Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-114952 EXPLOITDB text
Autodesk MapGuide Viewer - ActiveX Denial of Service
by d3b4g
EIP-2026-111825 EXPLOITDB text VERIFIED
Rumba XML 2.4 - 'index.php' Multiple HTML Injection Vulnerabilities
by High-Tech Bridge SA
EIP-2026-110710 EXPLOITDB text VERIFIED
PHP Joke Site Software - 'sbjoke_id' SQL Injection
by h4ck3r
CVE-2010-4879 EXPLOITDB text
dompdf 0.6.0 beta1 - Remote Code Execution via input_file Parameter
PHP remote file inclusion vulnerability in dompdf.php in dompdf 0.6.0 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the input_file parameter.
by Andre_Corleone
EIP-2026-106221 EXPLOITDB python VERIFIED
Cpanel PHP - Restriction Bypass
by Abysssec
EIP-2026-105235 EXPLOITDB html VERIFIED
ArtGK CMS - Cross-Site Scripting / HTML Injection
by High-Tech Bridge SA
EIP-2026-105163 EXPLOITDB text VERIFIED
Amiro.CMS 5.8.4.0 - Multiple HTML Injection Vulnerabilities
by High-Tech Bridge SA
EIP-2026-104530 EXPLOITDB text VERIFIED
Novell Netware 6.5 - OpenSSH Remote Stack Overflow
by Francis Provencher
EIP-2026-113228 EXPLOITDB text VERIFIED
Web-Ideas Web Shop Standard - SQL Injection
by Ariko-Security
CVE-2010-4876 EXPLOITDB python VERIFIED
mBlogger 1.0.04 - SQL Injection via viewpost.php postID Parameter
SQL injection vulnerability in viewpost.php in mBlogger 1.0.04 allows remote attackers to execute arbitrary SQL commands via the postID parameter.
by Ptrace Security
CVE-2010-3211 EXPLOITDB text VERIFIED
JE FAQ Pro 1.5.0 - SQL Injection
Multiple SQL injection vulnerabilities in the JE FAQ Pro (com_jefaqpro) component 1.5.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via category categorylist operations with (1) the catid parameter or (2) the catid parameter in a lists action.
by Chip d3 bi0s
CVE-2010-3003 EXPLOITDB text VERIFIED
HP Insight Diagnostics Online Edition <8.5.0-11 - XSS
Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.0-11 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by Mr Teatime
CVE-2010-3003 EXPLOITDB text VERIFIED
HP Insight Diagnostics Online Edition <8.5.0-11 - XSS
Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.0-11 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by Mr Teatime
CVE-2010-3003 EXPLOITDB text VERIFIED
HP Insight Diagnostics Online Edition <8.5.0-11 - XSS
Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.0-11 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by Mr Teatime
CVE-2010-3003 EXPLOITDB text VERIFIED
HP Insight Diagnostics Online Edition <8.5.0-11 - XSS
Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.0-11 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by Mr Teatime
CVE-2010-3003 EXPLOITDB text VERIFIED
HP Insight Diagnostics Online Edition <8.5.0-11 - XSS
Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.0-11 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by Mr Teatime
EIP-2026-119234 EXPLOITDB c VERIFIED
UltraVNC 1.0.8.2 - DLL Loading Arbitrary Code Execution
by Ivan Markovic
CVE-2005-1983 EXPLOITDB ruby VERIFIED
Microsoft Windows 2000 and XP SP1 - Stack-Based Buffer Overflow in Plug and Play Service
Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
by Metasploit
EIP-2026-115621 EXPLOITDB python VERIFIED
Mereo 1.9.2 - Remote HTTP Server Denial of Service
by CwG GeNiuS
CVE-2010-1818 EXPLOITDB text VERIFIED
Apple QuickTime - Remote Code Execution via Untrusted Pointer Unmarshalling
The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the _Marshaled_pUnk attribute, which triggers unmarshalling of an untrusted pointer.
by Ruben Santamarta
CVE-2010-3209 EXPLOITDB text
Seagull 0.6.7 - Remote File Inclusion via Multiple Parameters
Multiple PHP remote file inclusion vulnerabilities in Seagull 0.6.7 allow remote attackers to execute arbitrary PHP code via a URL in the includeFile parameter to (1) Config/Container.php and (2) HTML/QuickForm.php in fog/lib/pear/, the (3) driverpath parameter to fog/lib/pear/DB/NestedSet.php, and the (4) path parameter to fog/lib/pear/DB/NestedSet/Output.php.
by FoX HaCkEr
CVE-2010-3203 EXPLOITDB text VERIFIED
com_picsell 1.0 - Path Traversal via dflink Parameter
Directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfree action to index.php.
by Craw
EIP-2026-117913 EXPLOITDB ruby VERIFIED
SnackAmp 3.1.2 - SMP Buffer Overflow (SEH)
by James Fitts
EIP-2026-116258 EXPLOITDB ruby VERIFIED
SnackAmp 3.1.2 - '.wav' Buffer Overflow (PoC)
by James Fitts
EIP-2026-113360 EXPLOITDB text VERIFIED
WebsiteKit Gbplus - 'Name' / 'Body' HTML Injection
by MiND