Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-117464 EXPLOITDB python VERIFIED
Mediacoder 0.7.5.4792 - Local Buffer Overflow (SEH)
by 0v3r
EIP-2026-115289 EXPLOITDB python VERIFIED
FoxPlayer 2.4.0 - Denial of Service
by Oh Yaw Theng
EIP-2026-113392 EXPLOITDB text VERIFIED
Wernhart Guestbook 2001.03.28 - Multiple SQL Injections
by Aliaksandr Hartsuyeu
CVE-2010-4850 EXPLOITDB html
Diferior 8.03 - Stored Cross-Site Scripting via Post Content or Admin Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Diferior 8.03 allow remote attackers to inject arbitrary web script or HTML via the (1) post_content parameter to post/edit/2/p1.html, related to views/post.php; the (2) slogan parameter to admin/site/2.html, related to views/admin.php; or the (3) subcatname or (4) description parameter to admin/forum/create_sub.html, related to views/admin.php.
by High-Tech Bridge SA
EIP-2026-105712 EXPLOITDB html VERIFIED
Car Portal 2.0 - 'car_make' Cross-Site Scripting
by Underground Stockholm
EIP-2026-104840 EXPLOITDB text VERIFIED
4homepages 4Images 1.7.x - 'categories.php' SQL Injection
by Ahmed Atif
CVE-2010-4107 EXPLOITDB text VERIFIED
HP 9000 - Path Traversal
The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack.
by n.runs AG
CVE-2010-4362 EXPLOITDB text VERIFIED
MicroNetsoft RV Dealer Website - SQL Injection via selStock or orderBy Parameter
Multiple SQL injection vulnerabilities in MicroNetsoft RV Dealer Website allow remote attackers to execute arbitrary SQL commands via the (1) selStock parameter to search.asp and the (2) orderBy parameter to showAlllistings.asp.
by underground-stockholm.com
EIP-2026-117736 EXPLOITDB python VERIFIED
OtsTurntables 1.00.048 - '.m3u'/'.ofl' Local Buffer Overflow (SEH)
by 0v3r
CVE-2010-4502 EXPLOITDB text
CA Internet Security Suite Plus 2010 - Local Denial of Service and Arbitrary Code Execution via KmxSbx.sys IOCTL
Integer overflow in KmxSbx.sys 6.2.0.22 in CA Internet Security Suite Plus 2010 allows local users to cause a denial of service (pool corruption) and execute arbitrary code via crafted arguments to the 0x88000080 IOCTL, which triggers a buffer overflow.
by Nikita Tarakanov
EIP-2026-115381 EXPLOITDB python VERIFIED
Hanso Player 1.4.0 - '.m3u' Denial of Service
by anT!-Tr0J4n
CVE-2010-4734 EXPLOITDB text
Skeletonz CMS 1.0 - Cross-Site Scripting via Blog Comment Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the comment feature in Skeletonz CMS 1.0, when the Blog plugin is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Email parameters. NOTE: some of these details are obtained from third party information.
by Jbyte
CVE-2010-4356 EXPLOITDB html VERIFIED
Site2Nite Big Truck Broker - SQL Injection via txtSiteId Parameter
SQL injection vulnerability in news_default.asp in Site2Nite Big Truck Broker allows remote attackers to execute arbitrary SQL commands via the txtSiteId parameter.
by underground-stockholm.com
CVE-2010-4359 EXPLOITDB text VERIFIED
jurpopage 0.2.0 - SQL Injection via Category Parameter
SQL injection vulnerability in index.php in Jurpopage 0.2.0 allows remote attackers to execute arbitrary SQL commands via the category parameter.
by Sudden_death
EIP-2026-109409 EXPLOITDB perl VERIFIED
MemHT Portal 4.0.1 - 'User Agent' Persistent Cross-Site Scripting
by ZonTa
CVE-2010-4360 EXPLOITDB text VERIFIED
jurpopage 0.2.0 - SQL Injection via note or pg Parameter
Multiple SQL injection vulnerabilities in index.php in Jurpopage 0.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) note and (2) pg parameters, different vectors than CVE-2010-4359. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Sudden_death
CVE-2010-4249 EXPLOITDB c VERIFIED
Linux Kernel < 2.6.37 - Denial of Service via SOCK_SEQPACKET Garbage Collection
The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service (system hang) via crafted use of the socketpair and sendmsg system calls for SOCK_SEQPACKET sockets.
by Key Night
CVE-2010-3858 EXPLOITDB c
Linux Kernel < 2.6.36 - Denial of Service via Stack Memory Consumption
The setup_arg_pages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict the stack memory consumption of the (1) arguments and (2) environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of service (system crash) via a crafted exec system call, a related issue to CVE-2010-2240.
by Roland McGrath
EIP-2026-112241 EXPLOITDB text VERIFIED
SmartBox - 'page_id' SQL Injection
by KnocKout
CVE-2010-4783 EXPLOITDB text VERIFIED
PHP Web Scripts Easy Banner Free 2009.05.18 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl and (2) urlbanner parameters.
by Aliaksandr Hartsuyeu
CVE-2010-4784 EXPLOITDB text VERIFIED
PHP Web Scripts Easy Banner Free <2009.05.18 - SQL Injection
Multiple SQL injection vulnerabilities in member.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
by Aliaksandr Hartsuyeu
EIP-2026-106629 EXPLOITDB text VERIFIED
E-lokaler CMS 2 - Admin Login Multiple SQL Injections
by ali_err0r
CVE-2010-4170 EXPLOITDB bash VERIFIED
SystemTap 1.3 - Privilege Escalation via MODPROBE_OPTIONS Environment Variable
The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment variable to specify a malicious configuration file.
by Tavis Ormandy
CVE-2010-4243 EXPLOITDB c
Linux Kernel < 2.6.37 - Denial of Service via Stack Memory OOM Bypass
fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an "OOM dodging issue," a related issue to CVE-2010-3858.
by Roland McGrath
EIP-2026-115906 EXPLOITDB python VERIFIED
NCH Officeintercom 5.20 - Remote Denial of Service
by xsploited security