Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-118722 EXPLOITDB html VERIFIED
LeadTools Imaging LEADSmtp - ActiveX Control 'SaveMessage()' Insecure Method
by High-Tech Bridge SA
EIP-2026-118671 EXPLOITDB text VERIFIED
IBM Web Application Firewall - Bypass
by Trustwave's SpiderLabs
EIP-2026-117197 EXPLOITDB python VERIFIED
FreeAmp 2.0.7 - '.fat' Local Buffer Overflow
by Iván García Ferreira
EIP-2026-113256 EXPLOITDB text
Webcat - Multiple Blind SQL Injections
by w0rd
EIP-2026-112188 EXPLOITDB text VERIFIED
Sitemagic CMS - 'SMTpl' Directory Traversal
by Andrea Bocchetti
EIP-2026-109952 EXPLOITDB text
nodesforum 1.059 - Remote File Inclusion
by bd0rk
EIP-2026-109951 EXPLOITDB text VERIFIED
Nodesforum - '_nodesforum_node' SQL Injection
by Andrea Bocchetti
EIP-2026-107976 EXPLOITDB text VERIFIED
iSupport 1.8 - SQL Injection
by Brendan Coles
EIP-2026-105618 EXPLOITDB text VERIFIED
BrewBlogger 2.3.2 - Multiple Vulnerabilities
by Brendan Coles
EIP-2026-104829 EXPLOITDB text VERIFIED
2Point Solutions - 'cmspages.php' SQL Injection
by Newbie Campuz
CVE-2011-2757 EXPLOITDB text VERIFIED
ManageEngine ServiceDesk Plus <= 8.0.0.12 - Path Traversal via FileDownload.jsp FILENAME Parameter
Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the FILENAME parameter. NOTE: this might overlap the US-CERT VU#543310 issue.
by xistence
CVE-2011-2757 EXPLOITDB text VERIFIED
ManageEngine ServiceDesk Plus <= 8.0.0.12 - Path Traversal via FileDownload.jsp FILENAME Parameter
Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the FILENAME parameter. NOTE: this might overlap the US-CERT VU#543310 issue.
by Keith Lee
EIP-2026-100733 EXPLOITDB text VERIFIED
ActivDesk 3.0 - Multiple Vulnerabilities
by Brendan Coles
EIP-2026-119084 EXPLOITDB ruby VERIFIED
RealWin SCADA Server - DATAC Login Buffer Overflow (Metasploit)
by Metasploit
EIP-2026-115181 EXPLOITDB html VERIFIED
Easewe FTP OCX ActiveX Control 4.5.0.9 - 'EaseWeFtp.ocx' Multiple Insecure Method Vulnerabilities
by High-Tech Bridge SA
EIP-2026-111883 EXPLOITDB text VERIFIED
Same Team E-shop manager - SQL Injection
by Number 7
EIP-2026-107047 EXPLOITDB text VERIFIED
FanUpdate 3.0 - 'pageTitle' Cross-Site Scripting
by High-Tech Bridge SA
EIP-2026-106910 EXPLOITDB text VERIFIED
Eshop Manager - Multiple SQL Injections
by Number 7
EIP-2026-105675 EXPLOITDB text VERIFIED
Cachelogic Expired Domains Script 1.0 - Multiple Vulnerabilities
by Brendan Coles
EIP-2026-100345 EXPLOITDB text VERIFIED
H3C ER5100 - Authentication Bypass
by 128bit
CVE-2011-0517 EXPLOITDB ruby VERIFIED
Sielco Sistemi Winlog Pro < 2.07.00 - Remote Code Execution via Crafted 0x02 Opcode
Stack-based buffer overflow in Sielco Sistemi Winlog Pro 2.07.00 and earlier, when Run TCP/IP server is enabled, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted 0x02 opcode to TCP port 46823.
by Metasploit
EIP-2026-118532 EXPLOITDB ruby VERIFIED
FactoryLink - 'vrn.exe' Opcode 9 Buffer Overflow (Metasploit)
by Metasploit
CVE-2008-2683 EXPLOITDB ruby VERIFIED
Black Ice Barcode SDK - Arbitrary File Write via BIDIB.BIDIBCtrl.1 DownloadImageFileURL Method
The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to force the download and storage of arbitrary files by specifying the origin URL in the first argument to the DownloadImageFileURL method, and the local filename in the second argument. NOTE: some of these details are obtained from third party information.
by Metasploit
EIP-2026-114280 EXPLOITDB text
WordPress Plugin WPtouch 1.9.27 - URL redirection
by MaKyOtOx
EIP-2026-112189 EXPLOITDB text VERIFIED
Sitemagic CMS 2010.04.17 - 'SMExt' Cross-Site Scripting
by Gjoko Krstic