Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-104890 EXPLOITDB text VERIFIED
AbleSpace 1.0 - 'news.php' SQL Injection
by JaMbA
EIP-2026-104822 EXPLOITDB text VERIFIED
2DayBiz Matrimonial Script - SQL Injection / Cross-Site Scripting
by Sangteamtham
EIP-2026-104817 EXPLOITDB text VERIFIED
2DayBiz B2B Portal Script - 'selling_buy_leads1.php' SQL Injection
by r45c4l
CVE-2010-2691 EXPLOITDB text VERIFIED
2daybiz Custom T-Shirt Design Script - SQL Injection
Multiple SQL injection vulnerabilities in 2daybiz Custom T-Shirt Design Script allow remote attackers to execute arbitrary SQL commands via the (1) sbid parameter to products_details.php, (2) pid parameter to products/products.php, and (3) designid parameter to designview.php.
by Sangteamtham
CVE-2010-2246 EXPLOITDB text VERIFIED
feh < 1.8 - Remote Code Execution via URL Shell Metacharacters
feh before 1.8, when the --wget-timestamp option is enabled, might allow remote attackers to execute arbitrary commands via shell metacharacters in a URL.
by anonymous
CVE-2008-7257 EXPLOITDB text VERIFIED
Cisco ASA 5580 - CRLF Injection via WebVPN URI
CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary HTTP headers as demonstrated by a redirect attack involving a %0d%0aLocation%3a sequence in a URI, or conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCsr09163.
by Daniel King
CVE-2010-2509 EXPLOITDB text VERIFIED
2daybiz Web Template Software - Cross-Site Scripting via Category Keyword or Member Login Password Parameter
Multiple cross-site scripting (XSS) vulnerabilities in 2daybiz Web Template Software allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to category.php and the (2) password parameter to memberlogin.php.
by Sangteamtham
CVE-2010-1929 EXPLOITDB text VERIFIED
Novell iManager <=2.7.3 FTF2 - Authenticated RCE via EnteredClassID/NewClassName
Multiple stack-based buffer overflows in the jclient._Java_novell_jclient_JClient_defineClass@20 function in jclient.dll in the Tomcat web server in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allow remote authenticated users to execute arbitrary code via the (1) EnteredClassID or (2) NewClassName parameter to nps/servlet/webacc.
by Core Security Technologies
CVE-2009-10006 EXPLOITDB CRITICAL text VERIFIED
UFO: Alien Invasion <= 2.2.1 - Stack-based Buffer Overflow in IRC Client via Crafted 001 Message
UFO: Alien Invasion versions up to and including 2.2.1 contain a buffer overflow vulnerability in its built-in IRC client component. When the client connects to an IRC server and receives a crafted numeric reply (specifically a 001 message), the application fails to properly validate the length of the response string. This results in a stack-based buffer overflow, which may corrupt control flow structures and allow arbitrary code execution. The vulnerability is triggered during automatic IRC connection handling and does not require user interaction beyond launching the game.
by Jason Geffner
EIP-2026-117697 EXPLOITDB python VERIFIED
NO-IP.com Dynamic DNS Update Client 2.2.1 - 'Request' Insecure Encoding Algorithm
by sinn3r
EIP-2026-116564 EXPLOITDB perl VERIFIED
Winstats - '.fma' Local Buffer Overflow (PoC)
by Madjix
EIP-2026-116549 EXPLOITDB perl VERIFIED
Wincalc 2 - '.num' Local Buffer Overflow (PoC)
by Madjix
EIP-2026-116077 EXPLOITDB perl VERIFIED
Plotwn 18 - '.wp2' Local Buffer Overflow (PoC)
by Madjix
EIP-2026-115324 EXPLOITDB perl VERIFIED
Geomau 7 - '.wg2' Local Buffer Overflow (PoC)
by Madjix
EIP-2026-110299 EXPLOITDB text VERIFIED
OpenEMR Electronic Medical Record Software 3.2 - Multiple Vulnerabilities
by David Shaw
EIP-2026-110041 EXPLOITDB html VERIFIED
OneCMS 2.6.1 - 'short1' Cross-Site Scripting
by High-Tech Bridge SA
EIP-2026-110040 EXPLOITDB html VERIFIED
OneCMS 2.6.1 - 'search' SQL Injection
by High-Tech Bridge SA
EIP-2026-110039 EXPLOITDB text VERIFIED
OneCMS 2.6.1 - 'cat' Cross-Site Scripting
by High-Tech Bridge SA
EIP-2026-109148 EXPLOITDB text VERIFIED
Limny 2.1 - 'q' Cross-Site Scripting
by High-Tech Bridge SA
CVE-2010-2682 EXPLOITDB text
Realtyna Translator 1.0.15 - Path Traversal
Directory traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
by MISTERFRIBO
EIP-2026-105462 EXPLOITDB text VERIFIED
Big Forum 5.2 - Arbitrary File Upload / Local File Inclusion
by Zer0 Thunder
EIP-2026-105461 EXPLOITDB text VERIFIED
Big Forum - 'forum.php?id' SQL Injection
by JaMbA
CVE-2010-2618 EXPLOITDB text VERIFIED
Insanevisions Adapcms - Code Injection
PHP remote file inclusion vulnerability in inc/smarty/libs/init.php in AdaptCMS 2.0.0 Beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter. NOTE: it was later reported that 2.0.1 is also affected.
by v3n0m
EIP-2026-104925 EXPLOITDB text
ActiveCollab 2.3.0 - Local File Inclusion / Directory Traversal
by Jose Carlos de Arriba
EIP-2026-104888 EXPLOITDB text VERIFIED
AbleDating script - SQL Injection
by JaMbA