Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-105181 EXPLOITDB text VERIFIED
AneCMS 1.3 - Persistent Cross-Site Scripting
by Penguin
CVE-2011-1020 EXPLOITDB text
Linux Kernel < 2.6.37 - Unauthorized Information Exposure via Proc Filesystem
The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls.
by halfdog
CVE-2011-5284 EXPLOITDB html
Smoothwall < 3.1 - Cross-Site Request Forgery via shutdown.cgi
Cross-site request forgery (CSRF) vulnerability in the web management interface in httpd/cgi-bin/shutdown.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to hijack the authentication of administrators for requests that perform a reboot via a request to cgi-bin/shutdown.cgi.
by dave b
CVE-2011-0515 EXPLOITDB text
Kingsoft AntiVirus 2011 SP5.2 - Denial of Service via KiFastCallEntry Hook
KisKrnl.sys 2011.1.13.89 and earlier in Kingsoft AntiVirus 2011 SP5.2 allows local users to cause a denial of service (crash) via a crafted request that is not properly handled by the KiFastCallEntry hook.
by MJ0011
EIP-2026-114851 EXPLOITDB html VERIFIED
ActiveX UserManager 2.03 - Buffer Overflow
by blake
CVE-2010-4331 EXPLOITDB text
Seopanel - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) default_news or (2) sponsors cookies, which are not properly handled by (a) controllers/index.ctrl.php or (b) controllers/settings.ctrl.php.
by Mark Stanislav
EIP-2026-108478 EXPLOITDB text VERIFIED
Joomla! Component com_people 1.0.0 - Local File Inclusion
by ALTBTA
CVE-2011-0516 EXPLOITDB text
E-PROMPT C BetMore Site Suite 4.0-4.2.0 - SQL Injection via bid Parameter
SQL injection vulnerability in mainx_a.php in E-PROMPT C BetMore Site Suite 4.0 through 4.2.0 allows remote attackers to execute arbitrary SQL commands via the bid parameter.
by h4ck3r
CVE-2011-0510 EXPLOITDB text VERIFIED
Advanced Webhost Billing System < 2.9.2 - SQL Injection via cart.php oid Parameter
SQL injection vulnerability in cart.php in Advanced Webhost Billing System (AWBS) 2.9.2 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the oid parameter in an add_other action.
by ShivX
EIP-2026-104994 EXPLOITDB text VERIFIED
Advanced Webhost Billing System (AWBS) 2.9.2 - 'oid' SQL Injection
by ShivX
EIP-2026-102506 EXPLOITDB python VERIFIED
MeshCMS 3.5 - Remote Code Execution
by mr_me
EIP-2026-117150 EXPLOITDB ruby VERIFIED
eXtremeMP3 Player - Local Buffer Overflow (SEH)
by C4SS!0 G0M3S
EIP-2026-113060 EXPLOITDB html
ViArt Shop 4.0.5 - Cross-Site Request Forgery
by Or4nG.M4N
EIP-2026-107423 EXPLOITDB text VERIFIED
glfusion CMS 1.2.1 - 'img' Persistent Cross-Site Scripting
by Saif
EIP-2026-106093 EXPLOITDB text
CompactCMS 1.4.1 - Multiple Vulnerabilities
by Patrick de Brouwer
EIP-2026-106092 EXPLOITDB text VERIFIED
CompactCMS 1.4.1 - Multiple Cross-Site Scripting Vulnerabilities (2)
by Patrick de Brouwer
CVE-2010-3749 EXPLOITDB html
RealPlayer 11.0-11.1 and RealPlayer SP 1.0-1.1 - Remote Code Execution via RecordClip Method Parameter Injection
The browser-plugin implementation in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1 allows remote attackers to arguments to the RecordClip method, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a " (double quote) in an argument to the RecordClip method, aka "parameter injection."
by Sean de Regge
CVE-2010-3973 EXPLOITDB ruby VERIFIED
WMI Administrative Tools < 1.1 - Remote Code Execution via WBEMSingleView.ocx AddContextRef Method
The WMITools ActiveX control in WBEMSingleView.ocx 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted argument to the AddContextRef method, possibly an untrusted pointer dereference, aka "Microsoft WMITools ActiveX Control Vulnerability."
by Metasploit
EIP-2026-118295 EXPLOITDB python VERIFIED
Avira AntiVir Personal - Multiple Code Execution Vulnerabilities (2)
by D.Elser
EIP-2026-118294 EXPLOITDB c VERIFIED
Avira AntiVir Personal - Multiple Code Execution Vulnerabilities (1)
by D.Elser
CVE-2011-0517 EXPLOITDB text
Sielco Sistemi Winlog Pro < 2.07.00 - Remote Code Execution via Crafted 0x02 Opcode
Stack-based buffer overflow in Sielco Sistemi Winlog Pro 2.07.00 and earlier, when Run TCP/IP server is enabled, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted 0x02 opcode to TCP port 46823.
by Luigi Auriemma
CVE-2011-0489 EXPLOITDB python VERIFIED
Objectivity/DB 10.0 - Unauthenticated Administrative Command Execution via Lock Server or Advanced Multithreaded Server
The server components in Objectivity/DB 10.0 do not require authentication for administrative commands, which allows remote attackers to modify data, obtain sensitive information, or cause a denial of service by sending requests over TCP to (1) the Lock Server or (2) the Advanced Multithreaded Server, as demonstrated by commands that are ordinarily sent by the (a) ookillls and (b) oostopams applications. NOTE: some of these details are obtained from third party information.
by Jeremy Brown
EIP-2026-108826 EXPLOITDB text
Joomla! Component People 1.0.0 - SQL Injection
by Salvatore Fresta
CVE-2010-4335 EXPLOITDB ruby VERIFIED
CakePHP 1.2.8-1.3.5 - Remote Code Execution via Unserialize in Security Component
The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files.
by Metasploit
EIP-2026-105080 EXPLOITDB text VERIFIED
Alguest 1.1c-patched - 'elimina' SQL Injection
by Aliaksandr Hartsuyeu