Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-113451 EXPLOITDB html VERIFIED
Wolf CMS 0.6.0b - Multiple Vulnerabilities
by High-Tech Bridge SA
CVE-2010-4357 EXPLOITDB text
SiteEngine 7.1 - SQL Injection via Module Parameter
SQL injection vulnerability in comments.php in SiteEngine 7.1 allows remote attackers to execute arbitrary SQL commands via the module parameter.
by Beach
CVE-2010-4365 EXPLOITDB text
Harmistechnology Com Jeajaxeventcalendar - SQL Injection
SQL injection vulnerability in JE Ajax Event Calendar (com_jeajaxeventcalendar) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an alleventlist_more action to index.php.
by ALTBTA
EIP-2026-107260 EXPLOITDB html VERIFIED
Frog CMS 0.9.5 - Multiple Vulnerabilities
by High-Tech Bridge SA
EIP-2026-104290 EXPLOITDB text
JDownloader Webinterface - Source Code Disclosure
by Sil3nt_Dre4m
EIP-2026-104119 EXPLOITDB text VERIFIED
VMware 2 Web Server - Directory Traversal
by clshack
CVE-2010-20059 EXPLOITDB CRITICAL ruby VERIFIED
FreeNAS <0.7.2-5543 - Command Injection
FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated command‐execution backdoor in its web interface. The exec_raw.php script exposes a cmd parameter that is passed directly to the underlying shell without sanitation.
by Metasploit
CVE-2007-2987 EXPLOITDB ruby VERIFIED
Zenturi ProgramChecker - Remote Code Execution via DebugMsgLog or DoFileProperties Methods
Multiple buffer overflows in certain ActiveX controls in sasatl.dll in Zenturi ProgramChecker allow remote attackers to execute arbitrary code via unspecified vectors, possibly involving the (1) DebugMsgLog or (2) DoFileProperties methods.
by Metasploit
CVE-2008-4388 EXPLOITDB ruby VERIFIED
Symantec AppStream Client < 5.2.2 SP3 MP1 - Remote Code Execution via LaunchObj ActiveX Control
The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods.
by Metasploit
CVE-2009-3028 EXPLOITDB ruby VERIFIED
Symantec Altiris Deployment Solution/Notification Server - RCE via AeXNSPkgDLLib.dll
The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method.
by Metasploit
CVE-2008-5664 EXPLOITDB ruby VERIFIED
Realtek Media Player <1.15.0.0 - Buffer Overflow
Stack-based buffer overflow in Realtek Media Player (aka Realtek Sound Manager, RtlRack, or rtlrack.exe) 1.15.0.0 allows remote attackers to execute arbitrary code via a crafted playlist (PLA) file.
by Metasploit
CVE-2002-0965 EXPLOITDB ruby VERIFIED
Oracle 9i - Buffer Overflow via Long SERVICE_NAME Parameter
Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file.
by Metasploit
CVE-2001-0499 EXPLOITDB ruby VERIFIED
Oracle8i < 8.1.7 - Remote Buffer Overflow via TNS Listener Commands
Buffer overflow in Transparent Network Substrate (TNS) Listener in Oracle 8i 8.1.7 and earlier allows remote attackers to gain privileges via a long argument to the commands (1) STATUS, (2) PING, (3) SERVICES, (4) TRC_FILE, (5) SAVE_CONFIG, or (6) RELOAD.
by Metasploit
CVE-2009-1979 EXPLOITDB ruby VERIFIED
Oracle Database <10.2.0.4 - Info Disclosure
Unspecified vulnerability in the Network Authentication component in Oracle Database 10.1.0.5 and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2009 CPU. Oracle has not commented on claims from an independent researcher that this is related to improper validation of the AUTH_SESSKEY parameter length that leads to arbitrary code execution.
by Metasploit
CVE-2009-1350 EXPLOITDB ruby VERIFIED
Novell NetIdentity Client < 1.2.4 - Remote Code Execution via XTIERRPCPIPE Named Pipe
Unspecified vulnerability in xtagent.exe in Novell NetIdentity Client before 1.2.4 allows remote attackers to execute arbitrary code by establishing an IPC$ connection to the XTIERRPCPIPE named pipe, and sending RPC messages that trigger a dereference of an arbitrary pointer.
by Metasploit
CVE-2008-1117 EXPLOITDB ruby VERIFIED
Timbuktu Pro 8.6.5 - Path Traversal and Arbitrary File Write via Notes Feature
Directory traversal vulnerability in the Notes (aka Flash Notes or instant messages) feature in tb2ftp.dll in Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, allows remote attackers to upload files to arbitrary locations via a destination filename with a \ (backslash) character followed by ../ (dot dot slash) sequences. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4220.
by Metasploit
CVE-2008-3704 EXPLOITDB ruby VERIFIED
Microsoft Visual Studio <6.0.84.18 - Buffer Overflow
Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."
by Metasploit
CVE-2009-2685 EXPLOITDB ruby VERIFIED
HP Power Manager - Stack-based Buffer Overflow via Login Variable
Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable.
by Metasploit
CVE-2010-4142 EXPLOITDB ruby VERIFIED
DATAC RealWin <= 2.0 Build 6.1.8.10 - Stack-Based Buffer Overflow via Long SCPC Packet
Multiple stack-based buffer overflows in DATAC RealWin 2.0 Build 6.1.8.10 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) SCPC_INITIALIZE, (2) SCPC_INITIALIZE_RF, or (3) SCPC_TXTEVENT packet. NOTE: it was later reported that 1.06 is also affected by one of these requests.
by Metasploit
CVE-2006-5650 EXPLOITDB ruby VERIFIED
ICQ 5.1 - Remote Code Execution via ICQPhone.SipxPhoneManager ActiveX DownloadAgent Function
The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote attackers to download and execute arbitrary code via the DownloadAgent function, as demonstrated using an ICQ avatar.
by Metasploit
CVE-2004-0964 EXPLOITDB ruby VERIFIED
Zinf <2.2.1 - Remote Code Execution
Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for Linux, allows remote attackers or local users to execute arbitrary code via certain values in a .pls file.
by Metasploit
CVE-2010-4398 EXPLOITDB HIGH text VERIFIED
Microsoft Windows - Stack-based Buffer Overflow in RtlQueryRegistryValues via Crafted REG_BINARY Value
Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."
by noobpwnftw
CVSS 7.8
CVE-2010-4006 EXPLOITDB text
WSN Links < 5.0.81, < 5.1.51, < 6.0.1 SQL Injection via search.php
Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter.
by Mark Stanislav
EIP-2026-111233 EXPLOITDB text VERIFIED
phpvidz 0.9.5 - Administrative Credentials Disclosure
by Michael Brooks
CVE-2008-2905 EXPLOITDB ruby VERIFIED
Mambo < 4.6.4 - Remote Code Execution via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo 4.6.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
by Metasploit