Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-117238 EXPLOITDB html VERIFIED
Gesytec ElonFmt ActiveX 1.1.14 - 'ElonFmt.ocx' pid Item Buffer Overflow (SEH)
by LiquidWorm
EIP-2026-114607 EXPLOITDB text VERIFIED
ZenPhoto 1.4.0.3 - '_zp_themeroot' Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
EIP-2026-112519 EXPLOITDB text VERIFIED
SyCtel Design - 'menu' Multiple Local File Inclusions
by Ashiyane Digital Security Team
EIP-2026-109131 EXPLOITDB python VERIFIED
LightNEasy 3.2.3 - 'userhandle' Cookie SQL Injection
by AutoSec Tools
EIP-2026-116632 EXPLOITDB text VERIFIED
Yahoo! CD Player - ActiveX Control 'open()' Method Stack Buffer Overflow
by shinnai
EIP-2026-112873 EXPLOITDB text VERIFIED
Ultimate eShop - Error-Based SQL Injection
by Romka
CVE-2012-1416 EXPLOITDB html
SocialCMS 1.0.2 - Cross-Site Request Forgery in Administrator Account Management
Multiple cross-site request forgery (CSRF) vulnerabilities in SocialCMS 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrator accounts via a member_new action to my_admin/admin1_members.php or (2) modify the default site title via a save action to my_admin/admin1_configuration.php.
by vir0e5
EIP-2026-106495 EXPLOITDB html
docuFORM Mercury WebApp 6.16a/5.20 - Multiple Cross-Site Scripting Vulnerabilities
by LiquidWorm
EIP-2026-105314 EXPLOITDB text VERIFIED
Automagick Tube Script 1.4.4 - 'module' Cross-Site Scripting
by Kurd-Team
CVE-2011-1591 EXPLOITDB ruby VERIFIED
Wireshark 1.4.x < 1.4.5 - Stack-Based Buffer Overflow in DECT Dissector
Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file.
by Metasploit
CVE-2010-3654 EXPLOITDB text VERIFIED
Adobe Flash Player
Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010.
by Abysssec
CVE-2011-1591 EXPLOITDB ruby VERIFIED
Wireshark 1.4.x < 1.4.5 - Stack-Based Buffer Overflow in DECT Dissector
Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file.
by Metasploit
CVE-2011-1206 EXPLOITDB text VERIFIED
IBM Tivoli Directory Server 5.2-6.3 - Remote Code Execution via Crafted LDAP Request
Stack-based buffer overflow in the server process in ibmslapd.exe in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010, 6.0 before 6.0.0.67 (aka 6.0.0.8-TIV-ITDS-IF0009), 6.1 before 6.1.0.40 (aka 6.1.0.5-TIV-ITDS-IF0003), 6.2 before 6.2.0.16 (aka 6.2.0.3-TIV-ITDS-IF0002), and 6.3 before 6.3.0.3 (aka 6.3.0.0-TIV-ITDS-IF0003) allows remote attackers to execute arbitrary code via a crafted LDAP request. NOTE: some of these details are obtained from third party information.
by Francis Provencher
EIP-2026-114267 EXPLOITDB text VERIFIED
WordPress Plugin WP-StarsRateBox 1.1 - 'j' SQL Injection
by High-Tech Bridge SA
EIP-2026-113367 EXPLOITDB text VERIFIED
webSPELL 4.2.2a - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
EIP-2026-112890 EXPLOITDB text VERIFIED
Ultra Marketing Enterprises CMS and Cart - Multiple SQL Injections
by eXeSoul
EIP-2026-106348 EXPLOITDB text VERIFIED
dalbum 1.43 - Multiple Vulnerabilities
by High-Tech Bridge SA
EIP-2026-106347 EXPLOITDB text VERIFIED
Dalbum 1.43 - 'editini.php' Cross-Site Scripting
by High-Tech Bridge SA
EIP-2026-106237 EXPLOITDB text VERIFIED
CRESUS - 'recette_detail.php' SQL Injection
by GrayHatz Security Group
EIP-2026-105815 EXPLOITDB text VERIFIED
ChatLakTurk PHP Botlu Video - 'ara.php' Cross-Site Scripting
by kurdish hackers team
CVE-2011-0836 EXPLOITDB text VERIFIED
Oracle JD Edwards EnterpriseOne <8.98.4.1 - Info Disclosure
Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote authenticated users to affect integrity, related to Web Runtime SEC.
by Juan Manuel Garcia
CVE-2011-0836 EXPLOITDB text VERIFIED
Oracle JD Edwards EnterpriseOne <8.98.4.1 - Info Disclosure
Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote authenticated users to affect integrity, related to Web Runtime SEC.
by Juan Manuel Garcia
CVE-2011-0836 EXPLOITDB text VERIFIED
Oracle JD Edwards EnterpriseOne <8.98.4.1 - Info Disclosure
Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote authenticated users to affect integrity, related to Web Runtime SEC.
by Juan Manuel Garcia
CVE-2011-0836 EXPLOITDB text VERIFIED
Oracle JD Edwards EnterpriseOne <8.98.4.1 - Info Disclosure
Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote authenticated users to affect integrity, related to Web Runtime SEC.
by Juan Manuel Garcia
CVE-2011-0836 EXPLOITDB text VERIFIED
Oracle JD Edwards EnterpriseOne <8.98.4.1 - Info Disclosure
Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote authenticated users to affect integrity, related to Web Runtime SEC.
by Juan Manuel Garcia