shmctl functions in ipc/compat.c; and the (4) compat_sys_mq_open and (5) compat_sys_mq_getsetattr functions in ipc/compat_mq.c.
by Jon Oberheide
EIP-2026-114298 EXPLOITDB text VERIFIED
WordPress Plugin Zotpress 4.4 - SQL Injection
by Miroslav Stampar
CVE-2011-0257 EXPLOITDB ruby VERIFIED
Apple QuickTime PICT PnSize Buffer Overflow
Integer signedness error in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PnSize opcode in a PICT file that triggers a stack-based buffer overflow.
by Metasploit
EIP-2026-113734 EXPLOITDB text VERIFIED
WordPress Plugin Facebook Opengraph Meta 1.0 - SQL Injection
by Miroslav Stampar
EIP-2026-110246 EXPLOITDB text
openads-2.0.11 - Remote File Inclusion
by HaCkErS eV!L
CVE-2012-0242 EXPLOITDB text
Advantech WebAccess < 7.0 - Remote Code Execution via Format String Specifiers
Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string.
by Luigi Auriemma
EIP-2026-114174 EXPLOITDB text VERIFIED
WordPress Plugin VideoWhisper Video Presentation 1.1 - SQL Injection
by Miroslav Stampar
EIP-2026-109299 EXPLOITDB text VERIFIED
Mambo Component N-Skyrslur - Cross-Site Scripting
by CoBRa_21
EIP-2026-109298 EXPLOITDB text VERIFIED
Mambo Component N-Press - SQL Injection
by CoBRa_21