Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2011-0923 EXPLOITDB bash
HP Data Protector - Remote Code Execution via EXEC_CMD Argument Injection
The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."
by SZ
CVE-2011-1976 EXPLOITDB text VERIFIED
Microsoft Visual Studio 2005 SP1-Report Viewer 2005 SP1 - XSS
Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer Controls XSS Vulnerability."
by Adam Bixby
CVE-2011-1276 EXPLOITDB perl VERIFIED
Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2 - Remote Code Execution via Crafted Spreadsheet
Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel spreadsheet, related to improper validation of record information, aka "Excel Buffer Overrun Vulnerability."
by webDEViL
EIP-2026-114848 EXPLOITDB python
Acoustica Mixcraft 1.00 - Local Crash
by NassRawI
EIP-2026-110288 EXPLOITDB text VERIFIED
OpenEMR 4.0 - Multiple Cross-Site Scripting Vulnerabilities
by Houssam Sahli
EIP-2026-108852 EXPLOITDB text
Joomla! Component Search 3.0.0 - SQL Injection
by NoGe
EIP-2026-107063 EXPLOITDB text VERIFIED
FCKEditor Core - 'FileManager test.html' Arbitrary File Upload (2)
by pentesters.ir
EIP-2026-105531 EXPLOITDB text
BlogPHP 2.0 - Persistent Cross-Site Scripting
by Paulzz
CVE-2011-2132 EXPLOITDB text VERIFIED
Adobe Flash Media Server - Memory Corruption
Adobe Flash Media Server (FMS) before 3.5.7, and 4.x before 4.0.3, allows attackers to cause a denial of service (memory corruption) via unspecified vectors.
by Knud Erik Hojgaard
EIP-2026-101329 EXPLOITDB python
iphone/ipad phone drive 1.1.1 - Directory Traversal
by Khashayar Fereidani
EIP-2026-115558 EXPLOITDB python
LiteServe 2.81 - 'PASV' Denial of Service
by Craig Freyman
EIP-2026-114484 EXPLOITDB text VERIFIED
XpressEngine 1.4.5.7 - Persistent Cross-Site Scripting
by v0nSch3lling
EIP-2026-111961 EXPLOITDB text VERIFIED
Search Network 2.0 - 'query' Cross-Site Scripting
by darkTR
EIP-2026-105561 EXPLOITDB text VERIFIED
BlueSoft Rate My Photo Site - 'ty' SQL Injection
by darkTR
EIP-2026-105560 EXPLOITDB text VERIFIED
BlueSoft Banner Exchange - 'referer_id' SQL Injection
by darkTR
EIP-2026-117189 EXPLOITDB perl VERIFIED
Free CD to MP3 Converter 3.1 - Universal DEP Bypass
by C4SS!0 G0M3S
EIP-2026-112116 EXPLOITDB text
Simple Machines Forum (SMF) 2.0 - Session Hijacking
by seth
CVE-2010-4107 EXPLOITDB ruby
HP 9000 - Path Traversal
The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack.
by Myo Soe
CVE-2010-4107 EXPLOITDB ruby
HP 9000 - Path Traversal
The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack.
by Myo Soe
EIP-2026-114152 EXPLOITDB text VERIFIED
WordPress Plugin UPM Polls 1.0.3 - SQL Injection
by Miroslav Stampar
EIP-2026-113886 EXPLOITDB text VERIFIED
WordPress Plugin Media Library Categories 1.0.6 - SQL Injection
by Miroslav Stampar
EIP-2026-105754 EXPLOITDB text VERIFIED
Cart Software - Multiple Vulnerabilities
by hosinn
EIP-2026-105290 EXPLOITDB text
ATutor 2.0.2 - Multiple Vulnerabilities
by LiquidWorm
EIP-2026-104918 EXPLOITDB text
acontent 1.1 - Multiple Vulnerabilities
by LiquidWorm
EIP-2026-104907 EXPLOITDB text
AChecker 1.2 - Multiple Error-Based SQL Injection Vulnerabilities
by LiquidWorm