Exploitdb Exploits

2,809 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-116851 EXPLOITDB perl
AutoCAD DWG and DXF To PDF Converter 2.2 - Local Buffer Overflow
by Robbie Corley
CVE-2015-7243 EXPLOITDB perl VERIFIED
Boxoft WAV to MP3 Converter - Buffer Overflow via Crafted WAV File
Buffer overflow in Boxoft WAV to MP3 Converter allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted WAV file.
by Robbie Corley
EIP-2026-116058 EXPLOITDB perl VERIFIED
PFTP Server 8.0f Lite - textfield Local Buffer Overflow (SEH) (PoC)
by Robbie Corley
EIP-2026-115742 EXPLOITDB perl
Microsoft Office 2007 - 'msxml5.dll' Crash (PoC)
by Mohammad Reza Espargham
EIP-2026-102190 EXPLOITDB perl
Viber 4.2.0 - Non-Printable Characters Handling Denial of Service
by Mohammad Reza Espargham
EIP-2026-102567 EXPLOITDB perl VERIFIED
Brasero - Crash (PoC)
by Mohammad Reza Espargham
EIP-2026-115522 EXPLOITDB perl VERIFIED
KMPlayer 3.9.x - '.srt' Crash (PoC)
by Peyman Motevalli Manesh
EIP-2026-115103 EXPLOITDB perl
Counter-Strike 1.6 - 'GameInfo' Query Reflection Denial of Service (PoC)
by Todor Donev
EIP-2026-103690 EXPLOITDB perl
UPNPD M-SEARCH - ssdp:discover Reflection Denial of Service
by Todor Donev
EIP-2026-103599 EXPLOITDB perl
NTPD - MON_GETLIST Query Amplification Denial of Service
by Todor Donev
EIP-2026-102582 EXPLOITDB perl VERIFIED
File Roller v3.4.1 - Denial of Service (PoC)
by Arsyntex
CVE-2013-0230 EXPLOITDB perl
miniupnpd 1.0 - Remote Code Execution via Long Quoted Method in SOAPAction Handler
Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quoted method.
by Todor Donev
CVE-2013-5223 EXPLOITDB MEDIUM perl
D-Link DSL-2760U Firmware < 1.12 - Authenticated Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username parameter to (2) ddnsmngr.cmd or (3) todmngr.tod, (4) TodUrlAdd parameter to urlfilter.cmd, (5) appName parameter to scprttrg.cmd, (6) fltName in an add action or (7) rmLst parameter in a remove action to scoutflt.cmd, (8) groupName parameter to portmapcfg.cmd, (9) snmpRoCommunity parameter to snmpconfig.cgi, (10) fltName parameter to scinflt.cmd, (11) PolicyName in an add action or (12) rmLst parameter in a remove action to prmngr.cmd, (13) ippName parameter to ippcfg.cmd, (14) smbNetBiosName or (15) smbDirName parameter to samba.cgi, or (16) wlSsid parameter to wlcfg.wl.
by XLabs Security
CVSS 5.4
CVE-2013-5223 EXPLOITDB MEDIUM perl
D-Link DSL-2760U Firmware < 1.12 - Authenticated Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username parameter to (2) ddnsmngr.cmd or (3) todmngr.tod, (4) TodUrlAdd parameter to urlfilter.cmd, (5) appName parameter to scprttrg.cmd, (6) fltName in an add action or (7) rmLst parameter in a remove action to scoutflt.cmd, (8) groupName parameter to portmapcfg.cmd, (9) snmpRoCommunity parameter to snmpconfig.cgi, (10) fltName parameter to scinflt.cmd, (11) PolicyName in an add action or (12) rmLst parameter in a remove action to prmngr.cmd, (13) ippName parameter to ippcfg.cmd, (14) smbNetBiosName or (15) smbDirName parameter to samba.cgi, or (16) wlSsid parameter to wlcfg.wl.
by XLabs Security
CVSS 5.4
CVE-2014-1695 EXPLOITDB perl
OTRS 3.1.x < 3.1.20, 3.2.x < 3.2.15, 3.3.x < 3.3.5 - Cross-Site Scripting via Crafted HTML Email
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email.
by Adam Ziaja
EIP-2026-117815 EXPLOITDB perl VERIFIED
Quick Search 1.1.0.189 - search textbox Buffer Overflow (SEH Unicode) (Egghunter)
by Tomislav Paskalev
CVE-2011-5165 EXPLOITDB perl VERIFIED
Free MP3 CD Ripper <= 2.6 - Stack-based Buffer Overflow via Crafted WAV File
Stack-based buffer overflow in Free MP3 CD Ripper 1.1, 2.6 and earlier, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .wav file.
by ThreatActor
EIP-2026-117627 EXPLOITDB perl VERIFIED
MooPlayer 1.3.0 - 'm3u' Local Buffer Overflow (SEH) (2)
by Tomislav Paskalev
EIP-2026-109387 EXPLOITDB perl
MediaSuite CMS - Artibary File Disclosure
by KnocKout inj3ct0r
EIP-2026-115238 EXPLOITDB perl VERIFIED
FastStone Image Viewer 5.3 - '.tga' Crash (PoC)
by ITDefensor Vulnerability Research Team
EIP-2026-101344 EXPLOITDB perl
LG DVR LE6016D - Remote Users/Passwords Disclosure
by Todor Donev
CVE-2015-1028 EXPLOITDB perl
D-Link DSL-2730B Firmware GE_1.01 - Authenticated Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configuration Panel); the (2) brName parameter to lancfg2get.cgi (Lan Configuration Panel); the (3) wlAuthMode, (4) wl_wsc_reg, or (5) wl_wsc_mode parameter to wlsecrefresh.wl (Wireless Security Panel); or the (6) wlWpaPsk parameter to wlsecurity.wl (Wireless Password Viewer).
by XLabs Security
CVE-2015-1028 EXPLOITDB perl
D-Link DSL-2730B Firmware GE_1.01 - Authenticated Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configuration Panel); the (2) brName parameter to lancfg2get.cgi (Lan Configuration Panel); the (3) wlAuthMode, (4) wl_wsc_reg, or (5) wl_wsc_mode parameter to wlsecrefresh.wl (Wireless Security Panel); or the (6) wlWpaPsk parameter to wlsecurity.wl (Wireless Password Viewer).
by XLabs Security
CVE-2015-1028 EXPLOITDB perl
D-Link DSL-2730B Firmware GE_1.01 - Authenticated Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configuration Panel); the (2) brName parameter to lancfg2get.cgi (Lan Configuration Panel); the (3) wlAuthMode, (4) wl_wsc_reg, or (5) wl_wsc_mode parameter to wlsecrefresh.wl (Wireless Security Panel); or the (6) wlWpaPsk parameter to wlsecurity.wl (Wireless Password Viewer).
by XLabs Security
EIP-2026-117742 EXPLOITDB perl
Palringo 2.8.1 - Local Stack Buffer Overflow
by Mr.ALmfL9
By Source
All 2,809 Writeup 61,941 Exploitdb 50,073 Nomisec 22,294 Github 3,475 Metasploit 3,294 Vulncheck_xdb 926 Inthewild 514 Gitlab 470 Gitee 415 Patchapalooza 312
By Language
text 31,383 python 6,491 ruby 5,984 c 3,619 perl 2,849 html 2,071 php 1,331 bash 462 java 370 c++ 255 javascript 227 shell 126 go 72 postscript 25 typescript 25