Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-108339 EXPLOITDB text
Joomla! Component com_equipment - SQL Injection
by Forza-Dz
EIP-2026-106015 EXPLOITDB html VERIFIED
CMSimple 3.3 - Cross-Site Scripting / Cross-Site Request Forgery
by High-Tech Bridge SA
EIP-2026-104810 EXPLOITDB text VERIFIED
123 Flash Chat 7.8 - Multiple Vulnerabilities
by Lincoln
EIP-2026-117879 EXPLOITDB python VERIFIED
Rosoft Media Player 4.4.4 - Local Buffer Overflow (SEH) (2)
by dijital1
EIP-2026-114637 EXPLOITDB html VERIFIED
Zomplog 3.9 - Cross-Site Scripting / Cross-Site Request Forgery
by 10n1z3d
EIP-2026-114634 EXPLOITDB text VERIFIED
Zomplog 3.9 - 'message' Cross-Site Scripting
by 10n1z3d
CVE-2010-4931 EXPLOITDB php
php-fusion - Path Traversal via folder_level Parameter
Directory traversal vulnerability in maincore.php in PHP-Fusion allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder_level parameter. NOTE: this issue has been disputed by a reliable third party
by MoDaMeR
CVE-2010-4938 EXPLOITDB text VERIFIED
Joomla! com_weblinks - SQL Injection via Itemid Parameter
SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a categories action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by ViRuS Qalaa
EIP-2026-108346 EXPLOITDB text VERIFIED
Joomla! Component com_fireboard - 'Itemid' SQL Injection
by ViRuS Qalaa
EIP-2026-107520 EXPLOITDB text
Guestbook Script PHP - Cross-Site Scripting / HTML Injection
by AnTi SeCuRe
EIP-2026-106031 EXPLOITDB php
CMSQLite 1.2 / CMySQLite 1.3.1 - Remote Code Execution
by BlackHawk
CVE-2007-3336 EXPLOITDB python VERIFIED
Ingres database server <9.0.4 - RCE
Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.
by fdiskyou
CVE-2010-2862 EXPLOITDB text VERIFIED
Adobe Reader 8.2.3 and 9.3.3 and Acrobat 9.3.3 - Remote Code Execution via TrueType Font maxCompositePoints Overflow
Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table.
by Ramz Afzar
EIP-2026-112398 EXPLOITDB text VERIFIED
Sports Accelerator Suite 2.0 - 'news_id' SQL Injection
by LiquidWorm
EIP-2026-112007 EXPLOITDB text
sFileManager 24a - Local File Inclusion
by Pepelux
EIP-2026-111903 EXPLOITDB html
Saurus CMS Admin Panel - Multiple Cross-Site Request Forgery Vulnerabilities
by Fady Mohammed Osman
EIP-2026-104916 EXPLOITDB text
ACollab - Multiple Vulnerabilities
by AmnPardaz
CVE-2010-2861 EXPLOITDB CRITICAL python VERIFIED
Adobe ColdFusion <9.0.1 - Path Traversal
Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.
by anonymous
CVSS 9.8
CVE-2010-20042 EXPLOITDB HIGH python VERIFIED
Xion Audio Player <1.0.126 - Buffer Overflow
Xion Audio Player versions 1.0.126 and prior are vulnerable to a Unicode-based stack buffer overflow triggered by opening a specially crafted .m3u playlist file. The file contains an overly long string that overwrites the Structured Exception Handler (SEH) chain, allowing an attacker to hijack execution flow and run arbitrary code.
by corelanc0d3r
EIP-2026-118878 EXPLOITDB text VERIFIED
Microsoft Windows Kerberos - 'Pass The Ticket' Replay Security Bypass
by Emmanuel Bouillon
EIP-2026-116252 EXPLOITDB text VERIFIED
SmartCode ServerX VNC Server ActiveX 1.1.5.0 - 'scvncsrvx.dll' Denial of Service
by LiquidWorm
EIP-2026-111346 EXPLOITDB text
Plogger - Remote File Disclosure
by Mr.tro0oqy
CVE-2010-4939 EXPLOITDB text
MailForm 1.2 - Remote Code Execution via Theme Parameter
PHP remote file inclusion vulnerability in index.php in MailForm 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the theme parameter.
by LoSt.HaCkEr
CVE-2010-4934 EXPLOITDB text
Get Tube < 4.51 - SQL Injection via video.php id Parameter
SQL injection vulnerability in video.php in Get Tube 4.51 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Mr.P3rfekT
EIP-2026-106771 EXPLOITDB text VERIFIED
Edit-X PHP CMS - 'search_text' Cross-Site Scripting
by High-Tech Bridge SA