Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-105848 EXPLOITDB text VERIFIED
ChurchInfo 1.2.12 - SQL Injection
by dun
CVE-2010-4543 EXPLOITDB VERIFIED
GIMP 2.6.11 - Heap-Based Buffer Overflow in PSP Plugin via RLE Compression
Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. NOTE: some of these details are obtained from third party information.
by non customers
EIP-2026-119069 EXPLOITDB perl VERIFIED
QuickPHP Web Server - Arbitrary '.php' File Download
by Yakir Wizman
EIP-2026-118356 EXPLOITDB html VERIFIED
Chilkat Software FTP2 - ActiveX Component Remote Code Execution
by rgod
CVE-2010-0219 EXPLOITDB text VERIFIED
Apache Axis2 - Remote Code Execution via Default Admin Credentials
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
by rgod
EIP-2026-107777 EXPLOITDB php VERIFIED
Ignition 1.3 - Remote Code Execution
by cOndemned
EIP-2026-107776 EXPLOITDB text VERIFIED
Ignition 1.3 - 'page.php' Local File Inclusion
by cOndemned
CVE-2010-5099 EXPLOITDB php
TYPO3 <4.2.16, 4.3.9, 4.4.5 - Path Traversal
The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption key from localconf.php.
by ikki
CVE-2010-3714 EXPLOITDB php
TYPO3 4.2.0-4.2.14, 4.3.0-4.3.6, 4.4.0-4.4.3 - Unauthenticated Arbitrary File Read via jumpUrl Hash Comparison
The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors.
by ikki
CVE-2010-10012 EXPLOITDB HIGH text VERIFIED
httpdasm 0.92 - Unauthenticated Path Traversal via URL-Encoded Backslashes
A path traversal vulnerability exists in httpdasm version 0.92, a lightweight Windows HTTP server, that allows unauthenticated attackers to read arbitrary files on the host system. By sending a specially crafted GET request containing a sequence of URL-encoded backslashes and directory traversal patterns, an attacker can escape the web root and access sensitive files outside of the intended directory.
by John Leitch
EIP-2026-119070 EXPLOITDB text VERIFIED
QuickPHP Web Server 1.9.1 - Directory Traversal
by John Leitch
EIP-2026-117042 EXPLOITDB python VERIFIED
Digital Music Pad 8.2.3.4.8 - '.pls' Local Overflow (SEH)
by Abhishek Lyall
CVE-2005-3294 EXPLOITDB python VERIFIED
Typsoft FTP Server < 1.11 - Denial of Service via Multiple RETR Commands
Typsoft FTP Server 1.11, with "Sub Directory Include" enabled, allows remote attackers to cause a denial of service (crash) by sending multiple RETR commands. NOTE: it was later reported that 1.10 is also affected.
by emgent
EIP-2026-116137 EXPLOITDB python
QuickTime Picture Viewer 7.6.6 JP2000 - Denial of Service
by BraniX
EIP-2026-115462 EXPLOITDB python VERIFIED
IrfanView 4.27 - 'JP2000.dll' plugin Denial of Service
by BraniX
EIP-2026-113501 EXPLOITDB text VERIFIED
WordPress Core 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1)
by Saif
EIP-2026-112185 EXPLOITDB text VERIFIED
Siteframe CMS 3.2.3 - 'user.php' SQL Injection
by AnGrY BoY
EIP-2026-111309 EXPLOITDB html VERIFIED
PiXie CMS 1.04 - Multiple Cross-Site Request Forgery Vulnerabilities
by Ali Raheem
EIP-2026-110793 EXPLOITDB text VERIFIED
PHP-AddressBook 6.2.4 - 'group.php' SQL Injection
by hiphop
EIP-2026-109910 EXPLOITDB text
News Script PHP Pro - 'FCKeditor' Arbitrary File Upload
by Net.Edit0r
EIP-2026-109219 EXPLOITDB text VERIFIED
LoveCMS 1.6.2 - Cross-Site Request Forgery / Code Injection
by hiphop
EIP-2026-109130 EXPLOITDB text VERIFIED
LightNEasy 3.2.2 - Multiple Vulnerabilities
by High-Tech Bridge SA
EIP-2026-108958 EXPLOITDB text
kaibb 1.0.1 - Multiple Vulnerabilities
by High-Tech Bridge SA
EIP-2026-106617 EXPLOITDB text VERIFIED
DzTube - SQL Injection
by errnick qwe
EIP-2026-106465 EXPLOITDB text VERIFIED
Discovery TorrentTrader 2.6 - Multiple Vulnerabilities
by EsS4ndre