Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-4737 EXPLOITDB text VERIFIED
HotWebScripts HotWeb Rentals - SQL Injection
SQL injection vulnerability in resorts.asp in HotWebScripts HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropResort parameter.
by R4dc0re
CVE-2010-4736 EXPLOITDB text VERIFIED
GateSoft DocuSafe <4.1.2 - SQL Injection
SQL injection vulnerability in ECO.asp in GateSoft DocuSafe 4.1.0 and 4.1.2 allows remote attackers to execute arbitrary SQL commands via the ECO_ID parameter. NOTE: some of these details are obtained from third party information.
by R4dc0re
CVE-2010-4735 EXPLOITDB text VERIFIED
Ecommercemax Solutions DGS <1.5 - SQL Injection
SQL injection vulnerability in shoppingcart.asp in Ecommercemax Solutions Digital-goods seller (DGS) 1.5 allows remote attackers to execute arbitrary SQL commands via the d parameter.
by R4dc0re
EIP-2026-116527 EXPLOITDB perl VERIFIED
WaveMax Sound Editor 4.5.1 - Denial of Service (PoC)
by h1ch4m
EIP-2026-116406 EXPLOITDB ruby VERIFIED
TFTPUtil GUI 1.4.5 - Denial of Service (Metasploit)
by Vuk Ivanovic
EIP-2026-115611 EXPLOITDB python VERIFIED
MediaMonkey 3.2.4.1304 - '.mp3' Buffer Overflow (PoC)
by 0v3r
EIP-2026-115292 EXPLOITDB perl VERIFIED
Free Audio Converter 7.1.5 - Denial of Service (PoC)
by h1ch4m
CVE-2010-4300 EXPLOITDB text VERIFIED
Wireshark 1.2.0-1.2.12 and 1.4.0-1.4.1 - Heap-Based Buffer Overflow in LDSS Dissector
Heap-based buffer overflow in the dissect_ldss_transfer function (epan/dissectors/packet-ldss.c) in the LDSS dissector in Wireshark 1.2.0 through 1.2.12 and 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an LDSS packet with a long digest line that triggers memory corruption.
by Nephi Johnson
EIP-2026-101835 EXPLOITDB text
Linksys Routers - Cross-Site Request Forgery
by Martin Barbella
EIP-2026-100582 EXPLOITDB text VERIFIED
Techno Dreams FAQ Manager Package 1.0 - 'faqlist.asp' SQL Injection
by R4dc0re
EIP-2026-100581 EXPLOITDB text VERIFIED
Techno Dreams Articles & Papers Package 2.0 - 'ArticlesTablelist.asp' SQL Injection
by R4dc0re
CVE-2010-4830 EXPLOITDB text VERIFIED
Techno Dreams Job Career Package 3.0 - SQL Injection
SQL injection vulnerability in Resumes/TD_RESUME_Indlist.asp in Techno Dreams (T-Dreams) Job Career Package 3.0 allows remote attackers to execute arbitrary SQL commands via the z_Residency parameter.
by R4dc0re
CVE-2010-4829 EXPLOITDB text VERIFIED
Techno Dreams (T-Dreams) Cars Ads Package 2.0 - SQL Injection
SQL injection vulnerability in processview.asp in Techno Dreams (T-Dreams) Cars Ads Package 2.0 allows remote attackers to execute arbitrary SQL commands via the key parameter.
by R4dc0re
EIP-2026-100238 EXPLOITDB text VERIFIED
Dejcom Market CMS - 'showbrand.aspx' SQL Injection
by Mormoroth
EIP-2026-100146 EXPLOITDB text VERIFIED
ASPSiteWare Recipe ORGanizer - SQL Injection
by R4dc0re
EIP-2026-100145 EXPLOITDB text VERIFIED
ASPSiteWare Project Reporter - SQL Injection
by R4dc0re
EIP-2026-100144 EXPLOITDB text VERIFIED
ASPSiteWare JobPost 1.0 - SQL Injection
by R4dc0re
EIP-2026-100143 EXPLOITDB text VERIFIED
ASPSiteWare Contact Directory 1.0 - SQL Injection
by R4dc0re
EIP-2026-100142 EXPLOITDB text VERIFIED
ASPSiteWare ASP Gallery 1.0 - SQL Injection
by R4dc0re
CVE-2010-20103 EXPLOITDB CRITICAL ruby VERIFIED
ProFTPD 1.3.3c - Unauthenticated Remote Code Execution via Hidden FTP Command
A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a hidden FTP command trigger that, when invoked, causes the server to execute arbitrary shell commands with root privileges. This allows remote, unauthenticated attackers to run any OS command on the FTP server host.
by Metasploit
CVSS 9.8
CVE-2010-5193 EXPLOITDB html VERIFIED
Viscom Image Viewer CP Pro/Gold <8.0-6.0 - Buffer Overflow
Stack-based buffer overflow in the TIFMergeMultiFiles function in the SCRIBBLE.ScribbleCtrl.1 ActiveX control (ImageViewer2.ocx) in Viscom Image Viewer CP Pro 8.0 and Gold 6.0 allows remote attackers to execute arbitrary code via a long strDelimit parameter.
by Dr_IDE
EIP-2026-105079 EXPLOITDB text VERIFIED
Alguest 1.1 - Multiple Cookie Authentication Bypass Vulnerabilities
by Aliaksandr Hartsuyeu
EIP-2026-102205 EXPLOITDB text VERIFIED
iOS iFTPStorage 1.3 - Directory Traversal
by XEL
EIP-2026-101653 EXPLOITDB text
D-Link Routers - Authentication Bypass (1)
by Craig Heffner
EIP-2026-100296 EXPLOITDB text VERIFIED
Easy Travel Portal 2 - 'travelbycountry.asp' SQL Injection
by Ulrik Persson