Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-102166 EXPLOITDB python VERIFIED
iOS FileApp < 2.0 - FTP Remote Denial of Service
by m0ebiusc0de
EIP-2026-100593 EXPLOITDB text VERIFIED
TradeMC E-Ticaret - SQL Injection / Cross-Site Scripting
by KnocKout
CVE-2010-3425 EXPLOITDB text VERIFIED
SmarterStats 5.3 - Cross-Site Scripting via frmHelp.aspx url Parameter
Cross-site scripting (XSS) vulnerability in UserControls/Popups/frmHelp.aspx in SmarterStats 5.3, 5.3.3819, and possibly other 5.3 versions, allows remote attackers to inject arbitrary web script or HTML via the url parameter.
by sqlhacker
CVE-2010-3486 EXPLOITDB text VERIFIED
SmarterMail 7.1.3876 - Path Traversal
Directory traversal vulnerability in FileStorageUpload.ashx in SmarterMail 7.1.3876 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash), (2) %5C (encoded backslash), or (3) %255c (double-encoded backslash) in the name parameter.
by sqlhacker
EIP-2026-100166 EXPLOITDB python VERIFIED
Bka Haber 1.0 (Tr) - File Disclosure
by ZoRLu
CVE-2010-3189 EXPLOITDB ruby VERIFIED
Trend Micro Internet Security Pro 2010 - RCE
The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer.
by Trancer
CVE-2010-1899 EXPLOITDB text VERIFIED
Internet Information Services 5.1-7.5 - Denial of Service via Crafted ASP Request
Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."
by kingcope
EIP-2026-114595 EXPLOITDB text VERIFIED
zen cart 1.3.9f - Multiple Vulnerabilities
by LiquidWorm
EIP-2026-114594 EXPLOITDB text VERIFIED
Zen Cart 1.3.9f - 'typefilter' Local File Inclusion
by LiquidWorm
EIP-2026-112681 EXPLOITDB text VERIFIED
Tiki Wiki CMS Groupware 5.2 - Multiple Vulnerabilities
by John Leitch
EIP-2026-111170 EXPLOITDB text VERIFIED
phpMyShopping 1.0.1505 - Multiple Vulnerabilities
by Metropolis
EIP-2026-108071 EXPLOITDB text VERIFIED
jCart 1.1 - Multiple Cross-Site Scripting / Cross-Site Request Forgery/Open Redirect Vulnerabilities
by p0deje
EIP-2026-107766 EXPLOITDB perl VERIFIED
iGaming CMS 1.5 - Blind SQL Injection
by plucky
EIP-2026-106925 EXPLOITDB text VERIFIED
Evaria Content Management System 1.1 - File Disclosure
by khayeye shotor
CVE-2010-4866 EXPLOITDB text VERIFIED
chipmunk_board 1.3 - SQL Injection via forumID Parameter
SQL injection vulnerability in index.php in Chipmunk Board 1.3 allows remote attackers to execute arbitrary SQL commands via the forumID parameter.
by Shamus
EIP-2026-100825 EXPLOITDB text VERIFIED
Intellicom Netbiter webSCADA Products - 'read.cgi' Multiple Remote Security Vulnerabilities
by Eugene Salov
CVE-2010-2738 EXPLOITDB python VERIFIED
Microsoft Windows and Office - Remote Code Execution via Malformed OpenType Font Parsing
The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability."
by Abysssec
EIP-2026-108703 EXPLOITDB ruby VERIFIED
Joomla! Component JE Job - SQL Injection
by Easy Laster
CVE-2010-4865 EXPLOITDB text VERIFIED
JE Guestbook (com_jeguestbook) 1.0 - SQL Injection
SQL injection vulnerability in the JE Guestbook (com_jeguestbook) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the d_itemid parameter in an item_detail action to index.php.
by Salvatore Fresta
CVE-2010-4862 EXPLOITDB ruby VERIFIED
Joomla! com_jedirectory 1.0 - SQL Injection
SQL injection vulnerability in the JExtensions JE Directory (com_jedirectory) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.
by Easy Laster
EIP-2026-108124 EXPLOITDB text
JomSocial 1.8.8 - Arbitrary File Upload
by Jeff Channell
EIP-2026-100135 EXPLOITDB text VERIFIED
ASPMass Shopping Cart - Arbitrary File Upload / Cross-Site Request Forgery
by Abysssec
EIP-2026-117814 EXPLOITDB python VERIFIED
Quick Player 1.3 - Unicode (SEH)
by Abhishek Lyall
CVE-2010-1245 EXPLOITDB text VERIFIED
Microsoft Office <2008 for Mac - RCE
Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-0821.
by Abysssec
EIP-2026-113371 EXPLOITDB python
Webspell wCMS-Clanscript4.01.02net - static Blind SQL Injection
by Easy Laster