Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-3039 EXPLOITDB text VERIFIED
Cisco Unified Communications Manager <8 - Command Injection
/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface, aka Bug IDs CSCti52041 and CSCti74930.
by Knud Erik Hjgaard
EIP-2026-119258 EXPLOITDB html VERIFIED
VideoLAN VLC Media Player 1.1.x - Calling Convention Remote Buffer Overflow
by shinnai
EIP-2026-117614 EXPLOITDB python VERIFIED
MiniShare 1.4.0 < 1.5.5 - 'users.txt' Local Buffer Overflow
by Chris Gabriel
EIP-2026-116186 EXPLOITDB c
Rising - 'RSNTGDI.sys' Local Denial of Service
by ze0r
EIP-2026-116138 EXPLOITDB perl
Quickzip 5.1.8.1 - Denial of Service
by moigai
EIP-2026-115589 EXPLOITDB text VERIFIED
Maxthon 3.0.18.1000 - CSS Denial of Service
by 4n0nym0us
EIP-2026-114960 EXPLOITDB c VERIFIED
AVG Internet Security 9.0.851 - Local Denial of Service
by Nikita Tarakanov
EIP-2026-113330 EXPLOITDB text VERIFIED
Webmedia Explorer 6.13.1 - Persistent Cross-Site Scripting
by High-Tech Bridge SA
CVE-2010-4186 EXPLOITDB text VERIFIED
OnlineTechTools OWOS Professional Edition 2.10 - SQL Injection via Password Parameter
SQL injection vulnerability in process.asp in OnlineTechTools Online Work Order System (OWOS) Professional Edition 2.10 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: some of these details are obtained from third party information.
by VSN
EIP-2026-109434 EXPLOITDB php
MetInfo 3.0 - 'FCKeditor' Arbitrary File Upload
by [sh3n]
EIP-2026-109411 EXPLOITDB text VERIFIED
MemHT Portal 4.0.1 - Persistent Cross-Site Scripting
by High-Tech Bridge SA
EIP-2026-108966 EXPLOITDB text VERIFIED
Kandidat CMS 1.4.2 - Persistent Cross-Site Scripting
by High-Tech Bridge SA
EIP-2026-106528 EXPLOITDB text
Dolphin 7.0.3 - Multiple Vulnerabilities
by anT!-Tr0J4n
EIP-2026-105344 EXPLOITDB text
Azaronline Design - SQL Injection
by XroGuE
EIP-2026-103877 EXPLOITDB python VERIFIED
BroadWorks - Call Detail Record Security Bypass
by Nick Freeman
CVE-2010-3863 EXPLOITDB text VERIFIED
Apache Shiro < 1.1.0 and JSecurity 0.9.x - Path Traversal via URI Path Bypass
Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
by Luke Taylor
CVE-2010-3879 EXPLOITDB text VERIFIED
libfuse < 2.8.5 - Unauthenticated Arbitrary Filesystem Unmount via Symlink Attack
FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789.
by halfdog
CVE-2010-4635 EXPLOITDB text VERIFIED
Site2Nite Vacation Rental Listings - SQL Injection via detail.asp ID Parameter
SQL injection vulnerability in detail.asp in Site2Nite Vacation Rental (VRBO) Listings allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by L0rd CrusAd3r
CVE-2010-4636 EXPLOITDB text VERIFIED
Site2Nite Business e-Listings - SQL Injection via ID Parameter
SQL injection vulnerability in detail.asp in Site2Nite Business e-Listings allows remote attackers to execute arbitrary SQL commands via the ID parameter.
by L0rd CrusAd3r
CVE-2010-4186 EXPLOITDB text VERIFIED
OnlineTechTools OWOS Professional Edition 2.10 - SQL Injection via Password Parameter
SQL injection vulnerability in process.asp in OnlineTechTools Online Work Order System (OWOS) Professional Edition 2.10 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: some of these details are obtained from third party information.
by L0rd CrusAd3r
EIP-2026-100241 EXPLOITDB text VERIFIED
Digger Solutions NewsLetter Open Source - SQL Injection
by L0rd CrusAd3r
EIP-2026-100229 EXPLOITDB text VERIFIED
Comrie Software Pay Roll Time Sheet & Punch Card - Authentication Bypass
by L0rd CrusAd3r
CVE-2010-4181 EXPLOITDB text
Yaws 1.89 - Path Traversal via Dot Dot Backslash Sequences
Directory traversal vulnerability in Yaws 1.89 allows remote attackers to read arbitrary files via ..\ (dot dot backslash) and other sequences.
by nitr0us
EIP-2026-119055 EXPLOITDB text VERIFIED
Project Jug 1.0.0 - Directory Traversal
by John Leitch
EIP-2026-118920 EXPLOITDB text VERIFIED
Mongoose Web Server 2.11 - Directory Traversal
by nitr0us