Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-0211 EXPLOITDB CRITICAL text VERIFIED
OpenLDAP 2.4.22 - Denial of Service via Invalid UTF-8 RDN String
The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.
by Ilkka Mattila
CVSS 9.8
CVE-2010-20121 EXPLOITDB CRITICAL python VERIFIED
EasyFTP Server <= 1.7.0.11 - Unauthenticated Stack-based Buffer Overflow via CWD Command
EasyFTP Server versions up to 1.7.0.11 contain a stack-based buffer overflow vulnerability in the FTP command parser. When processing the CWD (Change Working Directory) command, the server fails to properly validate the length of the input string, allowing attackers to overwrite memory on the stack. This flaw enables remote code execution without authentication, as EasyFTP allows anonymous access by default. The vulnerability was resolved in version 1.7.0.12, after which the product was renamed “UplusFtp.”
by fdiskyou
CVSS 9.8
CVE-2015-0096 EXPLOITDB text VERIFIED
Microsoft Windows Shell LNK Code Execution
Untrusted search path vulnerability in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, leading to DLL loading during Windows Explorer access to the icon of a crafted shortcut, aka "DLL Planting Remote Code Execution Vulnerability."
by Ivanlef0u
EIP-2026-116161 EXPLOITDB python VERIFIED
Really Simple IM 1.3beta - Denial of Service (PoC)
by loneferret
EIP-2026-115638 EXPLOITDB text VERIFIED
Microsoft DirectX 8/9 DirectPlay - Multiple Denial of Service Vulnerabilities
by Luigi Auriemma
EIP-2026-114503 EXPLOITDB text VERIFIED
YACS CMS 10.5.27 - 'context[path_to_root]' Remote File Inclusion
by eidelweiss
EIP-2026-111676 EXPLOITDB text VERIFIED
rapidCMS 2.0 - Authentication Bypass
by Mahjong
EIP-2026-110802 EXPLOITDB text
PHP-Fusion - Remote Command Execution
by ViRuS Qalaa
CVE-2010-2912 EXPLOITDB text
Kayako eSupport 3.70.02 - SQL Injection
SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the _a parameter in a downloads action.
by ScOrPiOn
EIP-2026-100828 EXPLOITDB text VERIFIED
iOffice 0.1 - 'parametre' Remote Command Execution
by Marshall Whittaker
CVE-2010-1869 EXPLOITDB perl VERIFIED
GPL GhostScript 8.64 and 8.70 - Stack-Based Buffer Overflow in PostScript Parser
Stack-based buffer overflow in the parser function in GhostScript 8.70 and 8.64 allows context-dependent attackers to execute arbitrary code via a crafted PostScript file.
by Rodrigo Rubira Branco
EIP-2026-100204 EXPLOITDB text VERIFIED
ClickAndRank Script - Authentication Bypass
by walid
CVE-2010-1039 EXPLOITDB c VERIFIED
NFS/ONCplus < b.11.31_09 - Remote Code Execution via Format String in RPC Request
Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name.
by Rodrigo Rubira Branco
CVE-2010-3187 EXPLOITDB perl VERIFIED
IBM AIX < 5.3 - Remote Code Execution via Long NLST Command
Buffer overflow in ftpd in IBM AIX 5.3 and earlier allows remote attackers to execute arbitrary code via a long NLST command.
by kingcope
CVE-2010-2911 EXPLOITDB text VERIFIED
Kayako eSupport <3.70.02 - SQL Injection
SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a viewnews action.
by Sid3^effects
EIP-2026-118485 EXPLOITDB python VERIFIED
EasyFTP Server 1.7.0.11 - 'MKD' (Authenticated) Remote Buffer Overflow
by Karn Ganeshen
EIP-2026-118482 EXPLOITDB python VERIFIED
EasyFTP Server 1.7.0.11 - 'LIST' (Authenticated) Remote Buffer Overflow
by Karn Ganeshen
EIP-2026-118290 EXPLOITDB html VERIFIED
Avant Browser 11.7 build 45 - Clickjacking
by Pouya Daneshmand
CVE-2010-2439 EXPLOITDB ruby VERIFIED
MoreAmp - Stack-based Buffer Overflow via Long Line in Song List File
Stack-based buffer overflow in MoreAmp allows remote attackers to execute arbitrary code via a long line in a song list (.maf file).
by Madjix
EIP-2026-112463 EXPLOITDB text
Subrion Auto Classifieds - Persistent Cross-Site Scripting
by Sid3^effects
CVE-2010-2912 EXPLOITDB text VERIFIED
Kayako eSupport 3.70.02 - SQL Injection
SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the _a parameter in a downloads action.
by Sid3^effects
CVE-2010-2919 EXPLOITDB text VERIFIED
StaticXT (com_staticxt) - SQL Injection via id Parameter
SQL injection vulnerability in the StaticXT (com_staticxt) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by Palyo34 & KroNicKq
EIP-2026-108550 EXPLOITDB text VERIFIED
Joomla! Component com_spa - SQL Injection (2)
by Palyo34 & KroNicKq
EIP-2026-107228 EXPLOITDB text
Freelancers Marketplace Script - Persistent Cross-Site Scripting
by Sid3^effects
EIP-2026-107227 EXPLOITDB text
Freelancer Marketplace Script - Arbitrary File Upload
by Sid3^effects