Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-2383 EXPLOITDB text VERIFIED
Oracle Solaris <10 - Info Disclosure
Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect confidentiality and integrity, related to NFS.
by Frank Stuart
CVE-2010-0916 EXPLOITDB text VERIFIED
Oracle OpenSolaris 10 - Info Disclosure
Unspecified vulnerability in Oracle OpenSolaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to rdist.
by Monarch Rich
EIP-2026-108500 EXPLOITDB text
Joomla! Component com_qcontacts - SQL Injection
by _mlk_
EIP-2026-107696 EXPLOITDB text VERIFIED
I-net Enquiry Management Script - SQL Injection
by D4rk357
EIP-2026-106443 EXPLOITDB html VERIFIED
Diferior CMS 8.03 - Multiple Cross-Site Request Forgery Vulnerabilities
by 10n1z3d
EIP-2026-106437 EXPLOITDB text VERIFIED
Diem 5.1.2 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
EIP-2026-106284 EXPLOITDB text
CustomCMS - Persistent Cross-Site Scripting
by Sid3^effects
CVE-2010-2917 EXPLOITDB text
AJ Square AJ Article 3.0 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AJ Square AJ Article 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) emailid, (2) fname, (3) lname, (4) company, (5) address1, (6) address2, (7) city, (8) state, (9) zipcode, (10) phone, and (11) fax parameters in an update action. NOTE: some of these details are obtained from third party information.
by Sid3^effects
CVE-2010-2375 EXPLOITDB text VERIFIED
Oracle Fusion Middleware - Confidentiality Integrity
Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
by Timothy D. Morgan
CVE-2010-2370 EXPLOITDB text VERIFIED
Oracle Fusion Middleware <10.3 - Info Disclosure
Unspecified vulnerability in the Oracle Business Process Management component in Oracle Fusion Middleware 5.7 MP3, 6.0 MP5, and 10.3 MP2 allows remote attackers to affect integrity, related to BPM.
by Markot
EIP-2026-102725 EXPLOITDB html VERIFIED
Qt 4.6.3 - 'QTextEngine::LayoutData::reallocate()' Memory Corruption
by D4rk357
CVE-2009-20005 EXPLOITDB CRITICAL ruby VERIFIED
InterSystems Caché 2009.1 - Buffer Overflow
A stack-based buffer overflow exists in the UtilConfigHome.csp endpoint of InterSystems Caché 2009.1. The vulnerability is triggered by sending a specially crafted HTTP GET request containing an oversized argument to the .csp handler. Due to insufficient bounds checking, the input overflows a stack buffer, allowing an attacker to overwrite control structures and execute arbitrary code. It is unknown if this vulnerability was patched and an affected version range remains undefined.
by Metasploit
CVE-2006-5112 EXPLOITDB ruby VERIFIED
InterVations NaviCOPA Web Server 2.01 - RCE
Buffer overflow in InterVations NaviCOPA Web Server 2.01 allows remote attackers to execute arbitrary code via a long HTTP GET request.
by Metasploit
CVE-2009-0075 EXPLOITDB ruby VERIFIED
Microsoft Internet Explorer 7 - Uninitialized Memory Corruption
Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulnerability."
by Metasploit
CVE-2009-3672 EXPLOITDB ruby VERIFIED
Microsoft Internet Explorer 6 and 7 - Remote Code Execution via STYLE Tag Memory Corruption
Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory that (1) were not properly initialized or (2) are deleted, which allows remote attackers to execute arbitrary code via vectors involving a call to the getElementsByTagName method for the STYLE tag name, selection of the single element in the returned list, and a change to the outerHTML property of this element, related to Cascading Style Sheets (CSS) and mshtml.dll, aka "HTML Object Memory Corruption Vulnerability." NOTE: some of these details are obtained from third party information. NOTE: this issue was originally assigned CVE-2009-4054, but Microsoft assigned a duplicate identifier of CVE-2009-3672. CVE consumers should use this identifier instead of CVE-2009-4054.
by Metasploit
CVE-2010-0249 EXPLOITDB HIGH ruby VERIFIED
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 - Use-After-Free via HTML Object Memory Corruption
Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory, as exploited in the wild in December 2009 and January 2010 during Operation Aurora, aka "HTML Object Memory Corruption Vulnerability."
by Metasploit
CVSS 8.8
CVE-2005-4085 EXPLOITDB ruby VERIFIED
BlueCoat WinProxy < 6.1a and ProxyAV < 2.4.2.3 - Remote Code Execution via Long Host Header
Buffer overflow in BlueCoat (a) WinProxy before 6.1a and (b) the web console access functionality in ProxyAV before 2.4.2.3 allows remote attackers to execute arbitrary code via a long Host: header.
by Metasploit
EIP-2026-115996 EXPLOITDB html VERIFIED
Opera - Canvas Element (Denial of Service)
by Pouya Daneshmand
EIP-2026-115098 EXPLOITDB c VERIFIED
Corel WordPerfect Office X5 15.0.0.357 - 'wpd' Buffer Overflow (PoC)
by LiquidWorm
EIP-2026-115096 EXPLOITDB text VERIFIED
Corel Presentations X5 15.0.0.357 - 'shw' Buffer Preoccupation (PoC)
by LiquidWorm
CVE-2010-2382 EXPLOITDB bash VERIFIED
Oracle Solaris <10 - Info Disclosure
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality and integrity via unknown vectors.
by Frank Stuart
EIP-2026-112648 EXPLOITDB html VERIFIED
TheHostingTool 1.2.2 - Multiple Cross-Site Request Forgery Vulnerabilities
by 10n1z3d
EIP-2026-108670 EXPLOITDB text VERIFIED
Joomla! Component healthstats - Persistent Cross-Site Scripting
by Sid3^effects
EIP-2026-108632 EXPLOITDB text VERIFIED
Joomla! Component EasyBlog - Persistent Cross-Site Scripting
by Sid3^effects
CVE-2010-2615 EXPLOITDB html VERIFIED
grafik_cms 1.1.2 - Cross-Site Scripting via page_menu and description Parameters
Multiple cross-site scripting (XSS) vulnerabilities in admin/admin.php in Grafik CMS 1.1.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) page_menu and (2) description parameters in an edit_page action.
by 10n1z3d