Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2011-0420 EXPLOITDB text VERIFIED
PHP 5.3.5 - Denial of Service via Invalid Size Argument in grapheme_extract
The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference.
by Maksymilian Arciemowicz
EIP-2026-118233 EXPLOITDB python VERIFIED
ActFax Server FTP 4.25 Build 0221 (2010-02-11) - (Authenticated) Remote Buffer Overflow
by chap0
EIP-2026-118231 EXPLOITDB perl VERIFIED
ActFax Server (LPD/LPR) 4.25 Build 0221 (2010-02-11) - Remote Buffer Overflow
by chap0
EIP-2026-109784 EXPLOITDB text VERIFIED
mySeatXT 0.164 - 'lang' Local File Inclusion
by AutoSec Tools
CVE-2011-3187 EXPLOITDB ruby VERIFIED
Ruby on Rails 3.0.5 - Improper Input Validation in X-Forwarded-For Header
The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header.
by Jimmy Bandit
CVE-2010-4738 EXPLOITDB text VERIFIED
Rae Media INC Real Estate <3.0 - SQL Injection
Multiple SQL injection vulnerabilities in Rae Media INC Real Estate Single and Multi Agent System 3.0 allow remote attackers to execute arbitrary SQL commands via the probe parameter to (1) multi/city.asp in the Multi Agent System and (2) resulttype.asp in the Single Agent System.
by R4dc0re
CVE-2010-4738 EXPLOITDB text VERIFIED
Rae Media INC Real Estate <3.0 - SQL Injection
Multiple SQL injection vulnerabilities in Rae Media INC Real Estate Single and Multi Agent System 3.0 allow remote attackers to execute arbitrary SQL commands via the probe parameter to (1) multi/city.asp in the Multi Agent System and (2) resulttype.asp in the Single Agent System.
by R4dc0re
EIP-2026-117728 EXPLOITDB python VERIFIED
Oracle 10/11g - 'exp.exe?file' Local Buffer Overflow
by mr_me
EIP-2026-116852 EXPLOITDB python VERIFIED
AutoPlay 1.33 (autoplay.ini) - Local Buffer Overflow (SEH)
by badc0re
EIP-2026-113431 EXPLOITDB text VERIFIED
Wikipad 1.6.0 - Cross-Site Scripting / HTML Injection / Information Disclosure
by High-Tech Bridge SA
EIP-2026-111989 EXPLOITDB text
Seo Panel 2.2.0 - SQL Injection
by High-Tech Bridge SA
EIP-2026-111145 EXPLOITDB text VERIFIED
phpMyBitTorrent 2.0.4 - SQL Injection
by #forkbombers
EIP-2026-110620 EXPLOITDB text VERIFIED
Photopad 1.2 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
EIP-2026-110026 EXPLOITDB text
omegabill 1.0 build 6 - Multiple Vulnerabilities
by AutoSec Tools
EIP-2026-109438 EXPLOITDB text VERIFIED
MG2 0.5.1 - Multiple Cross-Site Scripting Vulnerabilities
by LiquidWorm
EIP-2026-107456 EXPLOITDB text VERIFIED
Gollos 2.8 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
EIP-2026-107392 EXPLOITDB text VERIFIED
Getsimple CMS 2.03 - 'upload-ajax.php' Arbitrary File Upload
by s3rg3770 & Chuzz
CVE-2011-1055 EXPLOITDB python VERIFIED
lingxia_i.c.e_cms 1.0 - SQL Injection via session.user_id Parameter
SQL injection vulnerability in api/ice_media.cfc in Lingxia I.C.E CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the session.user_id parameter to media.cfm.
by mr_me
CVE-2011-0654 EXPLOITDB python VERIFIED
Windows Server 2003 - Remote Code Execution via Malformed BROWSER ELECTION Message
Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information.
by Cupidon-3005
EIP-2026-111836 EXPLOITDB text
RunCMS 2.2.2 - Multiple Vulnerabilities
by High-Tech Bridge SA
EIP-2026-108933 EXPLOITDB text VERIFIED
jSchool Advanced - SQL Injection
by eXa.DisC
EIP-2026-105333 EXPLOITDB text
AWCM 2.2 Final - Persistent Cross-Site Scripting
by _84kur10_
EIP-2026-117009 EXPLOITDB perl VERIFIED
CuteZip 2.1 - Local Buffer Overflow
by C4SS!0 G0M3S
CVE-2011-1062 EXPLOITDB text
TaskFreak! 0.6.4 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in include/html/header.php in TaskFreak! 0.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sContext, (2) sort, (3) dir, and (4) show parameters in a save action to index.php; the (5) dir and (6) show parameters to print_list.php; and the (7) HTTP referer header to rss.php. NOTE: some of these details are obtained from third party information.
by LiquidWorm
CVE-2011-1062 EXPLOITDB text VERIFIED
TaskFreak! 0.6.4 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in include/html/header.php in TaskFreak! 0.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sContext, (2) sort, (3) dir, and (4) show parameters in a save action to index.php; the (5) dir and (6) show parameters to print_list.php; and the (7) HTTP referer header to rss.php. NOTE: some of these details are obtained from third party information.
by LiquidWorm