Exploitdb Exploits

4,759 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-114272 EXPLOITDB python
WordPress Plugin wpDataTables 1.5.3 - Arbitrary File Upload
by Claudio Viviani
CVE-2014-10029 EXPLOITDB python
FluxBB < 1.4.13 and 1.5.x < 1.5.7 - SQL Injection via req_new_email Parameter
SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to execute arbitrary SQL commands via the req_new_email parameter.
by secthrowaway
EIP-2026-108363 EXPLOITDB python VERIFIED
Joomla! Component com_hdflvplayer < 2.1.0.1 - Arbitrary File Download
by Claudio Viviani
CVE-2014-5284 EXPLOITDB python VERIFIED
OSSEC < 2.8.0 - Privilege Escalation via Predictable Temporary File Handling
host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable filenames without verifying ownership, which allows local users to modify access restrictions in hosts.deny and gain root privileges by creating the temporary files before automatic IP blocking is performed.
by skynet-13
EIP-2026-104294 EXPLOITDB python VERIFIED
Joomla! Component com_hdflvplayer < 2.1.0.1 - SQL Injection
by Claudio Viviani
CVE-2014-6352 EXPLOITDB HIGH python
MS14-064 Microsoft Windows OLE Package Manager Code Execution
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted PowerPoint document.
by Abhishek Lyall
CVSS 7.8
EIP-2026-115677 EXPLOITDB python VERIFIED
Microsoft Internet Explorer 11 - Denial of Service
by Behrooz Abbassi
CVE-2014-125114 EXPLOITDB HIGH python VERIFIED
i-Ftp 2.20 - Stack-based Buffer Overflow via Schedule.xml Time Attribute
A stack-based buffer overflow vulnerability exists in i-Ftp version 2.20 due to improper handling of the Time attribute within Schedule.xml. By placing a specially crafted Schedule.xml file in the i-Ftp application directory, a remote attacker can trigger a buffer overflow during scheduled download parsing, potentially leading to arbitrary code execution or a crash.
by metacom
EIP-2026-115414 EXPLOITDB python VERIFIED
i.Mage 1.11 - Local Crash (PoC)
by metacom
EIP-2026-115413 EXPLOITDB python VERIFIED
i.Hex 0.98 - Local Crash (PoC)
by metacom
CVE-2014-1635 EXPLOITDB python VERIFIED
Belkin N750 Router <F9K1103_WW_1.10.17m - Buffer Overflow
Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with firmware before F9K1103_WW_1.10.17m allows remote attackers to execute arbitrary code via a long string in the jump parameter.
by Marco Vaz
CVE-2014-2023 EXPLOITDB CRITICAL python
Tapatalk plugin <4.9.0, 5.x-5.2.1 - SQL Injection
Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and earlier and 5.x through 5.2.1 for vBulletin allow remote attackers to execute arbitrary SQL commands via a crafted xmlrpc API request to (1) unsubscribe_forum.php or (2) unsubscribe_topic.php in mobiquo/functions/.
by tintinweb
CVSS 9.8
EIP-2026-117196 EXPLOITDB python VERIFIED
Free WMA MP3 Converter 1.8 - '.wav' Local Buffer Overflow
by metacom
CVE-2014-2647 EXPLOITDB python VERIFIED
HP Operations Agent < 11.13 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in HP Operations Agent in HP Operations Manager (formerly OpenView Communications Broker) before 11.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by Matt Schmidt
CVE-2014-4114 EXPLOITDB HIGH python
MS14-060 Microsoft Windows OLE Package Manager Code Execution
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Office document, as exploited in the wild with a "Sandworm" attack in June through October 2014, aka "Windows OLE Remote Code Execution Vulnerability."
by Mike Czumak
CVSS 7.8
CVE-2014-6352 EXPLOITDB HIGH python
MS14-064 Microsoft Windows OLE Package Manager Code Execution
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted PowerPoint document.
by Mike Czumak
CVSS 7.8
CVE-2014-8739 EXPLOITDB CRITICAL python
Creative Contact Form < 1.0.0 - Unauthenticated Arbitrary File Upload via jQuery File Upload Plugin
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014.
by Claudio Viviani
CVSS 9.8
EIP-2026-107073 EXPLOITDB python
Feng Office 1.7.4 - Arbitrary File Upload
by AutoSec Tools
CVE-2014-4114 EXPLOITDB HIGH python
MS14-060 Microsoft Windows OLE Package Manager Code Execution
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Office document, as exploited in the wild with a "Sandworm" attack in June through October 2014, aka "Windows OLE Remote Code Execution Vulnerability."
by Vlad Ovtchinikov
CVSS 7.8
CVE-2014-6352 EXPLOITDB HIGH python
MS14-064 Microsoft Windows OLE Package Manager Code Execution
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted PowerPoint document.
by Vlad Ovtchinikov
CVSS 7.8
CVE-2014-3704 EXPLOITDB python VERIFIED
Drupal 7.0-7.31 - SQL Injection via Array Key in Database API
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.
by Claudio Viviani
CVE-2014-3704 EXPLOITDB python VERIFIED
Drupal 7.0-7.31 - SQL Injection via Array Key in Database API
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.
by stopstene
EIP-2026-111986 EXPLOITDB python
SEO Control Panel 3.6.0 - (Authenticated) SQL Injection
by Tiago Carvalho
EIP-2026-106241 EXPLOITDB python
Croogo 2.0.0 - Arbitrary PHP Code Execution
by LiquidWorm
CVE-2014-2021 EXPLOITDB python
vBulletin < 4.2.2 and 5.0.x-5.0.5 - Authenticated Stored Cross-Site Scripting via XMLRPC API Client Name
Cross-site scripting (XSS) vulnerability in admincp/apilog.php in vBulletin 4.2.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name.
by tintinweb
By Source
All 4,759 Writeup 62,594 Exploitdb 50,076 Nomisec 22,498 Github 3,743 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 480 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,633 ruby 6,006 c 3,635 perl 2,849 html 2,076 php 1,334 bash 462 java 371 c++ 261 javascript 231 shell 138 go 73 postscript 25 typescript 25