Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-109297 EXPLOITDB text VERIFIED
Mambo Component N-Myndir - SQL Injection
by CoBRa_21
EIP-2026-109296 EXPLOITDB text VERIFIED
Mambo Component N-Gallery - SQL Injection
by CoBRa_21
EIP-2026-109294 EXPLOITDB text VERIFIED
Mambo Component N-Frettir - SQL Injection
by CoBRa_21
EIP-2026-109280 EXPLOITDB text VERIFIED
Mambo Component Ahsshop - SQL Injection
by CoBRa_21
EIP-2026-108960 EXPLOITDB text VERIFIED
KaiBB 2.0.1 - SQL Injection / Arbitrary File Upload
by KedAns-Dz
EIP-2026-104900 EXPLOITDB text VERIFIED
ACal 2.2.6 - 'calendar.php' Cross-Site Scripting
by T0xic
EIP-2026-119408 EXPLOITDB text
NetSaro Enterprise Messenger 2.0 - Multiple Vulnerabilities
by Narendra Shinde
CVE-2007-3068 EXPLOITDB ruby VERIFIED
DVD X Player 4.1 Professional - Stack-Based Buffer Overflow via PLF Playlist Filename
Stack-based buffer overflow in DVD X Player 4.1 Professional allows remote attackers to execute arbitrary code via a PLF playlist containing a long filename.
by Metasploit
EIP-2026-114025 EXPLOITDB text VERIFIED
WordPress Plugin SearchAutocomplete 1.0.8 - SQL Injection
by Miroslav Stampar
EIP-2026-113685 EXPLOITDB text VERIFIED
WordPress Plugin Donation 1.0 - SQL Injection
by Miroslav Stampar
EIP-2026-113587 EXPLOITDB text VERIFIED
WordPress Plugin Bannerize 2.8.6 - SQL Injection
by Miroslav Stampar
CVE-2011-2918 EXPLOITDB MEDIUM c
Linux Kernel < 3.1 - Denial of Service via Performance Events Subsystem
The Performance Events subsystem in the Linux kernel before 3.1 does not properly handle event overflows associated with PERF_COUNT_SW_CPU_CLOCK events, which allows local users to cause a denial of service (system hang) via a crafted application.
by Vince Weaver
CVSS 5.5
CVE-2011-2882 EXPLOITDB ruby VERIFIED
Citrix Access Gateway Enterprise Edition 8.1-67.7 9.0-70.5 9.1-96.4 - Remote Code Execution via Crafted HTTP Header Data
Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 allows remote attackers to execute arbitrary code via crafted HTTP header data.
by Metasploit
EIP-2026-113823 EXPLOITDB text
WordPress Plugin image Gallery with Slideshow 1.5 - Multiple Vulnerabilities
by Hrvoje Spoljar
EIP-2026-113803 EXPLOITDB text
WordPress Plugin grapefile 1.1 - Arbitrary File Upload
by Hrvoje Spoljar
EIP-2026-113222 EXPLOITDB text VERIFIED
Web Professional - 'default.php' SQL Injection
by The_Exploited
EIP-2026-112721 EXPLOITDB text VERIFIED
TinyWebGallery 1.8.4 - Local File Inclusion / SQL Injection
by KedAns-Dz
EIP-2026-111859 EXPLOITDB text VERIFIED
S9Y Serendipity 1.5.1 - 'research_display.php' SQL Injection
by The_Exploited
EIP-2026-117085 EXPLOITDB c VERIFIED
DVD X Player 5.5.0 Professional / Standard - '.plf' File Universal (ASLR + DEP Bypass)
by sickness
CVE-2011-2975 EXPLOITDB perl VERIFIED
MapServer < 6.0.1 - Use-After-Free in msAddImageSymbol
Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer before 6.0.1 might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact via crafted mapfile data.
by rouault
EIP-2026-114287 EXPLOITDB text VERIFIED
WordPress Plugin yolink Search 1.1.4 - SQL Injection
by Miroslav Stampar
EIP-2026-113990 EXPLOITDB text VERIFIED
WordPress Plugin PureHTML 1.0.0 - SQL Injection
by Miroslav Stampar
EIP-2026-113725 EXPLOITDB text VERIFIED
WordPress Plugin Event Registration 5.4.3 - SQL Injection
by Miroslav Stampar
EIP-2026-113670 EXPLOITDB text VERIFIED
WordPress Plugin Crawl Rate Tracker 2.0.2 - SQL Injection
by Miroslav Stampar
EIP-2026-113664 EXPLOITDB text VERIFIED
WordPress Plugin Couponer 1.2 - SQL Injection
by Miroslav Stampar