Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-107772 EXPLOITDB text VERIFIED
iGiveTest 2.1.0 - SQL Injection
by Brendan Coles
CVE-2011-4716 EXPLOITDB text VERIFIED
DreamBox DM800 Firmware < 1.6 - Path Traversal via File Parameter
Directory traversal vulnerability in file in DreamBox DM800 1.6rc3, 1.5rc1, and earlier allows remote attackers to read arbitrary files via the file parameter.
by ShellVision
CVE-2011-0073 EXPLOITDB VERIFIED
Mozilla Firefox <3.5.19 & <3.6.17, SeaMonkey <2.0.14 - RCE
Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."
by Abysssec
EIP-2026-118398 EXPLOITDB ruby VERIFIED
DATAC RealWin SCADA Server 2 - On_FC_CONNECT_FCS_a_FILE Buffer Overflow (Metasploit)
by Metasploit
EIP-2026-118323 EXPLOITDB html VERIFIED
Black Ice Fax Voice SDK 12.6 - Remote Code Execution
by mr_me
CVE-2008-2683 EXPLOITDB ruby VERIFIED
Black Ice Barcode SDK - Arbitrary File Write via BIDIB.BIDIBCtrl.1 DownloadImageFileURL Method
The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to force the download and storage of arbitrary files by specifying the origin URL in the first argument to the DownloadImageFileURL method, and the local filename in the second argument. NOTE: some of these details are obtained from third party information.
by mr_me
EIP-2026-116623 EXPLOITDB python VERIFIED
XnView 1.98 - Denial of Service (PoC)
by BraniX
EIP-2026-107761 EXPLOITDB ruby VERIFIED
IF-CMS 2.07 - Local File Inclusion (Metasploit) (2)
by TecR0c
EIP-2026-109934 EXPLOITDB text VERIFIED
Nibbleblog 3 - Multiple SQL Injections
by KedAns-Dz
EIP-2026-108562 EXPLOITDB text VERIFIED
Joomla! Component com_team - SQL Injection
by CoBRa_21
EIP-2026-108294 EXPLOITDB text VERIFIED
Joomla! Component com_calcbuilder - 'id' Blind SQL Injection
by Chip d3 bi0s
EIP-2026-105649 EXPLOITDB text VERIFIED
Burning Board 3.1.5 - Full Path Disclosure
by linc0ln.dll
EIP-2026-112549 EXPLOITDB text VERIFIED
Taha Portal 3.2 - 'sitemap.php' Cross-Site Scripting
by Bl4ck.Viper
EIP-2026-108190 EXPLOITDB text VERIFIED
Joomla! Component A Cool Debate 1.0.3 - Local File Inclusion
by Chip d3 bi0s
EIP-2026-107806 EXPLOITDB text VERIFIED
Immophp 1.1.1 - Cross-Site Scripting / SQL Injection
by KedAns-Dz
EIP-2026-105026 EXPLOITDB text VERIFIED
AiCart 2.0 - Multiple Vulnerabilities
by takeshix
CVE-2011-0959 EXPLOITDB text VERIFIED
Cisco Unified Operations Manager < 8.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716.
by Sense of Security
CVE-2011-0959 EXPLOITDB text VERIFIED
Cisco Unified Operations Manager < 8.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716.
by Sense of Security
CVE-2011-0959 EXPLOITDB text VERIFIED
Cisco Unified Operations Manager < 8.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716.
by Sense of Security
CVE-2011-0959 EXPLOITDB text VERIFIED
Cisco Unified Operations Manager < 8.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716.
by Sense of Security
CVE-2011-0959 EXPLOITDB text VERIFIED
Cisco Unified Operations Manager < 8.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716.
by Sense of Security
CVE-2011-2960 EXPLOITDB text VERIFIED
Sunway ForceControl 6.1 SP1-SP3 - Heap-Based Buffer Overflow via Crafted URL
Heap-based buffer overflow in httpsvr.exe 6.0.5.3 in Sunway ForceControl 6.1 SP1, SP2, and SP3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted URL.
by Dillon Beresford
CVE-2011-1260 EXPLOITDB ruby VERIFIED
Microsoft Internet Explorer 8 and 9 - Remote Code Execution via Memory Corruption
Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability."
by Metasploit
CVE-2011-1956 EXPLOITDB text VERIFIED
Wireshark 1.4.5 - Denial of Service via NULL Pointer Dereference in bytes_repr_len
The bytes_repr_len function in Wireshark 1.4.5 uses an incorrect pointer argument, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via arbitrary TCP traffic.
by rouli
EIP-2026-113296 EXPLOITDB text VERIFIED
WeBid 1.0.2 - Persistent Cross-Site Scripting (via SQL Injection)
by Saif