Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-115894 EXPLOITDB python VERIFIED
MyWebServer 1.0.3 - Denial of Service
by X-h4ck
EIP-2026-115060 EXPLOITDB text VERIFIED
Citrix XenApp / XenDesktop XML Service - Heap Corruption
by n.runs AG
EIP-2026-115059 EXPLOITDB text VERIFIED
Citrix XenApp / XenDesktop - Stack Buffer Overflow
by n.runs AG
EIP-2026-108585 EXPLOITDB ruby VERIFIED
Joomla! Component com_virtuemart 1.1.7/1.5 - Blind SQL Injection (Metasploit)
by TecR0c
CVE-2011-2403 EXPLOITDB text VERIFIED
HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, 9.10 - Authenticated SQL Injection
SQL injection vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
by anonymous
EIP-2026-100549 EXPLOITDB text VERIFIED
Sitecore CMS 6.4.1 - 'url' Open Redirection
by Tom Neaves
EIP-2026-118903 EXPLOITDB text VERIFIED
MinaliC WebServer 2.0 - Remote Source Disclosure
by X-h4ck
EIP-2026-111099 EXPLOITDB text VERIFIED
PHPJunkYard GBook 1.6/1.7 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
EIP-2026-109364 EXPLOITDB text VERIFIED
MBoard 1.3 - 'url' Open Redirection
by High-Tech Bridge SA
EIP-2026-101427 EXPLOITDB bash VERIFIED
Sagem F@st 3304 Routers - PPPoE Credentials Information Disclosure
by securititracker
CVE-2011-2522 EXPLOITDB text VERIFIED
Samba 3.x < 3.5.10 - Cross-Site Request Forgery in SWAT
Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.
by Narendra Shinde
CVE-2011-0222 EXPLOITDB text
Safari < 5.0.6 - Remote Code Execution via WebKit Memory Corruption
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
by Abysssec
CVE-2011-5071 EXPLOITDB text VERIFIED
Support Incident Tracker < 3.64 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information.
by Yuri Goltsev
CVE-2011-5071 EXPLOITDB text VERIFIED
Support Incident Tracker < 3.64 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information.
by Yuri Goltsev
CVE-2011-5071 EXPLOITDB text VERIFIED
Support Incident Tracker < 3.64 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information.
by Yuri Goltsev
CVE-2011-5071 EXPLOITDB text VERIFIED
Support Incident Tracker < 3.64 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information.
by Yuri Goltsev
EIP-2026-110795 EXPLOITDB text
PHP-Barcode 0.3pl1 - Remote Code Execution
by beford
EIP-2026-110332 EXPLOITDB text
OpenX Ad Server 2.8.7 - Cross-Site Request Forgery
by Narendra Shinde
EIP-2026-104328 EXPLOITDB text
ManageEngine ServiceDesk Plus 8.0.0 Build 8013 - Improper User Privileges
by Narendra Shinde
EIP-2026-102467 EXPLOITDB php VERIFIED
CA ARCserve D2D r15 GWT RPC - Multiple Vulnerabilities
by rgod
CVE-2011-3011 EXPLOITDB ruby VERIFIED
CA ARCserve D2D r15 - Exposure of Sensitive Information via Session Handling
BaseServiceImpl.class in CA ARCserve D2D r15 does not properly handle sessions, which allows remote attackers to obtain credentials, and consequently execute arbitrary commands, via unspecified vectors.
by Metasploit
EIP-2026-115056 EXPLOITDB python VERIFIED
Ciscokits 1.0 - TFTP Server File Name Denial of Service
by Craig Freyman
EIP-2026-113441 EXPLOITDB text VERIFIED
Willscript Recipes Website Script Silver Edition - 'viewRecipe.php' SQL Injection
by Lazmania61
EIP-2026-110107 EXPLOITDB text VERIFIED
Online Grades 3.2.5 - Multiple Cross-Site Scripting Vulnerabilities
by Gjoko Krstic
EIP-2026-109653 EXPLOITDB text VERIFIED
MusicBox 3.7 - Multiple Vulnerabilities
by R@1D3N