Exploitdb Exploits

4,733 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-2088 EXPLOITDB python
Apache Subversion < 1.6.21 - Improper Input Validation
contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.
by GlacierZ0ne
CVE-2025-34066 EXPLOITDB HIGH python
AVTECH - Improper Certificate Validation
An improper certificate validation vulnerability exists in AVTECH IP cameras, DVRs, and NVRs due to the use of wget with --no-check-certificate in scripts like SyncCloudAccount.sh and SyncPermit.sh. This exposes HTTPS communications to man-in-the-middle (MITM) attacks.
by Gergely Eberhardt
CVE-2025-34065 EXPLOITDB MEDIUM python
AVTECH - Auth Bypass
An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function allows unauthenticated access to any request containing "/nobody" in the URL, bypassing login controls.
by Gergely Eberhardt
CVE-2025-34056 EXPLOITDB CRITICAL python
AVTECH IP camera - Command Injection
An OS command injection vulnerability exists in AVTECH IP camera, DVR, and NVR devices via the PwdGrp.cgi endpoint, which handles user and group management operations. Authenticated users can supply input through the pwd or grp parameters, which are directly embedded into system commands without proper sanitation. This allows for the execution of arbitrary shell commands with root privileges.
by Gergely Eberhardt
CVE-2025-34055 EXPLOITDB CRITICAL python
AVTECH DVR-NVR-IP Camera - Command Injection
An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the adcommand.cgi endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the DoShellCmd operation, passing arbitrary input via the strCmd parameter. This input is executed directly by the system shell without sanitation allowing attackers to execute commands as the root user.
by Gergely Eberhardt
CVE-2025-34054 EXPLOITDB CRITICAL python
AVTECH DVR - Command Injection
An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-04 UTC.
by Gergely Eberhardt
CVE-2025-34053 EXPLOITDB MEDIUM python
AVTECH - Auth Bypass
An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function is used to identify ".cab" requests, allowing any URL containing ".cab" to bypass authentication and access protected endpoints.
by Gergely Eberhardt
CVE-2025-34051 EXPLOITDB MEDIUM python
AVTECH DVR - SSRF
A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests from the DVR to internal or external systems, potentially exposing sensitive data or interacting with internal services.
by Gergely Eberhardt
CVE-2025-34050 EXPLOITDB MEDIUM python
AVTECH - CSRF
A cross-site request forgery (CSRF) vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated user’s browser session, allow unauthorized changes to the device configuration without user interaction.
by Gergely Eberhardt
CVE-2016-15047 EXPLOITDB HIGH python
AVTECH devices - Command Injection
AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The `exefile` parameter in CloudSetup.cgi is passed to the underlying system command execution without proper validation or whitelisting. An authenticated attacker who can invoke this endpoint can supply crafted input to execute arbitrary system commands as root. Successful exploitation grants full control of the device, and - depending on deployment and whether the device stores credentials or has network reachability to internal systems - may enable credential theft, lateral movement, or data exfiltration. The archived SEARCH-LAB disclosure implies that this vulnerability was remediated in early 2017, but AVTECH has not defined an affected version range.
by Gergely Eberhardt
CVE-2015-1497 EXPLOITDB python
Persistent Systems Radia Client Automation <9.1 - RCE
radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitrary commands via a crafted request to TCP port 3465.
by SlidingWindow
EIP-2026-101183 EXPLOITDB python
Billion 7700NR4 Router - Remote Command Execution
by R-73eN
EIP-2026-119261 EXPLOITDB python VERIFIED
VX Search Enterprise 9.0.26 - 'Login' Remote Buffer Overflow
by Tulpa
EIP-2026-119190 EXPLOITDB python VERIFIED
Sync Breeze Enterprise 8.9.24 - 'Login' Remote Buffer Overflow
by Tulpa
EIP-2026-118441 EXPLOITDB python VERIFIED
Dup Scout Enterprise 9.0.28 - 'Login' Remote Buffer Overflow
by Tulpa
EIP-2026-118423 EXPLOITDB python VERIFIED
Disk Sorter Enterprise 9.0.24 - 'Login' Remote Buffer Overflow
by Tulpa
EIP-2026-118419 EXPLOITDB python VERIFIED
Disk Savvy Enterprise 9.0.32 - 'Login' Remote Buffer Overflow
by Tulpa
EIP-2026-100935 EXPLOITDB python
Witbe - Remote Code Execution
by BeLmar
CVE-2016-2776 EXPLOITDB HIGH python
Oracle Linux < 9.9.9 - Improper Input Validation
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
by Infobyte
CVSS 7.5
CVE-2025-34108 EXPLOITDB HIGH python VERIFIED
Disk Pulse Enterprise <9.0.34 - Buffer Overflow
A stack-based buffer overflow vulnerability exists in the login functionality of Disk Pulse Enterprise version 9.0.34. An attacker can send a specially crafted HTTP POST request to the /login endpoint with an overly long username parameter, causing a buffer overflow in the libspp.dll component. Successful exploitation allows arbitrary code execution with SYSTEM privileges.
by Tulpa
EIP-2026-103778 EXPLOITDB python
KeepNote 0.7.8 - Command Execution
by R-73eN
CVE-2015-2866 EXPLOITDB python
Grandstream Gxv3611 HD Firmware < 1.0.3.6 - SQL Injection
SQL injection vulnerability on the Grandstream GXV3611_HD camera with firmware before 1.0.3.9 beta allows remote attackers to execute arbitrary SQL commands by attempting to establish a TELNET session with a crafted username.
by pizza1337
EIP-2026-116490 EXPLOITDB python VERIFIED
VideoLAN VLC Media Player 2.2.1 - Buffer Overflow
by sultan albalawi
CVE-2016-20047 EXPLOITDB HIGH python
EKG Gadu 1.9 Local Buffer Overflow via Username Parameter
EKG Gadu 1.9~pre+r2855-3+b1 contains a local buffer overflow vulnerability in the username handling that allows local attackers to execute arbitrary code by supplying an oversized username string. Attackers can trigger the overflow in the strlcpy function by passing a crafted buffer exceeding 258 bytes to overwrite the instruction pointer and execute shellcode with user privileges.
by Juan Sacco
CVSS 8.4
EIP-2026-101198 EXPLOITDB python
Cisco ASA 9.2(3) - 'EXTRABACON' Authentication Bypass
by Sean Dillon
By Source
All 4,733 Exploitdb 50,135 Writeup 46,973 Nomisec 21,281 Metasploit 3,228 Github 2,458 Vulncheck_xdb 900 Inthewild 518 Gitlab 440 Gitee 415 Patchapalooza 312
By Language
text 31,346 ruby 5,959 python 5,836 c 3,571 perl 2,854 html 2,055 php 1,334 bash 459 java 361 javascript 260 c++ 247 shell 89 go 48 postscript 25 xml 24