Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-105964 EXPLOITDB text VERIFIED
CMS Contentia - 'news.php' SQL Injection
by GlaDiaT0R
EIP-2026-105359 EXPLOITDB html VERIFIED
b2evolution 3.3.3 - Cross-Site Request Forgery
by saudi0hacker
EIP-2026-103894 EXPLOITDB text VERIFIED
dotDefender - Cross-Site Scripting Security Bypass
by SH4V
CVE-2010-3676 EXPLOITDB text VERIFIED
Oracle MySQL 5.1 - Authenticated Denial of Service via InnoDB Configuration Parameter Modification
storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement.
by Elena Stepanova
CVE-2010-3213 EXPLOITDB text VERIFIED
Microsoft Outlook Web Access <SP2 - CSRF
Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule.
by Rosario Valotta
EIP-2026-119080 EXPLOITDB text VERIFIED
Real Player 12.0.0.879 - Code Execution
by webDEViL
CVE-2010-2701 EXPLOITDB html VERIFIED
FathFTP ActiveX control <1.7 - Buffer Overflow
Multiple buffer overflows in the FathFTP ActiveX control 1.7 allow remote attackers to execute arbitrary code via (1) the GetFromURL member or (2) a long argument to the RasIsConnected method.
by blake
CVE-2010-2627 EXPLOITDB text VERIFIED
Battlefield 2 < 2.1.50 and Battlefield 2142 < 1.10.48.0 - Path Traversal via Logo and Map Download URLs
Multiple directory traversal vulnerabilities in the Refractor 2 engine, as used in Battlefield 2 1.50 (1.5.3153-802.0) and earlier, and Battlefield 2142 (1.10.48.0) and earlier, allow remote servers to overwrite arbitrary files on the client via "..\" (dot dot backslash) sequences in URLs for the (1) sponsor or (2) community logos, and other URLs related to (3) DemoDownloadURL, (4) DemoIndexURL and (5) CustomMapsURL.
by Luigi Auriemma
CVE-2008-4008 EXPLOITDB ruby VERIFIED
BEA Product Suite - Unspecified Vuln
Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
by Metasploit
CVE-2007-6377 EXPLOITDB ruby VERIFIED
BadBlue < 2.72b - Remote Code Execution via PassThru Query String Overflow
Stack-based buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier allows remote attackers to execute arbitrary code via a long query string.
by Metasploit
EIP-2026-115777 EXPLOITDB text VERIFIED
Microsoft Windows - 'cmd.exe' Unicode Buffer Overflow (SEH)
by bitform
EIP-2026-115460 EXPLOITDB perl VERIFIED
IrcDelphi Daemon Server - Denial of Service
by Crash
EIP-2026-115327 EXPLOITDB text VERIFIED
Ghost Recon Advanced Warfighter - Integer Overflow / Array Indexing Overflow
by Luigi Auriemma
EIP-2026-114658 EXPLOITDB text VERIFIED
Zylone IT - Multiple Blind SQL Injections
by Callo
EIP-2026-111284 EXPLOITDB text
Pithcms - 'theme' Local/Remote File Inclusion
by eidelweiss
EIP-2026-110571 EXPLOITDB text
PG Social Networking - Arbitrary File Upload
by SONIC
CVE-2010-2856 EXPLOITDB text VERIFIED
osCSS < 1.2.2 - Cross-Site Scripting via Page Parameter
Cross-site scripting (XSS) vulnerability in admin/currencies.php in osCSS 1.2.2, and probably earlier versions, allows remote attackers to inject arbitrary web script or HTML via the page parameter.
by High-Tech Bridge SA
CVE-2010-2857 EXPLOITDB text VERIFIED
com_music - Path Traversal via Album CID Parameter
Directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the cid parameter to album.html.
by Sid3^effects
EIP-2026-107860 EXPLOITDB text
Inout Music 1.0 - Arbitrary File Upload
by SONIC
EIP-2026-107855 EXPLOITDB text
Inout Article Base Ultimate - Arbitrary File Upload
by SONIC
EIP-2026-107853 EXPLOITDB text
Inout Ad server Ultimate - Arbitrary File Upload
by SONIC
EIP-2026-104621 EXPLOITDB python VERIFIED
UFO: Alien Invasion 2.2.1 (OSX Snow Leopard) - IRC Client Remote Code Execution (ROP)
by d1dn0t
CVE-2010-2621 EXPLOITDB text VERIFIED
Digia QT < 4.6.3 - Improper Input Validation
The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request.
by Luigi Auriemma
CVE-2010-0832 EXPLOITDB bash VERIFIED
libpam-modules <1.1.0-2ubuntu1.1/1.1.1-2ubuntu5 - Privilege Escalation
pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to "user file stamps" and the motd.legal-notice file.
by Kristian Erik Hermansen
CVE-2010-4987 EXPLOITDB text
KMSoft Guestbook - SQL Injection via p Parameter
SQL injection vulnerability in default.asp in KMSoft Guestbook (aka GBook) allows remote attackers to execute arbitrary SQL commands via the p parameter.
by SONIC