Exploitdb Exploits

2,012 exploits tracked across all sources.

Sort: Activity Stars
CVE-2014-9344 EXPLOITDB html
Snowfox CMS <1.0.10 - CSRF
Cross-site request forgery (CSRF) vulnerability in Snowfox CMS before 1.0.10 allows remote attackers to hijack the authentication of administrators for requests that add a new admin account via a submit action in the admin/accounts/create uri to snowfox/.
by LiquidWorm
CVE-2012-1876 EXPLOITDB html VERIFIED
Microsoft Internet Explorer - Code Injection
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
by ryujin & sickness
EIP-2026-104565 EXPLOITDB html VERIFIED
Apple Mac OSX Safari 8.0 - Crash (PoC)
by w3bd3vil
CVE-2014-6332 EXPLOITDB HIGH html VERIFIED
Microsoft Windows - RCE
OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka "Windows OLE Automation Array Remote Code Execution Vulnerability."
by yuange
CVSS 8.8
CVE-2014-7281 EXPLOITDB html
Tenda A32 Router 5.07.53_CN - CSRF
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot.
by zixian
CVE-2012-1876 EXPLOITDB html VERIFIED
Microsoft Internet Explorer - Code Injection
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
by ryujin & sickness
CVE-2014-7190 EXPLOITDB html
Openfiler 2.99.1 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Openfiler 2.99.1 allow remote attackers to hijack the authentication of administrators for requests that (1) shutdown or (2) reboot the server via a request to admin/system_shutdown.html.
by Dolev Farhi
EIP-2026-114244 EXPLOITDB html VERIFIED
WordPress Plugin WP to Twitter - Authentication Bypass
by Voxel@Night
EIP-2026-113929 EXPLOITDB html VERIFIED
WordPress Plugin Ninja Forms 2.7.7 - Authentication Bypass
by Voxel@Night
CVE-2014-1815 EXPLOITDB html
Microsoft Internet Explorer <11 - Code Injection
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as exploited in the wild in May 2014, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0310.
by PhysicalDrive0
CVE-2014-5347 EXPLOITDB html
Disqus Comment System < 2.75 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in the Disqus Comment System plugin before 2.76 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) disqus_replace, (2) disqus_public_key, or (3) disqus_secret_key parameter to wp-admin/edit-comments.php in manage.php or that (4) reset or (5) delete plugin options via the reset parameter to wp-admin/edit-comments.php.
by Nik Cubrilovic
EIP-2026-112201 EXPLOITDB html
SkaDate Lite 2.0 - Multiple Cross-Site Request Forgery / Persistent Cross-Site Scripting Vulnerabilities
by LiquidWorm
CVE-2014-4736 EXPLOITDB html VERIFIED
E2 <2.4 - SQL Injection
SQL injection vulnerability in E2 before 2.4 (2845) allows remote attackers to execute arbitrary SQL commands via the note-id parameter to @actions/comment-process.
by High-Tech Bridge
CVE-2014-4968 EXPLOITDB HIGH html
Boat Browser <8.0.1 - RCE
The WebView class and use of the WebView.addJavascriptInterface method in the Boat Browser application 8.0 and 8.0.1 for Android allow remote attackers to execute arbitrary code via a crafted web site, a related issue to CVE-2012-6636.
by c0otlass
CVSS 8.8
EIP-2026-113656 EXPLOITDB html VERIFIED
WordPress Plugin CopySafe PDF Protection - Arbitrary File Upload
by Jagriti Sahu
EIP-2026-113331 EXPLOITDB html VERIFIED
WEBMIS CMS - Arbitrary File Upload
by Jagriti Sahu
CVE-2014-2782 EXPLOITDB html
Microsoft Internet Explorer - Memory Corruption
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.
by Drozdova Liudmila
CVE-2012-1876 EXPLOITDB html VERIFIED
Microsoft Internet Explorer - Code Injection
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
by sickness
CVE-2014-4716 EXPLOITDB html
Thomson TWG87OUIR - CSRF
Cross-site request forgery (CSRF) vulnerability in Thomson TWG87OUIR allows remote attackers to hijack the authentication of unspecified victims for requests that change passwords via the Password and PasswordReEnter parameters to goform/RgSecurity.
by nopesled
CVE-2014-0282 EXPLOITDB html VERIFIED
Microsoft Internet Explorer 6-11 - Memory Corruption
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1775, CVE-2014-1779, CVE-2014-1799, CVE-2014-1803, and CVE-2014-2757.
by Drozdova Liudmila
EIP-2026-114324 EXPLOITDB html VERIFIED
WordPress Theme Elegance - '/elegance/lib/scripts/dl-skin.php' Local File Disclosure
by Felipe Andrian Peixoto
EIP-2026-115682 EXPLOITDB html VERIFIED
Microsoft Internet Explorer 11 - WeakMap Integer Divide-by-Zero
by Pawel Wylecial
CVE-2014-3866 EXPLOITDB html VERIFIED
Usercake < 2.0.2 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in user_settings.php in Usercake 2.0.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that change the (1) administrative password via the passwordc parameter or (2) administrative e-mail address via the email parameter.
by Dolev Farhi
CVE-2014-3854 EXPLOITDB html VERIFIED
Pyplate - CSRF
Cross-site request forgery (CSRF) vulnerability in admin/addScript.py in Pyplate 0.08 allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the title parameter.
by Henri Salo
EIP-2026-118266 EXPLOITDB html VERIFIED
AoA MP4 Converter 4.1.2 - ActiveX
by metacom
By Source
All 2,012 Exploitdb 50,123 Writeup 46,610 Nomisec 21,121 Metasploit 3,189 Github 2,231 Vulncheck_xdb 900 Inthewild 518 Gitlab 438 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,731 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 259 c++ 245 shell 68 go 41 postscript 25 xml 24