Exploitdb Exploits

4,759 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-104927 EXPLOITDB python
ActualAnalyzer Lite 2.81 - Command Execution
by Benjamin Harris
EIP-2026-116904 EXPLOITDB python VERIFIED
BlazeDVD Pro Player 7.0 - '.plf' Local Buffer Overflow (SEH)
by metacom
EIP-2026-116903 EXPLOITDB python VERIFIED
BlazeDVD Pro Player 7.0 - '.plf' Direct RET Local Stack Buffer Overflow
by Giovanni Bartolomucci
CVE-2014-3434 EXPLOITDB python VERIFIED
Symantec Endpoint Protection 11.x-12.x - Local Buffer Overflow via sysplant Driver IOCTL
Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x00222084 IOCTL call.
by ryujin & sickness
EIP-2026-112202 EXPLOITDB python
SkaDate Lite 2.0 - Remote Code Execution
by LiquidWorm
EIP-2026-104746 EXPLOITDB python
Oxwall 1.7.0 - Remote Code Execution
by LiquidWorm
CVE-2014-9096 EXPLOITDB python
Pligg CMS < 2.0.1 - SQL Injection via Recover.php ID or N Parameter
Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) n parameter.
by BlackHawk
EIP-2026-104744 EXPLOITDB python VERIFIED
Omeka 2.2.1 - Remote Code Execution
by LiquidWorm
EIP-2026-115156 EXPLOITDB python
DjVuLibre 3.5.25.3 - Out of Bounds Access Violation
by drone
CVE-2014-4971 EXPLOITDB python
Microsoft Windows XP SP3 - Privilege Escalation
Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ Access Control subsystem and (2) the BthPan.sys driver in the Bluetooth Personal Area Networking subsystem.
by KoreLogic
EIP-2026-101851 EXPLOITDB python
MTS MBlaze Ultra Wi-Fi / ZTE AC3633 - Multiple Vulnerabilities
by Ajin Abraham
CVE-2014-4927 EXPLOITDB python
ACME micro_httpd - Denial of Service via Long URI in GET Request
Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long string in the URI in a GET request.
by Yuval tisf Nativ
CVE-2014-7192 EXPLOITDB python
syntax-error <1.1.1 - Code Injection
Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote attackers to execute arbitrary code via a crafted file.
by Cal Leeming
CVE-2014-4158 EXPLOITDB python VERIFIED
Kolibri 2.0 - Remote Code Execution via Long URI in GET Request
Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a GET request.
by Revin Hadi Saputra
CVE-2014-2623 EXPLOITDB python VERIFIED
HP Storage Data Protector 8.x - Remote Code Execution
Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors.
by Polunchis
CVE-2013-6765 EXPLOITDB python
OpenVAS Manager 3.0-3.0.6 and 4.0-4.0.3 - Unauthenticated OMP Command Execution via Version Request
OpenVAS Manager 3.0 before 3.0.7 and 4.0 before 4.0.4 allows remote attackers to bypass the OMP authentication restrictions and execute OMP commands via a crafted OMP request for version information, which causes the state to be set to CLIENT_AUTHENTIC, as demonstrated by the omp_xml_handle_end_element function in omp.c.
by EccE
CVE-2014-4511 EXPLOITDB python VERIFIED
Gitlist < 0.5.0 - Remote Code Execution via Shell Metacharacters in URI
Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stats/master/.
by drone
CVE-2014-5023 EXPLOITDB python VERIFIED
Gitter/Gitlist <Repository.php - Command Injection
Repository.php in Gitter, as used in Gitlist, allows remote attackers with commit privileges to execute arbitrary commands via shell metacharacters in a branch name, as demonstrated by a "git checkout -b" command.
by drone
EIP-2026-114622 EXPLOITDB python VERIFIED
ZeroCMS 1.0 - 'zero_transact_user.php' Handling Privilege Escalation
by Tiago Carvalho
EIP-2026-101116 EXPLOITDB python
ZTE / TP-Link RomPager - Denial of Service
by Osanda Malith Jayathissa
CVE-2014-4643 EXPLOITDB python VERIFIED
Core FTP LE 2.2 build 1798 - Buffer Overflow
Multiple heap-based buffer overflows in the client in Core FTP LE 2.2 build 1798 allow remote FTP servers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in a reply to a (1) USER, (2) PASS, (3) PASV, (4) SYST, (5) PWD, or (6) CDUP command.
by Gabor Seljan
EIP-2026-109238 EXPLOITDB python
Madness Pro 1.14 - SQL Injection
by bwall
EIP-2026-109237 EXPLOITDB python
Madness Pro 1.14 - Persistent Cross-Site Scripting
by bwall
EIP-2026-118456 EXPLOITDB python VERIFIED
Easy File Management Web Server 5.3 - 'UserID' Remote Buffer Overflow (ROP)
by Julien Ahrens
CVE-2014-0749 EXPLOITDB python
TORQUE Resource Manager 2.5.x-2.5.13 - Remote Code Execution via Large Count Value
Stack-based buffer overflow in lib/Libdis/disrsi_.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.5.x through 2.5.13 allows remote attackers to execute arbitrary code via a large count value.
by bwall
By Source
All 4,759 Writeup 62,594 Exploitdb 50,076 Nomisec 22,498 Github 3,743 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 480 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,633 ruby 6,006 c 3,635 perl 2,849 html 2,076 php 1,334 bash 462 java 371 c++ 261 javascript 231 shell 138 go 73 postscript 25 typescript 25