Exploitdb Exploits

4,733 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-104746 EXPLOITDB python
Oxwall 1.7.0 - Remote Code Execution
by LiquidWorm
CVE-2014-9096 EXPLOITDB python
Pligg CMS <2.0.1 - SQL Injection
Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) n parameter.
by BlackHawk
CVE-2014-2973 EXPLOITDB python VERIFIED
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-5753. Reason: This candidate is a duplicate of CVE-2008-5753. Notes: All CVE users should reference CVE-2008-5753 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
by Gabor Seljan
EIP-2026-104744 EXPLOITDB python VERIFIED
Omeka 2.2.1 - Remote Code Execution
by LiquidWorm
EIP-2026-115156 EXPLOITDB python
DjVuLibre 3.5.25.3 - Out of Bounds Access Violation
by drone
CVE-2014-4971 EXPLOITDB python
Microsoft Windows XP SP3 - Privilege Escalation
Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ Access Control subsystem and (2) the BthPan.sys driver in the Bluetooth Personal Area Networking subsystem.
by KoreLogic
EIP-2026-101851 EXPLOITDB python
MTS MBlaze Ultra Wi-Fi / ZTE AC3633 - Multiple Vulnerabilities
by Ajin Abraham
CVE-2014-4927 EXPLOITDB python
ACME micro_httpd - Buffer Overflow
Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long string in the URI in a GET request.
by Yuval tisf Nativ
CVE-2014-7192 EXPLOITDB python
syntax-error <1.1.1 - Code Injection
Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote attackers to execute arbitrary code via a crafted file.
by Cal Leeming
CVE-2014-4158 EXPLOITDB python VERIFIED
Kolibri 2.0 - Buffer Overflow
Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a GET request.
by Revin Hadi Saputra
CVE-2014-2623 EXPLOITDB python VERIFIED
HP Storage Data Protector <8 - RCE
Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors.
by Polunchis
CVE-2013-6765 EXPLOITDB python
Openvas Manager - Authentication Bypass
OpenVAS Manager 3.0 before 3.0.7 and 4.0 before 4.0.4 allows remote attackers to bypass the OMP authentication restrictions and execute OMP commands via a crafted OMP request for version information, which causes the state to be set to CLIENT_AUTHENTIC, as demonstrated by the omp_xml_handle_end_element function in omp.c.
by EccE
CVE-2014-4511 EXPLOITDB python VERIFIED
Gitlist <0.5.0 - RCE
Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stats/master/.
by drone
CVE-2014-5023 EXPLOITDB python VERIFIED
Gitter/Gitlist <Repository.php - Command Injection
Repository.php in Gitter, as used in Gitlist, allows remote attackers with commit privileges to execute arbitrary commands via shell metacharacters in a branch name, as demonstrated by a "git checkout -b" command.
by drone
EIP-2026-114622 EXPLOITDB python VERIFIED
ZeroCMS 1.0 - 'zero_transact_user.php' Handling Privilege Escalation
by Tiago Carvalho
EIP-2026-101116 EXPLOITDB python
ZTE / TP-Link RomPager - Denial of Service
by Osanda Malith Jayathissa
CVE-2014-4643 EXPLOITDB python VERIFIED
Core FTP LE 2.2 build 1798 - Buffer Overflow
Multiple heap-based buffer overflows in the client in Core FTP LE 2.2 build 1798 allow remote FTP servers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in a reply to a (1) USER, (2) PASS, (3) PASV, (4) SYST, (5) PWD, or (6) CDUP command.
by Gabor Seljan
EIP-2026-109238 EXPLOITDB python
Madness Pro 1.14 - SQL Injection
by bwall
EIP-2026-109237 EXPLOITDB python
Madness Pro 1.14 - Persistent Cross-Site Scripting
by bwall
EIP-2026-118456 EXPLOITDB python VERIFIED
Easy File Management Web Server 5.3 - 'UserID' Remote Buffer Overflow (ROP)
by Julien Ahrens
CVE-2014-0749 EXPLOITDB python
Adaptivecomputing Torque Resource Manager - Memory Corruption
Stack-based buffer overflow in lib/Libdis/disrsi_.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.5.x through 2.5.13 allows remote attackers to execute arbitrary code via a large count value.
by bwall
CVE-2006-3952 EXPLOITDB python VERIFIED
EFS Software Efs FTP Server - Buffer Overflow
Stack-based buffer overflow in EFS Software Easy File Sharing FTP Server 2.0 allows remote attackers to execute arbitrary code via a long argument to the PASS command. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
by superkojiman
EIP-2026-115437 EXPLOITDB python VERIFIED
InfraRecorder - '.m3u' File Buffer Overflow (PoC)
by Osanda Malith Jayathissa
EIP-2026-115093 EXPLOITDB python
Core FTP Server 1.2 build 535 (32-bi)t - Crash (PoC)
by Kaczinski Ramirez
EIP-2026-118457 EXPLOITDB python VERIFIED
Easy File Management Web Server 5.3 - Remote Stack Buffer Overflow
by superkojiman
By Source
All 4,733 Exploitdb 50,135 Writeup 49,367 Nomisec 21,365 Metasploit 3,228 Github 2,562 Vulncheck_xdb 893 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,346 ruby 5,959 python 5,903 c 3,575 perl 2,854 html 2,056 php 1,334 bash 459 java 362 javascript 260 c++ 249 shell 95 go 52 postscript 25 xml 24