Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-2743 EXPLOITDB c VERIFIED
Microsoft Windows XP SP3 - Privilege Escalation
The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889.
by Ruben Santamarta
CVE-2011-0507 EXPLOITDB python VERIFIED
Blackmoon FTP Server 3.1 Build 1735-1736 - Denial of Service via PORT Command
FTPService.exe in Blackmoon FTP 3.1 Build 1735 and Build 1736 (3.1.7.1736), and possibly other versions before 3.1.8.1737, allows remote attackers to cause a denial of service (crash) via a large number of PORT commands with long arguments, which triggers a NULL pointer dereference. NOTE: some of these details are obtained from third party information.
by Craig Freyman
CVE-2007-6515 EXPLOITDB python VERIFIED
SiteScape Forum - Remote Code Execution via TCL Code Separator in Query String
support/dispatch.cgi in SiteScape Forum allows remote attackers to execute arbitrary TCL code via code separator characters in the query string.
by Spencer McIntyre
CVE-2011-0027 EXPLOITDB html VERIFIED
Microsoft Data Access Components (MDAC) <2.8 SP1 & WDAC 6.0 - RCE
Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118.
by Peter Vreugdenhil
EIP-2026-109126 EXPLOITDB text VERIFIED
LifeType 1.2.10 - HTTP Referer Persistent Cross-Site Scripting
by Saif El-Sherei
EIP-2026-108173 EXPLOITDB text
Joomla! 1.5.22 / 1.6.0 - 'com_mailto' Spam Mail Relay
by Jeff Channell
CVE-2011-0503 EXPLOITDB text
vam_shop <= 1.6.1 - Cross-Site Request Forgery in Admin User Management
Cross-site request forgery (CSRF) vulnerability in VaM Shop 1.6, 1.6.1, and probably earlier versions allows remote attackers to hijack the authentication of administrators for requests that (1) change user status via admin/customers.php or (2) change user permissions via admin/accounting.php. NOTE: some of these details are obtained from third party information.
by High-Tech Bridge SA
CVE-2003-0352 EXPLOITDB ruby VERIFIED
Microsoft Windows - Buffer Overflow
Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
by Metasploit
CVE-2011-0498 EXPLOITDB python VERIFIED
Nokia Multimedia Player 1.00.55.5010 - Stack-Based Buffer Overflow via Playlist File
Stack-based buffer overflow in Nokia Multimedia Player 1.00.55.5010, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long entry in a playlist (.npl) file.
by Carlos Mario Penagos Hollmann
CVE-2011-0513 EXPLOITDB c
SecurStar DriveCrypt <= 5.4 - Local Privilege Escalation via DCR.sys IOCTL 0x00073800
DCR.sys driver in SecurStar DriveCrypt 5.4, 5.3, and earlier allows local users to execute arbitrary code via a crafted argument to the 0x00073800 IOCTL.
by mu-b
EIP-2026-113401 EXPLOITDB text
whCMS 0.115 - Cross-Site Request Forgery
by High-Tech Bridge SA
CVE-2011-0504 EXPLOITDB text
vam_shop 1.6-1.6.1 - Cross-Site Scripting via status, search, or STORE_NAME Parameter
Multiple cross-site scripting (XSS) vulnerabilities in VaM Shop 1.6, 1.6.1, and probably earlier versions llow remote attackers to inject arbitrary web script or HTML via the (1) status parameter to admin/orders.php, (2) search parameter to admin/customers.php, or (3) STORE_NAME parameter to admin/configuration.php.
by High-Tech Bridge SA
EIP-2026-106973 EXPLOITDB text
Extcalendar 2 - 'calendar.php' SQL Injection
by Lagripe-Dz & Mca-Crb
EIP-2026-106878 EXPLOITDB text
energine 2.3.8 - Multiple Vulnerabilities
by High-Tech Bridge SA
CVE-2011-5318 EXPLOITDB text
diafan.cms < 5.0 - Cross-Site Request Forgery via Admin Actions
Multiple cross-site request forgery (CSRF) vulnerabilities in diafan.CMS before 5.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify articles via a save_post action to admin/news/saveNEWS_ID/, (2) modify settings via a save_post action to admin/site/save2/, or (3) modify credentials via a save_post action to admin/usersite/save2/.
by High-Tech Bridge SA
EIP-2026-106002 EXPLOITDB text VERIFIED
CMS Tovar - 'tovar.php' SQL Injection
by jos_ali_joe
EIP-2026-105698 EXPLOITDB text
Cambio 0.5a - Cross-Site Request Forgery
by High-Tech Bridge SA
CVE-2010-4301 EXPLOITDB text
Wireshark 1.4.0-1.4.1 - Denial of Service via ZigBee ZCL Discover Attributes Packet
epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in Wireshark 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted ZCL packet, related to Discover Attributes.
by Fred Fierling
CVE-2010-4254 EXPLOITDB text VERIFIED
Mono with Moonlight < 2.3.0 - Remote Code Execution via Generic Method Argument Validation Bypass
Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call.
by Chris Howie
EIP-2026-119156 EXPLOITDB python VERIFIED
Solar FTP Server 2.1.1 - 'PASV' Remote Buffer Overflow
by John Leitch
EIP-2026-118961 EXPLOITDB html VERIFIED
Newv SmartClient 1.1.0 - 'NewvCommon.ocx' ActiveX Control Multiple Vulnerabilities
by wsn1983
CVE-2010-2746 EXPLOITDB ruby VERIFIED
Microsoft Windows XP-7 - Buffer Overflow
Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability."
by Nephi Johnson
EIP-2026-115569 EXPLOITDB perl VERIFIED
Macro Express Pro 4.2.2.1 - '.MXE' File Syntactic Analysis Buffer Overflow (PoC)
by LiquidWorm
CVE-2008-5689 EXPLOITDB c
OpenSolaris snv_01-snv_76 - Denial of Service via SIOCGTUNPARAM IOCTL Request
tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted SIOCGTUNPARAM IOCTL request, which triggers a NULL pointer dereference.
by peri.carding
EIP-2026-113436 EXPLOITDB text VERIFIED
WikLink 0.1.3 - Multiple SQL Injections
by Aliaksandr Hartsuyeu