Exploitdb Exploits

2,009 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-104565 EXPLOITDB html VERIFIED
Apple Mac OSX Safari 8.0 - Crash (PoC)
by w3bd3vil
CVE-2014-6332 EXPLOITDB HIGH html VERIFIED
Microsoft Windows - Remote Code Execution via SafeArrayDimen Function
OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka "Windows OLE Automation Array Remote Code Execution Vulnerability."
by yuange
CVSS 8.8
CVE-2014-7281 EXPLOITDB html
Tenda A32 Firmware 5.07.53_CN - Cross-Site Request Forgery via SysToolReboot
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot.
by zixian
CVE-2012-1876 EXPLOITDB html VERIFIED
Microsoft Internet Explorer 6-9 and 10 Consumer Preview - Remote Code Execution via Col Element Handling
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
by ryujin & sickness
CVE-2014-7190 EXPLOITDB html
Openfiler 2.99.1 - Cross-Site Request Forgery via System Shutdown/Reboot
Multiple cross-site request forgery (CSRF) vulnerabilities in Openfiler 2.99.1 allow remote attackers to hijack the authentication of administrators for requests that (1) shutdown or (2) reboot the server via a request to admin/system_shutdown.html.
by Dolev Farhi
EIP-2026-114244 EXPLOITDB html VERIFIED
WordPress Plugin WP to Twitter - Authentication Bypass
by Voxel@Night
EIP-2026-113929 EXPLOITDB html VERIFIED
WordPress Plugin Ninja Forms 2.7.7 - Authentication Bypass
by Voxel@Night
CVE-2014-1815 EXPLOITDB html
Microsoft Internet Explorer <11 - Code Injection
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as exploited in the wild in May 2014, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0310.
by PhysicalDrive0
CVE-2014-5347 EXPLOITDB html
Disqus Comment System < 2.76 - Cross-Site Request Forgery via Multiple Parameters
Multiple cross-site request forgery (CSRF) vulnerabilities in the Disqus Comment System plugin before 2.76 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) disqus_replace, (2) disqus_public_key, or (3) disqus_secret_key parameter to wp-admin/edit-comments.php in manage.php or that (4) reset or (5) delete plugin options via the reset parameter to wp-admin/edit-comments.php.
by Nik Cubrilovic
EIP-2026-112201 EXPLOITDB html
SkaDate Lite 2.0 - Multiple Cross-Site Request Forgery / Persistent Cross-Site Scripting Vulnerabilities
by LiquidWorm
CVE-2014-4736 EXPLOITDB html VERIFIED
blogengine e2 < 2.4 - SQL Injection via note-id Parameter
SQL injection vulnerability in E2 before 2.4 (2845) allows remote attackers to execute arbitrary SQL commands via the note-id parameter to @actions/comment-process.
by High-Tech Bridge
CVE-2014-4968 EXPLOITDB HIGH html
Boat Browser 8.0 and 8.0.1 - Remote Code Execution via WebView.addJavascriptInterface
The WebView class and use of the WebView.addJavascriptInterface method in the Boat Browser application 8.0 and 8.0.1 for Android allow remote attackers to execute arbitrary code via a crafted web site, a related issue to CVE-2012-6636.
by c0otlass
CVSS 8.8
EIP-2026-113656 EXPLOITDB html VERIFIED
WordPress Plugin CopySafe PDF Protection - Arbitrary File Upload
by Jagriti Sahu
EIP-2026-113331 EXPLOITDB html VERIFIED
WEBMIS CMS - Arbitrary File Upload
by Jagriti Sahu
CVE-2014-2782 EXPLOITDB html
Microsoft Internet Explorer 9-11 - Remote Code Execution via Memory Corruption
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.
by Drozdova Liudmila
CVE-2012-1876 EXPLOITDB html VERIFIED
Microsoft Internet Explorer 6-9 and 10 Consumer Preview - Remote Code Execution via Col Element Handling
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
by sickness
CVE-2014-4716 EXPLOITDB html
Thomson TWG87OUIR - Cross-Site Request Forgery via Password Change Form
Cross-site request forgery (CSRF) vulnerability in Thomson TWG87OUIR allows remote attackers to hijack the authentication of unspecified victims for requests that change passwords via the Password and PasswordReEnter parameters to goform/RgSecurity.
by nopesled
CVE-2014-0282 EXPLOITDB html VERIFIED
Microsoft Internet Explorer 6-11 - Memory Corruption
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1775, CVE-2014-1779, CVE-2014-1799, CVE-2014-1803, and CVE-2014-2757.
by Drozdova Liudmila
EIP-2026-114324 EXPLOITDB html VERIFIED
WordPress Theme Elegance - '/elegance/lib/scripts/dl-skin.php' Local File Disclosure
by Felipe Andrian Peixoto
EIP-2026-115682 EXPLOITDB html VERIFIED
Microsoft Internet Explorer 11 - WeakMap Integer Divide-by-Zero
by Pawel Wylecial
CVE-2014-3866 EXPLOITDB html VERIFIED
Usercake < 2.0.2 - Cross-Site Request Forgery via User Settings
Multiple cross-site request forgery (CSRF) vulnerabilities in user_settings.php in Usercake 2.0.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that change the (1) administrative password via the passwordc parameter or (2) administrative e-mail address via the email parameter.
by Dolev Farhi
CVE-2014-3854 EXPLOITDB html VERIFIED
Pyplate 0.08 - Cross-Site Request Forgery via Title Parameter
Cross-site request forgery (CSRF) vulnerability in admin/addScript.py in Pyplate 0.08 allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the title parameter.
by Henri Salo
EIP-2026-118266 EXPLOITDB html VERIFIED
AoA MP4 Converter 4.1.2 - ActiveX
by metacom
EIP-2026-118265 EXPLOITDB html
AoA DVD Creator 2.6.2 - ActiveX
by metacom
EIP-2026-118264 EXPLOITDB html
AoA Audio Extractor Basic 2.3.7 - ActiveX
by metacom
By Source
All 2,009 Writeup 62,021 Exploitdb 50,076 Nomisec 22,325 Github 3,504 Metasploit 3,295 Vulncheck_xdb 926 Inthewild 514 Gitlab 470 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,507 ruby 5,985 c 3,621 perl 2,849 html 2,072 php 1,332 bash 462 java 370 c++ 257 javascript 228 shell 127 go 72 postscript 25 typescript 25