Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-100337 EXPLOITDB text VERIFIED
gausCMS - Multiple Vulnerabilities
by Abysssec
CVE-2010-0886 EXPLOITDB ruby VERIFIED
Oracle Java SE/JDK/JRE <6.20 - Info Disclosure
Unspecified vulnerability in the Java Deployment Toolkit component in Oracle Java SE and Java for Business JDK and JRE 6 Update 10 through 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
by Metasploit
EIP-2026-119154 EXPLOITDB text VERIFIED
Softek Barcode Reader Toolkit ActiveX 7.1.4.14 - 'SoftekATL.dll' Remote Buffer Overflow
by LiquidWorm
CVE-2010-3106 EXPLOITDB ruby VERIFIED
Novell iPrint < 5.42 - Remote Code Execution via ienipp.ocx Debug Parameter
The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint Client before 5.42 does not properly validate the debug parameter, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a parameter value with a crafted length, related to the ExecuteRequest method.
by Metasploit
CVE-2008-0935 EXPLOITDB ruby VERIFIED
Novell iPrint Client < 4.34 - Stack-Based Buffer Overflow via ExecuteRequest Method
Stack-based buffer overflow in the Novell iPrint Control ActiveX control in ienipp.ocx in Novell iPrint Client before 4.34 allows remote attackers to execute arbitrary code via a long argument to the ExecuteRequest method.
by Metasploit
CVE-2010-1527 EXPLOITDB ruby VERIFIED
Novell iPrint Client <5.44 - Buffer Overflow
Stack-based buffer overflow in Novell iPrint Client before 5.44 allows remote attackers to execute arbitrary code via a long call-back-url parameter in an op-client-interface-version action.
by Trancer
CVE-2010-3106 EXPLOITDB ruby VERIFIED
Novell iPrint < 5.42 - Remote Code Execution via ienipp.ocx Debug Parameter
The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint Client before 5.42 does not properly validate the debug parameter, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a parameter value with a crafted length, related to the ExecuteRequest method.
by Trancer
CVE-2008-4037 EXPLOITDB ruby VERIFIED
Microsoft Windows - Remote Code Execution via SMB Credential Reflection
Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.
by Metasploit
CVE-2010-2568 EXPLOITDB HIGH ruby VERIFIED
Windows Shell - Remote Code Execution via Crafted .LNK or .PIF Shortcut Files
Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.
by Metasploit
CVSS 7.8
EIP-2026-116712 EXPLOITDB python VERIFIED
Acoustica Audio Converter Pro 1.1 (build 25) - '.mp3 / .wav / .ogg / .wma' Local Heap Overflow
by Carlos Mario Penagos Hollmann
CVE-2010-1248 EXPLOITDB text VERIFIED
Microsoft Office Excel <2004 - Buffer Overflow
Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability."
by Abysssec
CVE-2010-3608 EXPLOITDB text VERIFIED
wpQuiz 2.7 - SQL Injection via id or password Parameter
Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) password (pw) parameters to (a) admin.php or (b) user.php.
by KnocKout
CVE-2010-3601 EXPLOITDB text VERIFIED
ibPhotohost 1.1.2 - SQL Injection via img Parameter
SQL injection vulnerability in index.php in ibPhotohost 1.1.2 allows remote attackers to execute arbitrary SQL commands via the img parameter.
by fred777
CVE-2010-4930 EXPLOITDB text VERIFIED
atmail webmail < 6.1.9 - Cross-Site Scripting via MailType Parameter
Cross-site scripting (XSS) vulnerability in index.php in @mail Webmail before 6.2.0 allows remote attackers to inject arbitrary web script or HTML via the MailType parameter in a mail/auth/processlogin action.
by Vicente Aguilera Diaz
EIP-2026-103884 EXPLOITDB text VERIFIED
CollabNet Subversion Edge Log Parser - HTML Injection
by Sumit Kumar Soni
CVE-2010-2961 EXPLOITDB bash VERIFIED
mountall <2.15.2 - Privilege Escalation
mountall.c in mountall before 2.15.2 uses 0666 permissions for the root.rules file, which allows local users to gain privileges by modifying this file.
by fuzz
EIP-2026-100482 EXPLOITDB text VERIFIED
Personal.Net Portal - Multiple Vulnerabilities
by Abysssec
CVE-2010-3484 EXPLOITDB text VERIFIED
LightNEasy 3.2.1 - SQL Injection via Handle Parameter
SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the handle parameter to LightNEasy.php, a different vector than CVE-2008-6593.
by Solidmedia
CVE-2010-3482 EXPLOITDB text
Primitive CMS 1.0.9 - SQL Injection
Multiple SQL injection vulnerabilities in cms_write.php in Primitive CMS 1.0.9 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) title and (2) menutitle parameters. NOTE: this can be leveraged with CVE-2010-3483 to conduct attacks without authentication.
by Stephan Sattler
CVE-2010-20120 EXPLOITDB HIGH ruby VERIFIED
Maplesoft Maple <= 13 - Remote Code Execution via Malicious Maplet File
Maple versions up to and including 13's Maplet framework allows embedded commands to be executed automatically when a .maplet file is opened. This behavior bypasses standard security restrictions that normally prevent code execution in regular Maple worksheets. The vulnerability enables attackers to craft malicious .maplet files that execute arbitrary code without user interaction.
by Metasploit
CVE-2006-1148 EXPLOITDB ruby VERIFIED
PeerCast < 0.1217 - Remote Code Execution via Long HTTP GET Parameter
Multiple stack-based buffer overflows in the procConnectArgs function in servmgr.cpp in PeerCast before 0.1217 allow remote attackers to execute arbitrary code via an HTTP GET request with a long (1) parameter name or (2) value in a URL, which triggers the overflow in the nextCGIarg function in servhs.cpp.
by Metasploit
CVE-2003-0727 EXPLOITDB ruby VERIFIED
Oracle 9i Database Release 2 - Buffer Overflow
Multiple buffer overflows in the XML Database (XDB) functionality for Oracle 9i Database Release 2 allow local users to cause a denial of service or hijack user sessions.
by Metasploit
CVE-2006-5156 EXPLOITDB ruby VERIFIED
McAfee ePolicy Orchestrator < 3.5.0.720 and ProtectionPilot < 1.1.1.126 - Remote Code Execution via Long Source Header
Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header.
by Metasploit
CVE-2005-2668 EXPLOITDB ruby VERIFIED
Computer Associates CAM/CAFT <1.11 Build 29_13 - Buffer Overflow
Multiple buffer overflows in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allow remote attackers to execute arbitrary code via unknown vectors.
by Metasploit
CVE-2009-2484 EXPLOITDB ruby VERIFIED
VLC media player <0.9.9 - Buffer Overflow
Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long smb URI in a playlist file.
by Metasploit