Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-112518 EXPLOITDB text VERIFIED
sX-Shop - Multiple SQL Injections
by CoBRa_21
EIP-2026-112517 EXPLOITDB text VERIFIED
sX-Shop - 'view_image.php' SQL Injection
by secret
EIP-2026-111051 EXPLOITDB text VERIFIED
PHPFinance 0.6 - '/group.php' SQL Injection / HTML Injection
by skskilL
CVE-2010-3030 EXPLOITDB html
Tomaz Muraus Open Blog 1.2.1 - CSRF
Cross-site request forgery (CSRF) vulnerability in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests that change the administrative password. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by High-Tech Bridge SA
CVE-2010-4925 EXPLOITDB text VERIFIED
Nuked-Klan Partenaires 1.5 - SQL Injection
SQL injection vulnerability in clic.php in the Partenaires module 1.5 for Nuked-Klan allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Metropolis
EIP-2026-109648 EXPLOITDB text VERIFIED
Muraus Open Blog - Multiple HTML Injection Vulnerabilities
by High-Tech Bridge SA
CVE-2010-4963 EXPLOITDB text VERIFIED
Hulihan BXR 0.6.8 - SQL Injection via order_by Parameter
SQL injection vulnerability in folder/list in Hulihan BXR 0.6.8 allows remote attackers to execute arbitrary SQL commands via the order_by parameter.
by High-Tech Bridge SA
EIP-2026-107672 EXPLOITDB text VERIFIED
Hulihan Applications Amethyst 0.1.5 - Multiple HTML Injection Vulnerabilities
by High-Tech Bridge SA
CVE-2010-3024 EXPLOITDB html VERIFIED
DiamondList 0.1.6 - Cross-Site Request Forgery in User Update Function
Multiple cross-site request forgery (CSRF) vulnerabilities in user/main/update_user in DiamondList 0.1.6, and possibly earlier, allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrative password or (2) change the site's configuration.
by High-Tech Bridge SA
CVE-2010-3023 EXPLOITDB text VERIFIED
DiamondList 0.1.6 - Cross-Site Scripting via Category Description and Site Title Parameters
Multiple cross-site scripting (XSS) vulnerabilities in DiamondList 0.1.6, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) category[description] parameter to user/main/update_category, which is not properly handled by _app/views/categories/index.html.erb; and the (2) setting[site_title] parameter to user/main/update_settings, which is not properly handled by _app/views/settings/_list_settings.rhtml.
by High-Tech Bridge SA
CVE-2010-3023 EXPLOITDB text VERIFIED
DiamondList 0.1.6 - Cross-Site Scripting via Category Description and Site Title Parameters
Multiple cross-site scripting (XSS) vulnerabilities in DiamondList 0.1.6, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) category[description] parameter to user/main/update_category, which is not properly handled by _app/views/categories/index.html.erb; and the (2) setting[site_title] parameter to user/main/update_settings, which is not properly handled by _app/views/settings/_list_settings.rhtml.
by High-Tech Bridge SA
CVE-2008-5949 EXPLOITDB text VERIFIED
cctiddly 1.7.4 and 1.7.6 - Remote Code Execution via cct_base Parameter
Multiple PHP remote file inclusion vulnerabilities in ccTiddly 1.7.4 and 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the cct_base parameter to (1) index.php; (2) handle/proxy.php; (3) header.php, (4) include.php, and (5) workspace.php in includes/; and (6) plugins/RSS/files/rss.php.
by eidelweiss
EIP-2026-105667 EXPLOITDB html
BXR 0.6.8 - Cross-Site Request Forgery
by High-Tech Bridge SA
CVE-2010-4955 EXPLOITDB text VERIFIED
APBoard Developers APBoard < 2.1.0 - SQL Injection via id Parameter
SQL injection vulnerability in board/board.php in APBoard Developers APBoard 2.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-3078.
by secret
EIP-2026-105161 EXPLOITDB html
Amethyst 0.1.5 - Cross-Site Scripting
by High-Tech Bridge SA
CVE-2010-2809 EXPLOITDB text VERIFIED
Uzbl <2010.08.05 - Command Injection
The default configuration of the <Button2> binding in Uzbl before 2010.08.05 does not properly use the @SELECTED_URI feature, which allows user-assisted remote attackers to execute arbitrary commands via a crafted HREF attribute of an A element in an HTML document.
by Chuzz
EIP-2026-100283 EXPLOITDB text VERIFIED
DT Centrepiece 4.5 - Cross-Site Scripting / Security Bypass
by High-Tech Bridge SA
EIP-2026-118536 EXPLOITDB html VERIFIED
FathFTP 1.8 - 'FileExists Method' ActiveX Buffer Overflow (SEH)
by H4kr3m
EIP-2026-118535 EXPLOITDB html VERIFIED
FathFTP 1.8 - 'EnumFiles Method' ActiveX Buffer Overflow (SEH)
by Madjix
EIP-2026-118534 EXPLOITDB html VERIFIED
FathFTP 1.8 - 'DeleteFile Method' ActiveX Buffer Overflow (SEH)
by Madjix
CVE-2009-1330 EXPLOITDB python VERIFIED
Easy RM to MP3 Converter - Stack-based Buffer Overflow via Long Filename in Playlist File
Stack-based buffer overflow in Easy RM to MP3 Converter allows remote attackers to execute arbitrary code via a long filename in a playlist (.pls) file.
by Oh Yaw Theng
EIP-2026-115497 EXPLOITDB perl VERIFIED
K-Meleon 1.x - URI Handling Multiple Denial of Service Vulnerabilities
by Lostmon
CVE-2010-1797 EXPLOITDB text VERIFIED
iPhone OS - Remote Code Execution via Crafted CFF Opcodes in Embedded Fonts
Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information.
by jailbreakme
CVE-2010-2709 EXPLOITDB text VERIFIED
HP OpenView Network Node Manager <7.53 - Buffer Overflow
Stack-based buffer overflow in webappmon.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long OvJavaLocale value in a cookie.
by Nahuel Riva
CVE-2010-2701 EXPLOITDB html VERIFIED
FathFTP ActiveX control <1.7 - Buffer Overflow
Multiple buffer overflows in the FathFTP ActiveX control 1.7 allow remote attackers to execute arbitrary code via (1) the GetFromURL member or (2) a long argument to the RasIsConnected method.
by Madjix