Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-117224 EXPLOITDB c
G Data TotalCare 2011 - Local Kernel
by Nikita Tarakanov
EIP-2026-116047 EXPLOITDB text VERIFIED
PCSX2 0.9.7 Beta - Binary Denial of Service
by 41.w4r10r
EIP-2026-114488 EXPLOITDB text VERIFIED
xt:Commerce Shopsoftware 3/4 - 'FCKeditor' Arbitrary File Upload
by Net.Edit0r
EIP-2026-114240 EXPLOITDB text VERIFIED
WordPress Plugin WP Survey And Quiz Tool 1.2.1 - Cross-Site Scripting
by John Leitch
CVE-2010-4875 EXPLOITDB text VERIFIED
Vodpod Video Gallery Plugin <3.1.5 - XSS
Cross-site scripting (XSS) vulnerability in vodpod-video-gallery/vodpod_gallery_thumbs.php in the Vodpod Video Gallery Plugin 3.1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gid parameter.
by John Leitch
EIP-2026-114030 EXPLOITDB text VERIFIED
WordPress Plugin SEO Tools 3.0 - 'file' Directory Traversal
by John Leitch
EIP-2026-113849 EXPLOITDB text VERIFIED
WordPress Plugin jRSS Widget 1.1.1 - 'url' Information Disclosure
by John Leitch
EIP-2026-113742 EXPLOITDB text VERIFIED
WordPress Plugin FeedList 2.61.01 - 'handler_image.php' Cross-Site Scripting
by John Leitch
EIP-2026-111988 EXPLOITDB text VERIFIED
Seo Panel 2.1.0 - Critical File Disclosure
by MaXe
CVE-2008-6222 EXPLOITDB text VERIFIED
Pro Desk Support Center 1.0 and 1.2 - Path Traversal via Include File Parameter
Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
by d3v1l
CVE-2010-1345 EXPLOITDB text VERIFIED
Cookex Agency CKForms <1.3.3 - Path Traversal
Directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
by ALTBTA
EIP-2026-108306 EXPLOITDB text VERIFIED
Joomla! Component com_clanlist - SQL Injection
by CoBRa_21
EIP-2026-108305 EXPLOITDB text VERIFIED
Joomla! Component com_clan - SQL Injection
by AtT4CKxT3rR0r1ST
CVE-2010-4715 EXPLOITDB python VERIFIED
Novell GroupWise <8.02HP - Path Traversal
Multiple directory traversal vulnerabilities in the (1) WebAccess Agent and (2) Document Viewer Agent components in Novell GroupWise before 8.02HP allow remote attackers to read arbitrary files via unspecified vectors. NOTE: some of these details are obtained from third party information.
by Francis Provencher
CVE-2010-4412 EXPLOITDB text VERIFIED
pfSense 2 beta 4 - Cross-Site Scripting via id Parameter in pkg_edit.php
Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in an olsrd.xml action to pkg_edit.php, (2) the xml parameter to pkg.php, or the if parameter to (3) status_graph.php or (4) interfaces.php, a different vulnerability than CVE-2008-1182 and CVE-2010-4246.
by dave b
CVE-2010-4412 EXPLOITDB text VERIFIED
pfSense 2 beta 4 - Cross-Site Scripting via id Parameter in pkg_edit.php
Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in an olsrd.xml action to pkg_edit.php, (2) the xml parameter to pkg.php, or the if parameter to (3) status_graph.php or (4) interfaces.php, a different vulnerability than CVE-2008-1182 and CVE-2010-4246.
by dave b
CVE-2010-4412 EXPLOITDB text VERIFIED
pfSense 2 beta 4 - Cross-Site Scripting via id Parameter in pkg_edit.php
Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in an olsrd.xml action to pkg_edit.php, (2) the xml parameter to pkg.php, or the if parameter to (3) status_graph.php or (4) interfaces.php, a different vulnerability than CVE-2008-1182 and CVE-2010-4246.
by dave b
CVE-2010-4412 EXPLOITDB text VERIFIED
pfSense 2 beta 4 - Cross-Site Scripting via id Parameter in pkg_edit.php
Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in an olsrd.xml action to pkg_edit.php, (2) the xml parameter to pkg.php, or the if parameter to (3) status_graph.php or (4) interfaces.php, a different vulnerability than CVE-2008-1182 and CVE-2010-4246.
by dave b
CVE-2010-4631 EXPLOITDB text VERIFIED
pilot_cart 7.3 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) countrycode parameter to contact.asp, USERNAME parameter to (2) gateway.asp and (3) cart.asp, and the specific parameter to (4) quote.asp and (5) buyitnow.
by Ariko-Security
EIP-2026-118544 EXPLOITDB text VERIFIED
filecopa ftp server 6.01 - Directory Traversal
by Pawel Wylecial
EIP-2026-111582 EXPLOITDB text
Punbb 1.3.4 - Multiple Full Path Disclosures
by SYSTEM_OVERIDE
EIP-2026-106412 EXPLOITDB perl
DeluxeBB 1.3 - Private Information Disclosure
by Vis Intelligendi
CVE-2010-4156 EXPLOITDB php VERIFIED
Libmbfl 1.1.0 - Information Disclosure via mb_strcut Length Parameter
The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter (aka the length parameter).
by Mateusz Kocielski
CVE-2010-4221 EXPLOITDB perl VERIFIED
ProFTPD - Stack-Based Buffer Overflow via TELNET IAC Escape Character
Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.
by kingcope
CVE-2010-4632 EXPLOITDB text VERIFIED
pilot_cart 7.3 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to execute arbitrary SQL commands via the (1) article parameter to kb.asp, (2) specific parameter to cart.asp, (3) countrycode parameter to contact.asp, and the (4) srch parameter to search.asp. NOTE: the article parameter to pilot.asp is already covered by CVE-2008-2688.
by Ariko-Security