Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-114130 EXPLOITDB text VERIFIED
WordPress Plugin Twitter Feed - 'url' Cross-Site Scripting
by John Leitch
CVE-2010-4503 EXPLOITDB text VERIFIED
Aigaion 1.3.4 - SQL Injection via ID Parameter in export action
SQL injection vulnerability in indexlight.php in Aigaion 1.3.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter in an export action.
by KnocKout
EIP-2026-104058 EXPLOITDB text
RDM Embedded Lock Manager < 9.x - 'lm_tcp' Service Buffer Overflow
by Luigi Auriemma
CVE-2010-4258 EXPLOITDB c VERIFIED
Linux Kernel < 2.6.36.2 - Privilege Escalation via KERNEL_DS get_fs Handling
The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a (1) BUG, (2) NULL pointer dereference, or (3) page fault, as demonstrated by vectors involving the clear_child_tid feature and the splice system call.
by Dan Rosenberg
EIP-2026-102612 EXPLOITDB text VERIFIED
GNU InetUtils 1.8-1 - FTP Client Heap Overflow
by Rew
CVE-2010-4052 EXPLOITDB c VERIFIED
glibc 2.11.3/2.12.x-2.12.2 DoS via Adjacent Repetition in Regex
Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
by Maksymilian Arciemowicz
EIP-2026-100569 EXPLOITDB text
SOOP Portal Raven 1.0b - Arbitrary File Upload
by Sun Army
EIP-2026-100567 EXPLOITDB text VERIFIED
SolarWinds Orion Network Performance Monitor (NPM) 10.1 - Multiple Cross-Site Scripting Vulnerabilities
by x0skel
EIP-2026-118564 EXPLOITDB text VERIFIED
Freefloat FTP Server - Directory Traversal
by Pr0T3cT10n
EIP-2026-118067 EXPLOITDB html VERIFIED
Viscom VideoEdit Gold ActiveX 8.0 - Code Execution
by Rew
EIP-2026-118053 EXPLOITDB python VERIFIED
Video Charge Studio 2.9.5.643 - '.vsc' Local Buffer Overflow (SEH)
by xsploited security
EIP-2026-116757 EXPLOITDB text VERIFIED
Alice 2.2 - Arbitrary Code Execution
by Rew
EIP-2026-116568 EXPLOITDB text VERIFIED
WinZip 15.0 - WZFLDVW.OCX Text Property Denial of Service
by Fady Mohammed Osman
EIP-2026-116567 EXPLOITDB text VERIFIED
WinZip 15.0 - WZFLDVW.OCX IconIndex Property Denial of Service
by Fady Mohammed Osman
EIP-2026-115255 EXPLOITDB html VERIFIED
Flash Player - 'Flash6.ocx' AllowScriptAccess Denial of Service (PoC)
by Dr_IDE
EIP-2026-114959 EXPLOITDB html VERIFIED
AVG Internet Security 2011 - Safe Search for IE Denial of Service
by Dr_IDE
CVE-2010-4480 EXPLOITDB text VERIFIED
phpMyAdmin < 3.4.0-beta1 - Cross-Site Scripting via BBcode Tag
error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]".
by emgent white_sheep & scox
EIP-2026-109548 EXPLOITDB text
MODx REvolution CMS 2.0.4-pl2 - POST injection Cross-Site Scripting
by LiquidWorm
EIP-2026-105078 EXPLOITDB text VERIFIED
Alguest 1.1 - 'start' SQL Injection
by Aliaksandr Hartsuyeu
CVE-2012-10023 EXPLOITDB CRITICAL python VERIFIED
FreeFloat FTP Server 1.0.0 - Buffer Overflow
A stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. The server fails to properly validate input passed to the USER command, allowing remote attackers to overwrite memory and potentially execute arbitrary code. The flaw is triggered by sending an overly long username string, which overflows the buffer allocated for user authentication.
by 0v3r
CVSS 9.8
EIP-2026-113500 EXPLOITDB text
WordPress Core 3.0.1 - 'do_trackbacks()' SQL Injection
by M4g
CVE-2010-4330 EXPLOITDB text
Pulse CMS < 1.2.9 - Remote File Inclusion via Path Traversal in p Parameter
Directory traversal vulnerability in includes/controller.php in Pulse CMS Basic before 1.2.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter to index.php.
by Mark Stanislav
EIP-2026-111102 EXPLOITDB html
PHPKF Forum 1.80 - 'profil_degistir.php' Cross-Site Request Forgery
by FreWaL
CVE-2010-2075 EXPLOITDB ruby VERIFIED
UnrealIRCd 3.2.8.1 - Remote Code Execution via Trojaned DEBUG3_DOLOG_SYSTEM Macro
UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote attackers to execute arbitrary commands.
by Metasploit
EIP-2026-100568 EXPLOITDB text
SOOP Portal 2.0 - Arbitrary File Upload
by Net.Edit0r