Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-4619 EXPLOITDB text VERIFIED
Mafya Oyun Scrpti - SQL Injection via profil.php id Parameter
SQL injection vulnerability in profil.php in Mafya Oyun Scrpti (aka Mafia Game Script) allows remote attackers to execute arbitrary SQL commands via the id parameter.
by DeadLy DeMon
CVE-2010-4614 EXPLOITDB text VERIFIED
Ero Auktion 2010 - SQL Injection via item.php id Parameter
SQL injection vulnerability in item.php in Ero Auktion 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2010-0723.
by DeadLy DeMon
CVE-2010-4842 EXPLOITDB text VERIFIED
MHP DownloadScript <2.2 - SQL Injection
SQL injection vulnerability in admin/login.php in MHP DownloadScript (aka MH Products Download Center) 2.2 allows remote attackers to execute arbitrary SQL commands via the Name parameter. NOTE: some of these details are obtained from third party information.
by DeadLy DeMon
CVE-2011-1021 EXPLOITDB c VERIFIED
Linux Kernel < 3.0 - Arbitrary Kernel Memory Write via ACPI Debugfs Custom Method
drivers/acpi/debugfs.c in the Linux kernel before 3.0 allows local users to modify arbitrary kernel memory locations by leveraging root privileges to write to the /sys/kernel/debug/acpi/custom_method file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4347.
by Jon Oberheide
EIP-2026-100602 EXPLOITDB perl VERIFIED
Virtual Store Open 3.0 - Acess SQL Injection
by Br0ly
CVE-2010-3944 EXPLOITDB c VERIFIED
Windows 7 and Windows Server 2008 - Privilege Escalation via win32k.sys Input Validation
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
by Stefan LE BERRE
EIP-2026-118251 EXPLOITDB text VERIFIED
Alt-N WebAdmin 3.3.3 - Remote Source Code Information Disclosure
by wsn1983
EIP-2026-118062 EXPLOITDB text
ViRobot Desktop 5.5 and Server 3.5 < 2008.8.1.1 - Local Privilege Escalation
by MJ0011
EIP-2026-117703 EXPLOITDB text
NProtect Anti-Virus 2007 < 2010.5.11.1 - Local Privilege Escalation
by MJ0011
EIP-2026-117141 EXPLOITDB text
ESTsoft ALYac Anti-Virus 1.5 < 5.0.1.2 - Local Privilege Escalation
by MJ0011
EIP-2026-116746 EXPLOITDB text
AhnLab V3 Internet Security 8.0 < 1.2.0.4 - Local Privilege Escalation
by MJ0011
EIP-2026-112323 EXPLOITDB text VERIFIED
Softbiz PHP Joke Site Software - Multiple SQL Injections
by v3n0m
EIP-2026-112301 EXPLOITDB text VERIFIED
Social Share - Multiple Cross-Site Scripting Vulnerabilities
by Aliaksandr Hartsuyeu
CVE-2010-4275 EXPLOITDB text
Radius Manager 3.8.0 - Authenticated Cross-Site Scripting via Name or Descr Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Radius Manager 3.8.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) name or (2) descr parameter in an (a) update_usergroup or a (b) store_nas action to admin.php.
by Rodrigo Rubira Branco
CVE-2010-4275 EXPLOITDB text VERIFIED
Radius Manager 3.8.0 - Authenticated Cross-Site Scripting via Name or Descr Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Radius Manager 3.8.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) name or (2) descr parameter in an (a) update_usergroup or a (b) store_nas action to admin.php.
by Rodrigo Rubira Branco
CVE-2010-4847 EXPLOITDB text VERIFIED
MH Products MHP Downloadshop - SQL Injection
SQL injection vulnerability in view_item.php in MH Products MHP Downloadshop allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.
by Easy Laster
CVE-2010-4721 EXPLOITDB text VERIFIED
Immo Makler - SQL Injection via News.php ID Parameter
SQL injection vulnerability in news.php in Immo Makler allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Easy Laster
CVE-2010-4844 EXPLOITDB text VERIFIED
MH Products Easy Online Shop - SQL Injection
SQL injection vulnerability in content.php in MH Products Easy Online Shop allows remote attackers to execute arbitrary SQL commands via the kat parameter.
by Easy Laster
EIP-2026-106273 EXPLOITDB text
CubeCart 3.x - Arbitrary File Upload
by StunTMaN!
EIP-2026-101621 EXPLOITDB html
D-Link DIR-300 - Cross-Site Request Forgery (Change Admin Account Settings)
by outlaw.dll
CVE-2010-20042 EXPLOITDB HIGH ruby VERIFIED
Xion Audio Player <1.0.126 - Buffer Overflow
Xion Audio Player versions 1.0.126 and prior are vulnerable to a Unicode-based stack buffer overflow triggered by opening a specially crafted .m3u playlist file. The file contains an overly long string that overwrites the Structured Exception Handler (SEH) chain, allowing an attacker to hijack execution flow and run arbitrary code.
by Metasploit
CVE-2010-20010 EXPLOITDB HIGH ruby VERIFIED
Foxit PDF Reader < 4.2.0.0928 - Stack-based Buffer Overflow via PDF Info Title Entry
Foxit PDF Reader before 4.2.0.0928 does not properly bound-check the /Title entry in the PDF Info dictionary. A specially crafted PDF with an overlong Title string can overflow a fixed-size stack buffer, corrupt the Structured Exception Handler (SEH) chain, and lead to arbitrary code execution in the context of the user who opens the file.
by Metasploit
EIP-2026-116776 EXPLOITDB perl VERIFIED
Altarsoft Audio Converter 1.1 - Local Buffer Overflow (SEH)
by C4SS!0 G0M3S
CVE-2007-3314 EXPLOITDB ruby VERIFIED
Altap Salamander 2.5 PE Viewer Buffer Overflow
Stack-based buffer overflow in peviewer.spl in Altap Servant Salamander 2.5 with Portable Executable Viewer 2.02 (English Trial), and 2.0 with Portable Executable Viewer 1.00 (English Trial), allows remote attackers to execute arbitrary code via a long PDB debug filename in a PE file.
by Metasploit
EIP-2026-116742 EXPLOITDB python VERIFIED
Aesop GIF Creator 2.1 - '.aep' Local Buffer Overflow
by xsploitedsec