Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-116038 EXPLOITDB c
Panda Global Protection 2010 - Local Denial of Service (unfiltered wcscpy())
by Heurs
EIP-2026-116037 EXPLOITDB c
Panda Global Protection 2010 - Local Denial of Service
by Heurs
CVE-2011-0652 EXPLOITDB c
Look 'n' Stop Firewall 2.06p4 and 2.07 - Denial of Service via Crafted IOCTL Request
lnsfw1.sys 6.0.2900.5512 in Look 'n' Stop Firewall 2.06p4 and 2.07 allows local users to cause a denial of service (crash) via a crafted 0x80000064 IOCTL request that triggers an assertion failure. NOTE: some of these details are obtained from third party information.
by Heurs
CVE-2011-0644 EXPLOITDB text VERIFIED
PHPCMS 2008 V2 - SQL Injection via modelid Parameter
SQL injection vulnerability in include/admin/model_field.class.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the modelid parameter to flash_upload.php.
by R3d-D3V!L
CVE-2010-3962 EXPLOITDB HIGH ruby VERIFIED
Microsoft Internet Explorer 6, 7, and 8 - Use-After-Free via CSS Clip Attribute
Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
by Metasploit
CVSS 8.1
EIP-2026-111308 EXPLOITDB text VERIFIED
Pixie CMS 1.0.4 - '/admin/index.php' SQL Injection
by High-Tech Bridge SA
CVE-2011-0645 EXPLOITDB text VERIFIED
PHPCMS 2008 V2 - SQL Injection via where_time Parameter
SQL injection vulnerability in data.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the where_time parameter in a get action.
by R3d-D3V!L
CVE-2011-0646 EXPLOITDB text VERIFIED
PHP LOW BIDS - SQL Injection via viewfaqs.php cat Parameter
SQL injection vulnerability in viewfaqs.php in PHP LOW BIDS allows remote attackers to execute arbitrary SQL commands via the cat parameter.
by h4ck3r
CVE-2010-4321 EXPLOITDB html VERIFIED
Novell iPrint Client 5.52 - Stack-based Buffer Overflow via ienipp.ocx ActiveX Control
Stack-based buffer overflow in an ActiveX control in ienipp.ocx in Novell iPrint Client 5.52 allows remote attackers to execute arbitrary code via a long argument to (1) the GetDriverSettings2 method, as reachable by (2) the GetDriverSettings method.
by Dr_IDE
EIP-2026-118521 EXPLOITDB perl VERIFIED
ESTsoft ALZip 8.12.0.3 - '.zip' Remote Buffer Overflow
by C4SS!0 G0M3S
EIP-2026-115334 EXPLOITDB python VERIFIED
Golden FTP Server 4.70 - Malformed Message Denial of Service
by Craig Freyman
CVE-2011-0635 EXPLOITDB text
Simploo CMS < 1.7.1 - Authenticated PHP Code Injection via FTP-Server Parameter
Static code injection vulnerability in Simploo CMS 1.7.1 and earlier allows remote authenticated users to inject arbitrary PHP code into config/custom/base.ini.php via the ftpserver parameter (FTP-Server field) to the sicore/updates/optionssav operation for index.php.
by David Vieira-Kurz
EIP-2026-110926 EXPLOITDB text VERIFIED
PHPAuctions - 'viewfaqs.php' SQL Injection
by h4ck3r
EIP-2026-110652 EXPLOITDB text VERIFIED
PHP auctions - 'viewfaqs.php' Blind SQL Injection
by h4ck3r
CVE-2011-1159 EXPLOITDB c VERIFIED
acpid < 2.0.9 - Denial of Service via Unread Socket Connection
acpid.c in acpid before 2.0.9 does not properly handle a situation in which a process has connected to acpid.socket but is not reading any data, which allows local users to cause a denial of service (daemon hang) via a crafted application that performs a connect system call but no read system calls.
by Vasiliy Kulikov
EIP-2026-116693 EXPLOITDB perl VERIFIED
A-PDF All to MP3 Converter 2.0.0 - '.wav' Local Buffer Overflow
by h1ch4m
EIP-2026-115354 EXPLOITDB html
Google Chrome 8.0.552.237 - address Overflow Denial of Service
by Vuk Ivanovic
CVE-2011-0642 EXPLOITDB html
N-13 News 3.4, 3.7, 4.0 - Cross-Site Request Forgery via User Creation
Cross-site request forgery (CSRF) vulnerability in news/admin.php in N-13 News 3.4, 3.7, and 4.0 allows remote attackers to hijack the authentication of administrators for requests that create new users via the options action. NOTE: some of these details are obtained from third party information.
by anT!-Tr0J4n
CVE-2011-0511 EXPLOITDB text VERIFIED
com_allcinevid 1.0.0 - SQL Injection via id Parameter
SQL injection vulnerability in the allCineVid component (com_allcinevid) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by Salvatore Fresta
CVE-2010-4335 EXPLOITDB text
CakePHP 1.2.8-1.3.5 - Remote Code Execution via Unserialize in Security Component
The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files.
by felix
EIP-2026-104178 EXPLOITDB text VERIFIED
B-Cumulus - 'tagcloud' Multiple Cross-Site Scripting Vulnerabilities
by MustLive
CVE-2011-0020 EXPLOITDB text VERIFIED
Pango < 1.28.3 - Heap-Based Buffer Overflow via Crafted Font File
Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.
by Dan Rosenberg
CVE-2011-5283 EXPLOITDB html
Smoothwall Express 3.1 and 3.0 SP3 - Cross-Site Scripting via IP Parameter in ipinfo.cgi
Cross-site scripting (XSS) vulnerability in the web management interface in httpd/cgi-bin/ipinfo.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to inject arbitrary web script or HTML via the IP parameter in a Run action.
by dave b
CVE-2011-0645 EXPLOITDB text VERIFIED
PHPCMS 2008 V2 - SQL Injection via where_time Parameter
SQL injection vulnerability in data.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the where_time parameter in a get action.
by R3d-D3V!L
CVE-2011-0512 EXPLOITDB text VERIFIED
Teams Structure module 3.0 - SQL Injection via team_id Parameter
SQL injection vulnerability in team.php in the Teams Structure module 3.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the team_id parameter.
by Saif