Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-106359 EXPLOITDB html VERIFIED
Dataface - Local File Inclusion
by ITSecTeam
EIP-2026-105525 EXPLOITDB text VERIFIED
Blog:CMS 4.2 - Multiple Cross-Site Scripting Vulnerabilities
by Stefan Schurtz
CVE-2011-2039 EXPLOITDB ruby VERIFIED
Cisco AnyConnect Secure Mobility Client <2.3.185 - RCE
The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904.
by Metasploit
EIP-2026-118008 EXPLOITDB python VERIFIED
The KMPlayer 3.0.0.1440 (Windows XP SP3) - '.mp3' File Buffer Overflow (DEP Bypass)
by dookie & ronin
EIP-2026-114820 EXPLOITDB perl VERIFIED
1ClickUnzip 3.00 - '.zip' Heap Overflow
by C4SS!0 G0M3S
EIP-2026-113026 EXPLOITDB text VERIFIED
vBulletin vBExperience 3 - 'sortorder' Cross-Site Scripting
by Mr.ThieF
EIP-2026-112415 EXPLOITDB text VERIFIED
Squiz Matrix 4 - 'colour_picker.php' Cross-Site Scripting
by Patrick Webster
EIP-2026-111408 EXPLOITDB text VERIFIED
PopScript - 'index.php' Multiple Input Validation Vulnerabilities
by NassRawI
EIP-2026-109832 EXPLOITDB text VERIFIED
Nakid CMS 1.0.2 - 'CKEditorFuncNum' Cross-Site Scripting
by AutoSec Tools
EIP-2026-109641 EXPLOITDB text VERIFIED
Multiple WordPress WooThemes Themes - 'test.php' Cross-Site Scripting
by MustLive
EIP-2026-108233 EXPLOITDB text VERIFIED
Joomla! Component CCBoard - SQL Injection / Arbitrary File Upload
by KedAns-Dz
EIP-2026-119452 EXPLOITDB text VERIFIED
WebSVN 2.3.2 - Unproper Metacharacters Escaping 'exec()' Remote Command Injection
by rgod
EIP-2026-119323 EXPLOITDB python VERIFIED
Xitami Web Server 2.5b4 - Remote Buffer Overflow (Egghunter)
by Glafkos Charalambous
EIP-2026-117721 EXPLOITDB c++ VERIFIED
OpenDrive 1.3.141 - Local Password Disclosure
by Glafkos Charalambous
EIP-2026-119322 EXPLOITDB perl VERIFIED
Xitami Web Server 2.5b4 - Remote Buffer Overflow
by mr.pr0n
CVE-2006-6576 EXPLOITDB ruby VERIFIED
Golden FTP Server <1.92 - Buffer Overflow
Heap-based buffer overflow in Golden FTP Server (goldenftpd) 1.92 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long PASS command. NOTE: it was later reported that 4.70 is also affected. NOTE: the USER vector is already covered by CVE-2005-0634.
by Metasploit
EIP-2026-112937 EXPLOITDB text VERIFIED
Ushahidi 2.0.1 - 'range' SQL Injection
by Gjoko Krstic
CVE-2011-2183 EXPLOITDB c VERIFIED
Linux Kernel < 2.6.39.3 - Race Condition in KSM scan_get_next_rmap_item
Race condition in the scan_get_next_rmap_item function in mm/ksm.c in the Linux kernel before 2.6.39.3, when Kernel SamePage Merging (KSM) is enabled, allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted application.
by Andrea Righi
EIP-2026-101367 EXPLOITDB text VERIFIED
MODACOM URoad-5000 1450 - Remote Command Execution / Backdoor Access
by Alex Stanev
CVE-2011-10005 EXPLOITDB MEDIUM python VERIFIED
EasyFTP 1.7.0.2 - Buffer Overflow via MKD Command Handler
A vulnerability, which was classified as critical, was found in EasyFTP 1.7.0.2. Affected is an unknown function of the component MKD Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250716.
by b33f
CVSS 6.3
EIP-2026-112585 EXPLOITDB text VERIFIED
TEDE Simplificado 1.01/S2.04 - Multiple SQL Injections
by KnocKout
EIP-2026-111272 EXPLOITDB perl VERIFIED
PikaCMS - Multiple Local File Disclosure Vulnerabilities
by KnocKout
EIP-2026-105234 EXPLOITDB text VERIFIED
ARSC Really Simple Chat 3.3-rc2 - Cross-Site Scripting / Multiple SQL Injections
by High-Tech Bridge SA
CVE-2011-2179 EXPLOITDB text VERIFIED
Icinga < 1.4.0 - Cross-Site Scripting via Expand Parameter
Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action.
by Stefan Schurtz
EIP-2026-101381 EXPLOITDB text VERIFIED
Netgear WNDAP350 Wireless Access Point - Multiple Information Disclosure Vulnerabilities
by Juerd Waalboer