Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-112249 EXPLOITDB text VERIFIED
Smarty Template Engine 2.6.9 - '$smarty.template' PHP Code Injection
by jonieske
EIP-2026-111255 EXPLOITDB text VERIFIED
PHPXref 0.7 - 'nav.html' Cross-Site Scripting
by MustLive
CVE-2011-1048 EXPLOITDB text VERIFIED
MihanTools 1.33 - SQL Injection via product.php id Parameter
SQL injection vulnerability in product.php in MihanTools 1.33 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by WHITE_DEVIL
EIP-2026-105307 EXPLOITDB text VERIFIED
Auto Database System 1.0 Infusion Addon - SQL Injection
by Saif
CVE-2010-4435 EXPLOITDB c
Sunos - Buffer Overflow
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from other software vendors that this affects other operating systems, such as HP-UX, or claims from a reliable third party that this is a buffer overflow in rpc.cmsd via long XDR-encoded ASCII strings in RPC call 10.
by Rodrigo Rubira Branco
EIP-2026-103394 EXPLOITDB perl VERIFIED
Air Contacts Lite - HTTP Packet Denial of Service
by Rodrigo Escobar
CVE-2008-5416 EXPLOITDB ruby VERIFIED
Microsoft SQL Server <9.00.1399.06 - Buffer Overflow
Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 and SP2; and Windows Internal Database (WYukon) SP2 allows remote authenticated users to cause a denial of service (access violation exception) or execute arbitrary code by calling the sp_replwritetovarbin extended stored procedure with a set of invalid parameters that trigger memory overwrite, aka "SQL Server sp_replwritetovarbin Limited Memory Overwrite Vulnerability."
by Metasploit
CVE-2000-1209 EXPLOITDB ruby VERIFIED
Microsoft SQL Server <7.0 - Privilege Escalation
The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
by Metasploit
CVE-2010-3971 EXPLOITDB ruby VERIFIED
Internet Explorer 6-8 - Use-After-Free in CSS Parser via Self-Referential @import Rule
Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka "CSS Memory Corruption Vulnerability."
by Metasploit
CVE-2011-0531 EXPLOITDB ruby VERIFIED
VLC media player < 1.1.6.1 - Remote Code Execution via Crafted MKV File
demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska) file that triggers memory corruption, related to "class mismatching" and the MKV_IS_ID macro.
by Metasploit
CVE-2010-3970 EXPLOITDB ruby VERIFIED
Windows XP/2003/Vista/2008 - Remote Code Execution via Crafted Thumbnail Bitmap
Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability."
by Metasploit
EIP-2026-113243 EXPLOITDB text VERIFIED
WebAsyst Shop-Script - Cross-Site Scripting / HTML Injection
by High-Tech Bridge SA
EIP-2026-113061 EXPLOITDB text VERIFIED
ViArt Shop 4.0.5 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
EIP-2026-112896 EXPLOITDB text VERIFIED
UMI CMS 2.8.1.2 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
EIP-2026-109538 EXPLOITDB text
Model Agentur Script - SQL Injection
by NoNameMT
EIP-2026-106555 EXPLOITDB html
dotProject 2.1.5 - Cross-Site Request Forgery
by AutoSec Tools
EIP-2026-105864 EXPLOITDB text VERIFIED
CiviCRM 3.3.3 - Multiple Cross-Site Scripting Vulnerabilities
by AutoSec Tools
EIP-2026-105029 EXPLOITDB html
AIOCP 1.4.001 - Cross-Site Request Forgery
by AutoSec Tools
EIP-2026-118343 EXPLOITDB c VERIFIED
Cain & Abel 2.7.3 - 'dagc.dll' DLL Loading Arbitrary Code Execution
by d3c0der
EIP-2026-116796 EXPLOITDB html VERIFIED
AoA Mp4 Converter 4.1.0 - ActiveX Stack Overflow
by Carlos Mario Penagos Hollmann
EIP-2026-116795 EXPLOITDB html VERIFIED
AoA DVD Creator 2.5 - ActiveX Stack Overflow
by Carlos Mario Penagos Hollmann
EIP-2026-112541 EXPLOITDB text
T-Content Managment System - Multiple Vulnerabilities
by Daniel Godoy
EIP-2026-112513 EXPLOITDB text
SWFupload 2.5.0 Beta 3 - Arbitrary File Upload
by Daniel Godoy
EIP-2026-109772 EXPLOITDB text
MyMarket 1.71 - 'index.php' SQL Injection
by ahmadso
EIP-2026-108031 EXPLOITDB text VERIFIED
jakcms 2.0 pro rc5 - Persistent Cross-Site Scripting via useragent http header Injection
by Saif El-Sherei