Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2011-0065 EXPLOITDB ruby VERIFIED
Mozilla Firefox <3.5.19 & SeaMonkey <2.0.14 - Use After Free
Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mChannel.
by Rh0
EIP-2026-118361 EXPLOITDB python VERIFIED
CiscoKits 1.0 - TFTP Server Directory Traversal
by SecPod Research
EIP-2026-116408 EXPLOITDB text
threedify designer 5.0.2 - Multiple Vulnerabilities
by High-Tech Bridge SA
EIP-2026-115055 EXPLOITDB python VERIFIED
CiscoKits 1.0 - TFTP Server 'Write Command' Denial of Service
by SecPod Research
CVE-2011-5286 EXPLOITDB text VERIFIED
Social Slider < 7.4.0 - SQL Injection via rA Array Parameter
SQL injection vulnerability in social-slider-2/ajax.php in the Social Slider plugin before 7.4.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the rA array parameter.
by Miroslav Stampar
EIP-2026-113988 EXPLOITDB text VERIFIED
WordPress Plugin ProPlayer 4.7.7 - SQL Injection
by Miroslav Stampar
EIP-2026-113704 EXPLOITDB php VERIFIED
WordPress Plugin E-Commerce 3.8.4 - SQL Injection
by IHTeam
EIP-2026-112325 EXPLOITDB text VERIFIED
Softbiz Recipes Portal Script - Multiple Cross-Site Scripting Vulnerabilities
by Net.Edit0r
CVE-2010-3609 EXPLOITDB python
OpenSLP - Denial of Service via Extension Parser Infinite Loop
The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a "next extension offset" that references this extension or a previous extension. NOTE: some of these details are obtained from third party information.
by Nicolas Gregoire
EIP-2026-103026 EXPLOITDB perl VERIFIED
Unrar 3.9.3 - Local Stack Overflow
by ZadYree
CVE-2011-0807 EXPLOITDB ruby VERIFIED
Oracle Sun GlassFish Enterprise Server <3.0.1 - Info Disclosure
Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration.
by Metasploit
CVE-2011-0923 EXPLOITDB bash
HP Data Protector - Remote Code Execution via EXEC_CMD Argument Injection
The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."
by Adrian Puente Z.
EIP-2026-117198 EXPLOITDB ruby VERIFIED
FreeAmp 2.0.7 - '.fat' Local Buffer Overflow (Metasploit)
by James Fitts
EIP-2026-116706 EXPLOITDB ruby VERIFIED
ABBS Electronic Flashcards 2.1 - Local Buffer Overflow (Metasploit)
by James Fitts
EIP-2026-116703 EXPLOITDB ruby VERIFIED
ABBS Audio Media Player 3.0 - Local Buffer Overflow (Metasploit)
by James Fitts
EIP-2026-114212 EXPLOITDB text VERIFIED
WordPress Plugin WP E-Commerce 3.8.6 - 'cart_messages[]' Cross-Site Scripting
by High-Tech Bridge SA
EIP-2026-104227 EXPLOITDB text VERIFIED
DZYGroup CMS Portal - Multiple SQL Injections
by Netrondoank
EIP-2026-104137 EXPLOITDB text VERIFIED
Xpdf 3.02-13 - 'zxpdf' Security Bypass
by Chung-chieh Shan
EIP-2026-100226 EXPLOITDB text VERIFIED
Community Server 2007/2008 - 'TagSelector.aspx' Cross-Site Scripting
by PontoSec
CVE-2002-2268 EXPLOITDB ruby VERIFIED
Webster HTTP Server - Remote Code Execution via Long URL
Buffer overflow in Webster HTTP Server allows remote attackers to execute arbitrary code via a long URL.
by Metasploit
CVE-2004-0964 EXPLOITDB ruby VERIFIED
Zinf <2.2.1 - Remote Code Execution
Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for Linux, allows remote attackers or local users to execute arbitrary code via certain values in a .pls file.
by C4SS!0 & h1ch4m
EIP-2026-115989 EXPLOITDB python VERIFIED
Omnicom Alpha 4.0e LPD Server - Denial of Service
by Craig Freyman
CVE-2011-4106 EXPLOITDB text VERIFIED
TimThumb < 2.0 - Remote Code Execution via Domain Whitelist Bypass
TimThumb (timthumb.php) before 2.0 does not validate the entire source with the domain white list, which allows remote attackers to upload and execute arbitrary code via a URL containing a white-listed domain in the src parameter, then accessing it via a direct request to the file in the cache directory, as exploited in the wild in August 2011.
by MaXe
EIP-2026-109617 EXPLOITDB text VERIFIED
mt LinkDatenbank - 'b' Cross-Site Scripting
by Err0R
EIP-2026-108600 EXPLOITDB text VERIFIED
Joomla! Component com_xeslidegalfx - 'id' SQL Injection
by Ne0 H4ck3R