Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-118339 EXPLOITDB ruby VERIFIED
CA BrightStor ARCserve Message Engine 0x72 - Remote Buffer Overflow (Metasploit)
by Metasploit
EIP-2026-112413 EXPLOITDB text VERIFIED
SquirrelMail Virtual Keyboard Plugin - 'vkeyboard.php' Cross-Site Scripting
by Moritz Naumann
EIP-2026-112368 EXPLOITDB text VERIFIED
SPAW Editor 2.0.8.1 - Local File Inclusion
by soorakh kos
EIP-2026-106846 EXPLOITDB text VERIFIED
Elxis 2009.2 rev2631 - SQL Injection
by High-Tech Bridge SA
EIP-2026-106298 EXPLOITDB text VERIFIED
CuteNews - 'page' Local File Inclusion
by eidelweiss
CVE-2010-4857 EXPLOITDB text
CAG CMS 0.2 Beta - SQL Injection via click.php itemid Parameter
SQL injection vulnerability in click.php in CAG CMS 0.2 Beta allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
by Shamus
CVE-2007-3010 EXPLOITDB CRITICAL ruby VERIFIED
Alcatel OmniPCX Enterprise < 7.1 - Remote Command Execution via Unified Maintenance Tool
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.
by Metasploit
CVSS 9.8
CVE-2002-1120 EXPLOITDB ruby VERIFIED
Savant Web Server < 3.1 - Remote Code Execution via Long HTTP GET Request
Buffer overflow in Savant Web Server 3.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
by Metasploit
EIP-2026-117916 EXPLOITDB ruby VERIFIED
SnackAmp 3.1.3B - SMP Buffer Overflow (SEH) (DEP Bypass)
by Muhamad Fadzil Ramli
EIP-2026-112856 EXPLOITDB text VERIFIED
Uebimiau Webmail 3.2.0-2.0 - Local File Inclusion
by blake
CVE-2010-3201 EXPLOITDB text VERIFIED
NetWin SurgeMail < 4.3g - Cross-Site Scripting via Username Parameter
Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program.
by Kerem Kocaer
EIP-2026-111415 EXPLOITDB text VERIFIED
Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities (2)
by Abysssec
EIP-2026-108023 EXPLOITDB text VERIFIED
ITS SCADA - 'Username' SQL Injection
by Eugene Salov
EIP-2026-107049 EXPLOITDB text VERIFIED
FAQMasterFlex 1.2 - SQL Injection
by cyb3r.anbu
EIP-2026-106484 EXPLOITDB html VERIFIED
Docebo 3.6 - 'description' Cross-Site Scripting
by High-Tech Bridge SA
CVE-2010-4858 EXPLOITDB text VERIFIED
DNET Live-Stats <0.8 - Path Traversal
Directory traversal vulnerability in team.rc5-72.php in DNET Live-Stats 0.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the showlang parameter.
by blake
EIP-2026-105272 EXPLOITDB text VERIFIED
Aspect Ratio CMS - Blind SQL Injection
by Stephan Sattler
EIP-2026-101418 EXPLOITDB html VERIFIED
Research In Motion BlackBerry Device Software 4.7.1 - Cross Domain Information Disclosure
by 599eme Man
CVE-2010-4210 EXPLOITDB HIGH c VERIFIED
FreeBSD 7.x < 7.3-RELEASE and 8.x < 8.0-RC1 - DoS and Memory Overwrite via pfs_getextattr
The pfs_getextattr function in FreeBSD 7.x before 7.3-RELEASE and 8.x before 8.0-RC1 unlocks a mutex that was not previously locked, which allows local users to cause a denial of service (kernel panic), overwrite arbitrary memory locations, and possibly execute arbitrary code via vectors related to opening a file on a file system that uses pseudofs.
by Babcia Padlina
CVSS 7.8
EIP-2026-100198 EXPLOITDB python VERIFIED
Cilem Haber 1.4.4 (Tr) - Database Disclosure
by ZoRLu
EIP-2026-115380 EXPLOITDB perl VERIFIED
Hanso Player 1.3.0 - '.m3u' Denial of Service
by xsploited security
EIP-2026-112709 EXPLOITDB text VERIFIED
TinyMCE MCFileManager 2.1.2 - Arbitrary File Upload
by Hackeri-AL
EIP-2026-105211 EXPLOITDB text VERIFIED
Aprox CMS Engine 6.0 - Multiple Vulnerabilities
by Stephan Sattler
EIP-2026-116849 EXPLOITDB c VERIFIED
AudioTran 1.4.2.4 - SafeSEH + SEHOP
by x90c
EIP-2026-102201 EXPLOITDB text VERIFIED
iOS FileApp < 2.0 - Directory Traversal
by m0ebiusc0de