Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-116699 EXPLOITDB perl VERIFIED
A-PDF Wav to MP3 Converter 1.2.0 - DEP Bypass
by h1ch4m
CVE-2011-0614 EXPLOITDB perl VERIFIED
Adobe Audition < 3.0.1 - Buffer Overflow via Crafted Audition Session File
Buffer overflow in Adobe Audition 3.0.1 and earlier allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Audition Session (aka .ses) file.
by LiquidWorm
EIP-2026-104251 EXPLOITDB text VERIFIED
Flash Tag Cloud And MT-Cumulus Plugin - 'tagcloud' Cross-Site Scripting
by MustLive
EIP-2026-101256 EXPLOITDB text
DreamBox DM500(+) - Arbitrary File Download
by LiquidWorm
CVE-2011-1511 EXPLOITDB text VERIFIED
Oracle Sun Products Suite <3.0.1 - RCE
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2.1.1 and 3.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to Administration.
by Core Security
EIP-2026-116695 EXPLOITDB perl VERIFIED
A-PDF All to MP3 Converter 2.0.0 - DEP Bypass
by h1ch4m
EIP-2026-116361 EXPLOITDB c
Symantec Backup Exec System Recovery 8.5 - Kernel Pointers Dereferences
by Stefan LE BERRE
EIP-2026-116244 EXPLOITDB text VERIFIED
SlimPDF Reader - Denial of Service (PoC)
by Nicolas Krassas
EIP-2026-106492 EXPLOITDB text VERIFIED
DocMGR 1.1.2 - 'history.php' Cross-Site Scripting
by AutoSec Tools
EIP-2026-105230 EXPLOITDB text VERIFIED
Argyle Social - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
CVE-2011-0419 EXPLOITDB php VERIFIED
Apache Portable Runtime < 1.4.3 - Denial of Service via fnmatch *? Sequence Handling
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
by Maksymilian Arciemowicz
CVE-2011-10022 EXPLOITDB HIGH ruby VERIFIED
SPlayer < 3.7 (Build 2055) - Stack-Based Buffer Overflow via HTTP Content-Type Header
SPlayer version 3.7 and earlier is vulnerable to a stack-based buffer overflow when processing HTTP responses containing an overly long Content-Type header. The vulnerability occurs due to improper bounds checking on the header value, allowing an attacker to overwrite the Structured Exception Handler (SEH) and execute arbitrary code. Exploitation requires the victim to open a media file that triggers an HTTP request to a malicious server, which responds with a crafted Content-Type header.
by Metasploit
EIP-2026-116955 EXPLOITDB perl VERIFIED
Chasys Media Player 2.0 - Local Buffer Overflow (SEH)
by h1ch4m
EIP-2026-100889 EXPLOITDB text VERIFIED
showoff! digital media software 1.5.4 - Multiple Vulnerabilities
by dr_insane
CVE-2011-2089 EXPLOITDB ruby VERIFIED
ICONICS BizViz <9.22, GENESIS32 <9.22 - RCE
Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument. NOTE: some of these details are obtained from third party information.
by Metasploit
EIP-2026-116237 EXPLOITDB text
serva32 1.2.00 rc1 - Multiple Vulnerabilities
by AutoSec Tools
EIP-2026-112775 EXPLOITDB text VERIFIED
Traidnt UP 2.0 - 'view.php' SQL Injection
by ScOrPiOn
EIP-2026-111400 EXPLOITDB text VERIFIED
poMMo Aardvark PR16.1 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
EIP-2026-105697 EXPLOITDB text VERIFIED
Calendarix 0.8.20080808 - Multiple Cross-Site Scripting / SQL Injections
by High-Tech Bridge SA
CVE-2011-1772 EXPLOITDB text VERIFIED
Apache Struts 2.x < 2.2.3 - Cross-Site Scripting via Action Name or s:submit Element Attributes
Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
by Dr. Marian Ventuneac
EIP-2026-116913 EXPLOITDB perl VERIFIED
BlueVoda Website Builder 11 - '.bvp' Local Stack Buffer Overflow
by KedAns-Dz
EIP-2026-114577 EXPLOITDB text VERIFIED
ZAPms 1.22 - 'nick' SQL Injection
by KedAns-Dz
EIP-2026-111250 EXPLOITDB python VERIFIED
phpWebSite 1.7.1 - 'upload.php' Arbitrary File Upload
by AutoSec Tools
EIP-2026-108576 EXPLOITDB text VERIFIED
Joomla! Component com_versioning - SQL Injection
by the_cyber_nuxbie
EIP-2026-108366 EXPLOITDB text VERIFIED
Joomla! Component com_hello - SQL Injection
by the_cyber_nuxbie