Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-112959 EXPLOITDB text VERIFIED
Vanilla Forums 2.0.16 - 'Target' Cross-Site Scripting
by YGN Ethical Hacker Group
EIP-2026-106071 EXPLOITDB text VERIFIED
comercioplus 5.6 - Multiple Vulnerabilities
by Daniel Godoy
EIP-2026-119418 EXPLOITDB text
sap crystal report server 2008 - Directory Traversal
by Dmitriy Chastuhin
CVE-2010-3599 EXPLOITDB text
Oracle Fusion Middleware <10.1.3.5 - RCE
Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect integrity and availability via unknown vectors related to Import Server. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from the original researcher that remote attackers can overwrite arbitrary files and execute arbitrary code via a full pathname in the first argument to the WriteJPG method in the NCSECWLib ActiveX control.
by Alexandr Polyakov
CVE-2010-3591 EXPLOITDB text
Oracle Document Capture - Info Disclosure
Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Internal Operations. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from the original researcher that remote attackers can overwrite or delete arbitrary files via a full pathname in the second argument to the DownloadSingleMessageToFile method in the EMPOP3Lib ActiveX component (empop3.dll).
by Evdokimov Dmitriy
CVE-2010-3591 EXPLOITDB text
Oracle Document Capture - Info Disclosure
Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Internal Operations. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from the original researcher that remote attackers can overwrite or delete arbitrary files via a full pathname in the second argument to the DownloadSingleMessageToFile method in the EMPOP3Lib ActiveX component (empop3.dll).
by Evdokimov Dmitriy
CVE-2010-3595 EXPLOITDB text
Oracle Fusion Middleware <10.1.3.5 - Info Disclosure
Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect confidentiality via unknown vectors related to Import Server. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from the original researcher that remote attackers can read arbitrary files via a full pathname in the first argument to the ImportBodyText method in the EasyMail ActiveX control (emsmtp.dll).
by Alexey Sintsov
EIP-2026-114443 EXPLOITDB text VERIFIED
Xnova Legacies 2009.2 - Cross-Site Request Forgery
by Xploit A Day
EIP-2026-112061 EXPLOITDB text VERIFIED
SimpGB 1.49.2 - 'Guestbook.php' Multiple Cross-Site Scripting Vulnerabilities
by MustLive
EIP-2026-111032 EXPLOITDB text VERIFIED
PHPDirector Game Edition - 'game.php' SQL Injection
by AtT4CKxT3rR0r1ST
EIP-2026-109643 EXPLOITDB text VERIFIED
MultiPowUpload 2.1 - Arbitrary File Upload
by DIES3L
EIP-2026-107266 EXPLOITDB text
Froxlor 0.9.15 - Remote File Inclusion
by DIES3L
EIP-2026-105888 EXPLOITDB text
class.upload.php 0.30 - Arbitrary File Upload
by DIES3L
CVE-2011-0903 EXPLOITDB text VERIFIED
AR Web Content Manager 2.2 - Path Traversal via awcm_theme or awcm_lang Cookie
Multiple directory traversal vulnerabilities in AR Web Content Manager (AWCM) 2.2 allow remote attackers to read arbitrary files and possibly have other unspecified impact via a .. (dot dot) in the (1) awcm_theme or (2) awcm_lang cookie to (a) index.php or (b) header.php.
by Cucura
EIP-2026-116007 EXPLOITDB ruby VERIFIED
Opera Web Browser 11.00 - Integer Overflow
by C4SS!0 G0M3S
CVE-2010-4709 EXPLOITDB python VERIFIED
Automated Solutions Modbus/TCP Master OPC Server < 3.0.2 - Heap-Based Buffer Overflow via Crafted MODBUS Response Packet
Heap-based buffer overflow in Automated Solutions Modbus/TCP Master OPC Server before 3.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a MODBUS response packet with a crafted length field.
by Jeremy Brown
EIP-2026-114177 EXPLOITDB text VERIFIED
WordPress Plugin Videox7 UGC 2.5.3.2 - 'listid' Cross-Site Scripting
by AutoSec Tools
EIP-2026-114002 EXPLOITDB php VERIFIED
WordPress Plugin Recip.ly 1.1.7 - 'uploadImage.php' Arbitrary File Upload
by AutoSec Tools
EIP-2026-113741 EXPLOITDB text VERIFIED
WordPress Plugin Featured Content 0.0.1 - 'listid' Cross-Site Scripting
by AutoSec Tools
EIP-2026-113739 EXPLOITDB text VERIFIED
WordPress Plugin FCChat Widget 2.1.7 - 'path' Cross-Site Scripting
by AutoSec Tools
EIP-2026-113595 EXPLOITDB text VERIFIED
WordPress Plugin BezahlCode Generator 1.0 - 'gen_name' Cross-Site Scripting
by AutoSec Tools
EIP-2026-113235 EXPLOITDB text VERIFIED
web@all 1.1 - 'url' Cross-Site Scripting
by AutoSec Tools
CVE-2011-0773 EXPLOITDB text VERIFIED
PivotX < 2.2.3 - Cross-Site Scripting via Image Parameter
Cross-site scripting (XSS) vulnerability in pivotx/modules/module_image.php in PivotX before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the image parameter.
by AutoSec Tools
CVE-2011-0772 EXPLOITDB text VERIFIED
PivotX < 2.2.2 - Cross-Site Scripting via Color or Src Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color parameter to includes/blogroll.php or (2) src parameter to includes/timwrapper.php.
by High-Tech Bridge SA
CVE-2011-0772 EXPLOITDB text VERIFIED
PivotX < 2.2.2 - Cross-Site Scripting via Color or Src Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color parameter to includes/blogroll.php or (2) src parameter to includes/timwrapper.php.
by High-Tech Bridge SA