Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2011-10025 EXPLOITDB HIGH ruby VERIFIED
Subtitle Processor 7.7.1 - Buffer Overflow
Subtitle Processor 7.7.1 contains a buffer overflow vulnerability in its .m3u file parser. When a crafted playlist file is opened, the application converts input to Unicode and copies it to a fixed-size stack buffer without proper bounds checking. This allows an attacker to overwrite the Structured Exception Handler (SEH) and execute arbitrary code.
by Metasploit
CVE-2011-10012 EXPLOITDB HIGH perl VERIFIED
NetOp Remote Control Client 9.5 - Stack-based Buffer Overflow via .dws Configuration File
NetOp (now part of Impero Software) Remote Control Client v9.5 is vulnerable to a stack-based buffer overflow when processing .dws configuration files. If a .dws file contains a string longer than 520 bytes, the application fails to perform proper bounds checking, allowing an attacker to execute arbitrary code when the file is opened.
by chap0
EIP-2026-114225 EXPLOITDB text VERIFIED
WordPress Plugin WP Photo Album 1.5.1 - 'id' Cross-Site Scripting
by High-Tech Bridge SA
EIP-2026-113679 EXPLOITDB text VERIFIED
WordPress Plugin Daily Maui Photo Widget 0.2 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
EIP-2026-111067 EXPLOITDB text VERIFIED
phpGraphy 0.9.13b - 'theme_dir' Cross-Site Scripting
by High-Tech Bridge SA
EIP-2026-109055 EXPLOITDB text
kusaba x 0.9.1 - Multiple Vulnerabilities
by Emilio Pinna
EIP-2026-106990 EXPLOITDB text
eyeos 1.9.0.2 - Persistent Cross-Site Scripting Using Image Files
by Alberto Ortega
EIP-2026-105872 EXPLOITDB text VERIFIED
ClanSphere 2011.0 - Local File Inclusion / Arbitrary File Upload
by KedAns-Dz
CVE-2011-1761 EXPLOITDB c VERIFIED
libmodplug <0.8.8.3 - Buffer Overflow
Multiple stack-based buffer overflows in the (1) abc_new_macro and (2) abc_new_umacro functions in src/load_abc.cpp in libmodplug before 0.8.8.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ABC file. NOTE: some of these details are obtained from third party information.
by epiphant
EIP-2026-100750 EXPLOITDB text VERIFIED
BackupPC 3.x - 'index.cgi' Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
CVE-2011-10025 EXPLOITDB HIGH python VERIFIED
Subtitle Processor 7.7.1 - Buffer Overflow
Subtitle Processor 7.7.1 contains a buffer overflow vulnerability in its .m3u file parser. When a crafted playlist file is opened, the application converts input to Unicode and copies it to a fixed-size stack buffer without proper bounds checking. This allows an attacker to overwrite the Structured Exception Handler (SEH) and execute arbitrary code.
by Brandon Murphy
CVE-2010-0620 EXPLOITDB ruby VERIFIED
EMC HomeBase Server 6.2.x < 6.2.3 and 6.3.x < 6.3.2 - Path Traversal and Arbitrary File Write
Directory traversal vulnerability in the SSL Service in EMC HomeBase Server 6.2.x before 6.2.3 and 6.3.x before 6.3.2 allows remote attackers to overwrite arbitrary files with any content, and consequently execute arbitrary code, via a .. (dot dot) in an unspecified parameter.
by Metasploit
EIP-2026-112909 EXPLOITDB text VERIFIED
up.time Software 5 - Administration Interface Remote Authentication Bypass
by James Burton
EIP-2026-112522 EXPLOITDB text
Symphony CMS 2.1.2 - Blind SQL Injection
by Wireghoul
EIP-2026-109054 EXPLOITDB text VERIFIED
Kusaba X 0.9 - Multiple Cross-Site Scripting Vulnerabilities
by Emilio Pinna
EIP-2026-108920 EXPLOITDB text VERIFIED
Joostina (Multiple Components) - SQL Injection
by KedAns-Dz
CVE-2011-1609 EXPLOITDB text VERIFIED
Cisco Unified Communications Manager <6.1.5su2-8.5.1 - SQL Injection
SQL injection vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtg85647.
by Alberto Revelli
EIP-2026-114206 EXPLOITDB text VERIFIED
WordPress Plugin WP Ajax Recent Posts 1.0.1 - 'do' Cross-Site Scripting
by High-Tech Bridge SA
EIP-2026-114033 EXPLOITDB php
WordPress Plugin SermonBrowser 0.43 - SQL Injection
by Ma3sTr0-Dz
EIP-2026-114032 EXPLOITDB php VERIFIED
WordPress Plugin Sermon Browser 0.43 - Cross-Site Scripting / SQL Injection
by Ma3sTr0-Dz
EIP-2026-111638 EXPLOITDB text VERIFIED
Quick.CMS 3.0 - Cross-Site Request Forgery
by ^Xecuti0N3r
EIP-2026-111114 EXPLOITDB text VERIFIED
phpList 2.10.x - 'email' Cross-Site Scripting
by High-Tech Bridge SA
EIP-2026-110694 EXPLOITDB text VERIFIED
PHP F1 Max's Photo Album - 'showimage.php' Cross-Site Scripting
by High-Tech Bridge SA
EIP-2026-109945 EXPLOITDB text VERIFIED
Noah's Classifieds 5.0.4 - 'index.php' Multiple HTML Injection Vulnerabilities
by High-Tech Bridge SA
EIP-2026-107665 EXPLOITDB text VERIFIED
html-edit CMS 3.1.x - 'html_output' Cross-Site Scripting
by KedAns-Dz