Exploitdb Exploits

4,759 exploits tracked across all sources.

Sort: Activity Stars
CVE-2014-6278 EXPLOITDB HIGH python
GNU Bash through 4.3 bash43-026 - Remote Code Execution via Environment Variable Function Parsing
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.
by thatchriseckert
CVSS 8.8
EIP-2026-116666 EXPLOITDB python
Zortam Mp3 Media Studio 20.15 - Overflow (PoC) (SEH)
by INSECT.B
CVE-2016-2851 EXPLOITDB CRITICAL python
Debian Linux < 4.1.0 - Memory Corruption
Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.
by X41 D-Sec GmbH
CVSS 9.8
CVE-2014-1767 EXPLOITDB python
Microsoft Windows - Privilege Escalation
Double free vulnerability in the Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
by Rick Larabee
EIP-2026-116135 EXPLOITDB python
Quick Tftp Server Pro 2.3 - Read Mode Denial of Service
by Guillaume Kaddouch
EIP-2026-115299 EXPLOITDB python
FreeProxy Internet Suite 4.10 - Denial of Service
by Guillaume Kaddouch
CVE-2009-3103 EXPLOITDB python
Windows Vista and Server 2008 - Remote Code Execution via SMBv2 Negotiate Protocol Request
Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
by ohnozzy
CVE-2008-4250 EXPLOITDB CRITICAL python
Microsoft Windows Server Service - Remote Code Execution via Crafted RPC Request
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
by ohnozzy
CVSS 9.8
EIP-2026-102618 EXPLOITDB python VERIFIED
GpicView 0.2.5 - Crash (PoC)
by David Silveiro
CVE-2005-2428 EXPLOITDB python
Lotus Domino R5-R6 WebMail - Info Disclosure
Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696.
by Jonathan Broche
EIP-2026-113732 EXPLOITDB python
WordPress Plugin Extra User Details 0.4.2 - Privilege Escalation
by Panagiotis Vagenas
CVE-2016-2399 EXPLOITDB HIGH python
libquicktime < 1.2.4 - Integer Overflow in quicktime_read_pascal Function
Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom.
by Marco Romano
CVSS 7.8
EIP-2026-117001 EXPLOITDB python
Core FTP Server 1.2 - Local Buffer Overflow
by INSECT.B
EIP-2026-116611 EXPLOITDB python
XM Easy Personal FTP Server 5.8.0 - 'HELP' Remote Denial of Service
by Pawan Lal
CVE-2015-8285 EXPLOITDB HIGH python
QuickHeal Total Security - Denial of Service via webssx.sys Driver
The webssx.sys driver in QuickHeal 16.00 allows remote attackers to cause a denial of service.
by Fitzl Csaba
CVSS 7.5
CVE-2014-1767 EXPLOITDB python
Microsoft Windows - Privilege Escalation
Double free vulnerability in the Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
by Rick Larabee
EIP-2026-117027 EXPLOITDB python
Delta Industrial Automation DCISoft 1.12.09 - Local Stack Buffer Overflow
by LiquidWorm
EIP-2026-115932 EXPLOITDB python
Network Scanner 4.0.0.0 - Crash (SEH) (PoC)
by INSECT.B
CVE-2016-15045 EXPLOITDB HIGH python
lastore-daemon <0.9.66-1 - Privilege Escalation
A local privilege escalation vulnerability exists in lastore-daemon, the system package manager daemon used in Deepin Linux (developed by Wuhan Deepin Technology Co., Ltd.). In versions 0.9.53-1 (Deepin 15.5) and 0.9.66-1 (Deepin 15.7), the D-Bus configuration permits any user in the sudo group to invoke the InstallPackage method without password authentication. By default, the first user created on Deepin is in the sudo group. An attacker with shell access can craft a .deb package containing a malicious post-install script and use dbus-send to install it via lastore-daemon, resulting in arbitrary code execution as root.
by King's Way
EIP-2026-114245 EXPLOITDB python
WordPress Plugin WP User Frontend < 2.3.11 - Unrestricted Arbitrary File Upload
by Panagiotis Vagenas
EIP-2026-114193 EXPLOITDB python
WordPress Plugin WooCommerce Store Toolkit 1.5.5 - Privilege Escalation
by Panagiotis Vagenas
EIP-2026-117216 EXPLOITDB python
FTPShell Client 5.24 - 'Create NewFolder' Local Buffer Overflow
by Arash Khazaei
CVE-2016-20038 EXPLOITDB HIGH python
yTree 1.94-1.1 Stack-Based Buffer Overflow
yTree 1.94-1.1 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an excessively long argument to the application. Attackers can craft a malicious command-line argument containing shellcode and a return address to overwrite the stack and execute code in the application context.
by Juan Sacco
CVSS 8.4
EIP-2026-114985 EXPLOITDB python
Baumer VeriSens Application Suite 2.6.2 - Buffer Overflow (PoC)
by LiquidWorm
CVE-2016-2534 EXPLOITDB python VERIFIED
Jive Forums 5.5.25 - Directory Traversal
by ZhaoHuAn
By Source
All 4,759 Writeup 62,533 Exploitdb 50,076 Nomisec 22,490 Github 3,720 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 480 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,618 ruby 6,006 c 3,635 perl 2,849 html 2,076 php 1,334 bash 462 java 371 c++ 261 javascript 231 shell 137 go 73 postscript 25 typescript 25