Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-2309 EXPLOITDB ruby VERIFIED
EvoLogical EvoCam 3.6.6-3.6.7 - Remote Code Execution via Long GET Request
Buffer overflow in the web server for EvoLogical EvoCam 3.6.6 and 3.6.7 allows remote attackers to execute arbitrary code via a long GET request.
by Metasploit
CVE-2007-5208 EXPLOITDB ruby VERIFIED
HP Linux Imaging and Printing Project < 2.7.10 - OS Command Injection via Sendmail From Address
hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) 1.x and 2.x before 2.7.10 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a from address, which is not properly handled when invoking sendmail.
by Metasploit
CVE-2007-4560 EXPLOITDB ruby VERIFIED
ClamAV < 0.91.2 - Remote Code Execution via Shell Metacharacters in Sendmail Recipient Field
clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."
by Metasploit
EIP-2026-118446 EXPLOITDB c VERIFIED
Dupehunter Professional 9.0.0.3911 - 'Fwpuclnt.dll' DLL Loading Arbitrary Code Execution
by anT!-Tr0J4n
CVE-2010-4792 EXPLOITDB html VERIFIED
OPEN IT OverLook 5.0 - Cross-Site Scripting via Frame Parameter
Cross-site scripting (XSS) vulnerability in title.php in OPEN IT OverLook 5.0 allows remote attackers to inject arbitrary web script or HTML via the frame parameter.
by Anatolia Security
EIP-2026-109066 EXPLOITDB text VERIFIED
Lantern CMS - '11-login.asp' Cross-Site Scripting
by High-Tech Bridge SA
CVE-2010-4797 EXPLOITDB text VERIFIED
Truworth Flex Timesheet - SQL Injection
Multiple SQL injection vulnerabilities in the log-in form in Truworth Flex Timesheet allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields.
by KnocKout
CVE-2010-4856 EXPLOITDB python VERIFIED
xWeblog 2.2 - SQL Injection via arsiv.asp tarih Parameter
SQL injection vulnerability in arsiv.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the tarih parameter.
by ZoRLu
EIP-2026-107069 EXPLOITDB text
Feindura File Manager 1.0(rc) - Arbitrary File Upload
by KnocKout
CVE-2010-2632 EXPLOITDB text
Oracle Solaris 8-11 Express - DoS
Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable researcher that this is an issue in the glob implementation in libc that allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames.
by Maksymilian Arciemowicz
CVE-2010-4855 EXPLOITDB text VERIFIED
xWeblog 2.2 - SQL Injection via makale_id Parameter
SQL injection vulnerability in oku.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the makale_id parameter.
by KnocKout
EIP-2026-119472 EXPLOITDB python VERIFIED
HP Data Protector Media Operations - Null Pointer Dereference Remote Denial of Service
by d0lc3
CVE-2010-4864 EXPLOITDB perl VERIFIED
Club Manager (com_clubmanager) for Joomla! - SQL Injection via cm_id Parameter
SQL injection vulnerability in the Club Manager (com_clubmanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cm_id parameter in an equip presenta action to index.php.
by FL0RiX
EIP-2026-105372 EXPLOITDB text VERIFIED
Backbone Technology Expression 18.9.2010 - Cross-Site Scripting
by High-Tech Bridge SA
CVE-2010-3631 EXPLOITDB text VERIFIED
Adobe Acrobat and Reader 8.x-8.2.4 and 9.x-9.3 - Remote Code Execution
Array index error in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
by Knud & nSense
CVE-2002-1473 EXPLOITDB ruby VERIFIED
HP-UX 10.20-11.11 - Buffer Overflow in lp Subsystem
Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.11 (11i) allow local users to cause a denial of service and possibly execute arbitrary code.
by Metasploit
CVE-2010-3332 EXPLOITDB perl VERIFIED
Microsoft .NET Framework - Info Disclosure
Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."
by Giorgio Fedon
CVE-2003-0727 EXPLOITDB ruby VERIFIED
Oracle 9i Database Release 2 - Buffer Overflow
Multiple buffer overflows in the XML Database (XDB) functionality for Oracle 9i Database Release 2 allow local users to cause a denial of service or hijack user sessions.
by Metasploit
CVE-2005-2373 EXPLOITDB ruby VERIFIED
SlimFTPd 3.15-3.16 - Authenticated Buffer Overflow via Long Directory Name
Buffer overflow in SlimFTPd 3.15 and 3.16 allows remote authenticated users to execute arbitrary code via a long directory name to (1) LIST, (2) DELE or (3) RNFR commands.
by Metasploit
CVE-2005-1323 EXPLOITDB ruby VERIFIED
NetTerm 5.1.1 - Buffer Overflow via USER Command
Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote attackers to execute arbitrary code via a long USER command.
by Metasploit
CVE-2006-4691 EXPLOITDB ruby VERIFIED
Microsoft Windows <XP - Buffer Overflow
Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.
by Metasploit
CVE-2007-3901 EXPLOITDB ruby VERIFIED
Microsoft DirectX 7.0-10.0 - Remote Code Execution via SAMI File Parsing
Stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll for Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted SAMI file.
by Metasploit
CVE-2004-1135 EXPLOITDB ruby VERIFIED
WS_FTP Server 5.03 2004.10.14 - Denial of Service via Long SITE, XMKD, MKD, or RNFR Commands
Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow remote attackers to cause a denial of service (service crash) via long (1) SITE, (2) XMKD, (3) MKD, and (4) RNFR commands.
by Metasploit
CVE-2005-1415 EXPLOITDB ruby VERIFIED
GlobalSCAPE Secure FTP Server 3.0.2 - RCE
Buffer overflow in GlobalSCAPE Secure FTP Server 3.0.2 allows remote authenticated users to execute arbitrary code via a long FTP command.
by Metasploit
EIP-2026-118340 EXPLOITDB ruby VERIFIED
CA BrightStor ARCserve Tape Engine - 0x8A Buffer Overflow (Metasploit)
by Metasploit