Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-3765 EXPLOITDB CRITICAL html VERIFIED
Mozilla Firefox 3.5.x-3.5.14 and 3.6.x-3.6.11 - Remote Code Execution via nsCSSFrameConstructor
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
by anonymous
CVSS 9.8
EIP-2026-118639 EXPLOITDB text VERIFIED
Home FTP Server 1.11.1.149 - (Authenticated) Directory Traversal
by chr1x
EIP-2026-111105 EXPLOITDB ruby
PHPKit 1.6.1 R2 - 'overview.php' SQL Injection
by Easy Laster
EIP-2026-109766 EXPLOITDB ruby VERIFIED
mygamingladder MGL Combo System 7.5 - 'game.php' SQL Injection
by Easy Laster
EIP-2026-119314 EXPLOITDB python VERIFIED
XBMC 9.04.1r20672 - 'soap_action_name' POST UPnP 'sscanf' Remote Buffer Overflow
by n00b
EIP-2026-116390 EXPLOITDB text VERIFIED
TeamSpeak 2.0.32.60 - Memory Corruption
by Jokaim & nSense
EIP-2026-112626 EXPLOITDB text
TFTgallery 0.13.1 - Local File Inclusion
by Havok
EIP-2026-111795 EXPLOITDB php
RoSPORA 1.5.0 - Remote PHP Code Injection
by EgiX
EIP-2026-111574 EXPLOITDB text
Pub-Me CMS - Blind SQL Injection
by H4f
EIP-2026-107068 EXPLOITDB text VERIFIED
Feindura CMS Groupware - Multiple Local File Inclusion / Cross-Site Scripting Vulnerabilities
by Justanotherhacker.com
EIP-2026-103634 EXPLOITDB c VERIFIED
Platinum SDK Library - POST UPnP 'sscanf' Buffer Overflow (PoC)
by n00b
CVE-2010-3765 EXPLOITDB CRITICAL html VERIFIED
Mozilla Firefox 3.5.x-3.5.14 and 3.6.x-3.6.11 - Remote Code Execution via nsCSSFrameConstructor
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
by extraexploit
CVSS 9.8
CVE-2010-3765 EXPLOITDB CRITICAL html VERIFIED
Mozilla Firefox 3.5.x-3.5.14 and 3.6.x-3.6.11 - Remote Code Execution via nsCSSFrameConstructor
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
by Daniel Veditz
CVSS 9.8
CVE-2010-2963 EXPLOITDB c VERIFIED
Linux Kernel <2.6.36 - Privilege Escalation
drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) implementation in the Linux kernel before 2.6.36 on 64-bit platforms does not validate the destination of a memory copy operation, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via a VIDIOCSTUNER ioctl call on a /dev/video device, followed by a VIDIOCSMICROCODE ioctl call on this device.
by Kees Cook
EIP-2026-118902 EXPLOITDB text VERIFIED
MinaliC WebServer 1.0 - Remote Source Disclosure / File Download
by Dr_IDE
EIP-2026-118901 EXPLOITDB text VERIFIED
MinaliC WebServer 1.0 - Directory Traversal
by John Leitch
CVE-2010-4142 EXPLOITDB python VERIFIED
DATAC RealWin <= 2.0 Build 6.1.8.10 - Stack-Based Buffer Overflow via Long SCPC Packet
Multiple stack-based buffer overflows in DATAC RealWin 2.0 Build 6.1.8.10 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) SCPC_INITIALIZE, (2) SCPC_INITIALIZE_RF, or (3) SCPC_TXTEVENT packet. NOTE: it was later reported that 1.06 is also affected by one of these requests.
by blake
EIP-2026-115838 EXPLOITDB python VERIFIED
MinaliC WebServer 1.0 - Denial of Service
by John Leitch
EIP-2026-114638 EXPLOITDB text VERIFIED
Zomplog 3.9 - Multiple Cross-Site Scripting / Cross-Site Request Forgery Vulnerabilities
by High-Tech Bridge SA
EIP-2026-114635 EXPLOITDB text VERIFIED
Zomplog 3.9 - Cross-Site Request Forgery
by High-Tech Bridge SA
EIP-2026-113162 EXPLOITDB text VERIFIED
W-Agora 4.1.5 - Local File Inclusion / Cross-Site Scripting
by MustLive
EIP-2026-111123 EXPLOITDB text VERIFIED
phpLiterAdmin 1.0 RC1 - Authentication Bypass
by High-Tech Bridge SA
EIP-2026-109965 EXPLOITDB text VERIFIED
Novaboard 1.1.4 - Local File Inclusion
by High-Tech Bridge SA
CVE-2010-4874 EXPLOITDB text VERIFIED
NinkoBB 1.3 RC5 - Cross-Site Scripting via User Profile Parameters
Multiple cross-site scripting (XSS) vulnerabilities in users.php in NinkoBB 1.3 RC5 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, (3) msn, or (4) aim parameter.
by High-Tech Bridge SA
EIP-2026-109757 EXPLOITDB text VERIFIED
mycart 2.0 - Multiple Vulnerabilities
by Salvatore Fresta