Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2007-6165 EXPLOITDB ruby VERIFIED
Mail in Apple Mac OS X Leopard (10.5.1) - RCE
Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed. NOTE: this is a regression error related to CVE-2006-0395.
by Metasploit
CVE-2011-0751 EXPLOITDB bash VERIFIED
nostromo < 1.9.4 - Remote Code Execution and Arbitrary File Read via Encoded Dot-Dot-Slash
Directory traversal vulnerability in nhttpd (aka Nostromo webserver) before 1.9.4 allows remote attackers to execute arbitrary programs or read arbitrary files via a ..%2f (encoded dot dot slash) in a URI.
by RedTeam Pentesting GmbH
EIP-2026-119381 EXPLOITDB python VERIFIED
InterPhoto Image Gallery 2.4.2 - 'IPLANG' Local File Inclusion
by AutoSec Tools
CVE-2011-1271 EXPLOITDB HIGH text VERIFIED
Microsoft .NET Framework 3.5 Gold/SP1, 3.5.1, 4.0 - Remote Code Execution via JIT Compiler Null String Handling
The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions, and consequently execute arbitrary code, in opportunistic circumstances by leveraging a crafted application, as demonstrated by (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework JIT Optimization Vulnerability."
by Brian Mancini
CVSS 7.7
CVE-2010-3333 EXPLOITDB HIGH ruby VERIFIED
Microsoft Office - Stack-based Buffer Overflow via Crafted RTF Data
Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."
by Metasploit
CVSS 7.8
EIP-2026-113958 EXPLOITDB php VERIFIED
WordPress Plugin PHP Speedy 0.5.2 - 'admin_container.php' Remote Code Execution
by mr_me
EIP-2026-109192 EXPLOITDB text VERIFIED
Lms Web Ensino - Multiple Input Validation Vulnerabilities
by waKKu
EIP-2026-109138 EXPLOITDB text VERIFIED
Limelight Software - 'article.php' SQL Injection
by eXeSoul
EIP-2026-104934 EXPLOITDB text VERIFIED
ADAN Neuronlabs - 'view.php' SQL Injection
by IRAQ_JAGUAR
CVE-2010-0738 EXPLOITDB MEDIUM perl VERIFIED
JBoss JMX Console Deployer Upload and Execute
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.
by kingcope
CVSS 5.3
EIP-2026-102204 EXPLOITDB python VERIFIED
iOS iFileExplorer Free - Directory Traversal
by theSmallNothin
EIP-2026-101207 EXPLOITDB text
COMTREND ADSL Router CT-5367 C01_R12 - Remote Code Execution
by Todor Donev
EIP-2026-114490 EXPLOITDB text VERIFIED
xtcModified 1.05 - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
EIP-2026-112496 EXPLOITDB text VERIFIED
Support Incident Tracker (SiT!) 3.62 - Multiple Cross-Site Scripting Vulnerabilities
by AutoSec Tools
EIP-2026-111467 EXPLOITDB text VERIFIED
Pragyan CMS 3.0 Beta - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
EIP-2026-111248 EXPLOITDB text VERIFIED
phpWebSite 1.7.1 - 'local' Cross-Site Scripting
by AutoSec Tools
EIP-2026-107882 EXPLOITDB text VERIFIED
Interleave 5.5.0.2 - 'basicstats.php' Multiple Cross-Site Scripting Vulnerabilities
by AutoSec Tools
CVE-2011-0404 EXPLOITDB ruby VERIFIED
NetSupport Manager Agent <=11.00 Remote Code Execution via Long Control Hostname
Stack-based buffer overflow in NetSupport Manager Agent for Linux 11.00, for Solaris 9.50, and for Mac OS X 11.00 allows remote attackers to execute arbitrary code via a long control hostname to TCP port 5405, probably a different vulnerability than CVE-2007-5252.
by Metasploit
CVE-2010-4566 EXPLOITDB ruby VERIFIED
Citrix Access Gateway <5.0 - Command Injection
The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field.
by Metasploit
EIP-2026-102209 EXPLOITDB text VERIFIED
iOS TIOD 1.3.3 - Directory Traversal
by R3d@l3rt_ H@ckk3y
EIP-2026-117434 EXPLOITDB perl
Magic Music Editor - Local Buffer Overflow
by C4SS!0 G0M3S
EIP-2026-113093 EXPLOITDB text VERIFIED
VidiScript - 'vp' Cross-Site Scripting
by NassRawI
EIP-2026-111698 EXPLOITDB text VERIFIED
Readmore Systems Script - SQL Injection
by vBzone & Zooka & El3arby
EIP-2026-111649 EXPLOITDB text VERIFIED
Quicktech - SQL Injection
by eXeSoul
EIP-2026-107196 EXPLOITDB text VERIFIED
Forritun - Multiple SQL Injections
by eXeSoul