Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-3428 EXPLOITDB text VERIFIED
Intermesh Group-Office 3.5.9 - SQL Injection
SQL injection vulnerability in modules/notes/json.php in Intermesh Group-Office 3.5.9 allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a category action.
by ViciOuS
EIP-2026-100400 EXPLOITDB text VERIFIED
Luftguitar CMS - Upload Arbitrary File
by Abysssec
CVE-2010-2201 EXPLOITDB python VERIFIED
Adobe Acrobat and Reader 9.x < 9.3.3 and 8.x < 8.2.3 - Remote Code Execution via Crafted Flash Content in PDF
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content involving the (1) pushstring (0x2C) operator, (2) debugfile (0xF1) operator, and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-1285 and CVE-2010-2168.
by Abysssec
EIP-2026-112538 EXPLOITDB text VERIFIED
System Shop - 'Module aktka' SQL Injection
by secret
EIP-2026-109768 EXPLOITDB text VERIFIED
MyHobbySite 1.01 - SQL Injection / Authentication Bypass
by YuGj VN
EIP-2026-105128 EXPLOITDB text VERIFIED
Alstrasoft AskMe Pro 2.1 - 'profile.php' SQL Injection
by CoBRa_21
CVE-2010-3404 EXPLOITDB text VERIFIED
eshtery CMS - SQL Injection via Criteria Field or Admin Login Username
Multiple SQL injection vulnerabilities in eshtery CMS (aka eshtery.com) allow remote attackers to execute arbitrary SQL commands via the (1) Criteria field in an unspecified form related to catlgsearch.aspx or (2) user name to an unspecified form related to adminlogin.aspx.
by Abysssec
CVE-2010-1900 EXPLOITDB python VERIFIED
Microsoft Works 9 - Remote Code Execution via Malformed Word File Record
Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Works 9 do not properly handle malformed records in a Word file, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, aka "Word Record Parsing Vulnerability."
by Abysssec
EIP-2026-115394 EXPLOITDB text VERIFIED
HP Data Protector Media Operations 6.11 (Multiple Modules) - Null Pointer Dereference Denial of Service
by d0lc3
EIP-2026-111299 EXPLOITDB text VERIFIED
piwigo-2.1.2 - Multiple Vulnerabilities
by Sweet
EIP-2026-103252 EXPLOITDB text VERIFIED
YOPS - Web Server Remote Command Execution
by Rodrigo Escobar
EIP-2026-100119 EXPLOITDB text VERIFIED
ASP Nuke - SQL Injection
by Abysssec
CVE-2010-3457 EXPLOITDB text
Symphony CMS 2.0.7 and 2.1.1 - Cross-Site Scripting via Website Field or Recipient Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.0.7 and 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) fields[website] parameter in the post comments feature in articles/a-primer-to-symphony-2s-default-theme/ or (2) send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party information.
by JosS
CVE-2010-1247 EXPLOITDB python VERIFIED
Microsoft Office Excel 2002 SP3 - RCE
Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1249.
by Abysssec
CVE-2010-1813 EXPLOITDB text VERIFIED
iPhone OS < 4.1 - Remote Code Execution via HTML Object Outlines
WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving HTML object outlines.
by Jose A. Vazquez
CVE-2010-3458 EXPLOITDB text
Symphony CMS <2.1.1 - SQL Injection
SQL injection vulnerability in lib/toolkit/events/event.section.php in Symphony CMS 2.0.7 and 2.1.1 allows remote attackers to execute arbitrary SQL commands via the send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party information.
by JosS
CVE-2010-3426 EXPLOITDB text VERIFIED
JPhone <1.0 Alpha 3 - Path Traversal
Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
by Chip d3 bi0s
CVE-2010-3419 EXPLOITDB text
Haudenschilt Family Connections CMS 2.2.3 - Remote Code Execution via current_user_id Parameter
Multiple PHP remote file inclusion vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 2.2.3 allow remote attackers to execute arbitrary PHP code via a URL in the current_user_id parameter to (1) familynews.php and (2) settings.php.
by LoSt.HaCkEr
CVE-2009-3355 EXPLOITDB text VERIFIED
Datetopia Buy Dating Site 1.0 - Cross-Site Scripting via profile.php s_r Parameter
Cross-site scripting (XSS) vulnerability in profile.php in Datetopia Buy Dating Site 1.0 allows remote attackers to inject arbitrary web script or HTML via the s_r parameter.
by Moudi
EIP-2026-119520 EXPLOITDB python VERIFIED
Audiotran 1.4.2.4 - Local Overflow (SEH)
by Abhishek Lyall
EIP-2026-116713 EXPLOITDB python VERIFIED
Acoustica MP3 Audio Mixer 2.471 - Extended .M3U Directives (SEH)
by Carlos Mario Penagos Hollmann
CVE-2010-1199 EXPLOITDB python VERIFIED
Firefox 3.5.x-3.5.9 and 3.6.x-3.6.3 - Remote Code Execution via XSLT Node Sorting Integer Overflow
Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node.
by Abysssec
EIP-2026-113124 EXPLOITDB text
Visitors Google Map Lite 1.0.1 Free mod_visitorsgooglemap Module - SQL Injection
by Chip d3 bi0s
CVE-2010-4893 EXPLOITDB text VERIFIED
FestOS 2.3b - Cross-Site Scripting via Category Parameter
Cross-site scripting (XSS) vulnerability in foodvendors.php in FestOS 2.3b allows remote attackers to inject arbitrary web script or HTML via the category parameter in a details action.
by Abysssec
CVE-2010-3456 EXPLOITDB text VERIFIED
EnergyScripts Simple Download 1.0 - Path Traversal
Directory traversal vulnerability in download.php in EnergyScripts (ES) Simple Download 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
by Kazza