Exploitdb Exploits

4,759 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-36971 EXPLOITDB HIGH python
Nidesoft 3GP Video Converter <2.6.18 - Buffer Overflow
Nidesoft 3GP Video Converter 2.6.18 contains a local stack buffer overflow vulnerability in the license registration parameter. Attackers can craft a malicious payload and paste it into the 'License Code' field to execute arbitrary code on the system.
by Felipe Winsnes
CVSS 8.4
EIP-2026-105717 EXPLOITDB python
Car Rental Management System 1.0 - SQL injection + Arbitrary File Upload
by Fortunato Lodari
CVE-2020-28328 EXPLOITDB HIGH python
SuiteCRM < 7.11.17 - Remote Code Execution via Log File Name Setting
SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled .php file under the web root.
by M. Cory Billington
CVSS 8.8
CVE-2020-36972 EXPLOITDB HIGH python
SmartBlog 2.0.1 - Blind SQL Injection via id_post Parameter
SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'id_post' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare character-by-character of database information.
by C0wnuts
CVSS 8.2
EIP-2026-111985 EXPLOITDB python
Sentrifugo Version 3.2 - 'announcements' Remote Code Execution (Authenticated)
by Fatih Çelik
EIP-2026-111982 EXPLOITDB python
Sentrifugo 3.2 - 'assets' Remote Code Execution (Authenticated)
by Fatih Çelik
EIP-2026-106037 EXPLOITDB python
CMSUno 1.6.2 - 'lang' Remote Code Execution (Authenticated)
by Fatih Çelik
CVE-2017-13772 EXPLOITDB HIGH python
TP-Link WR940N Hardware v4 - Authenticated Remote Code Execution via PingIframeRpm.htm or WanStaticIpV6CfgRpm.htm
Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated users to execute arbitrary code via the (1) ping_addr parameter to PingIframeRpm.htm or (2) dnsserver2 parameter to WanStaticIpV6CfgRpm.htm.
by Patrik Lantz
CVSS 8.8
EIP-2026-112448 EXPLOITDB python
Student Attendance Management System 1.0 - 'username' SQL Injection / Remote Code Execution
by Mosaaed
EIP-2026-111930 EXPLOITDB python
School Log Management System 1.0 - 'username' SQL Injection / Remote Code Execution
by Mosaaed
CVE-2020-28872 EXPLOITDB CRITICAL python VERIFIED
Monitorr 1.7.6m - Unauthenticated Authorization Bypass via Registration Endpoint
An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/assets/config/_installation/_register.php allows an unauthorized person to create valid credentials.
by Lyhin\'s Lab
CVSS 9.8
CVE-2020-28871 EXPLOITDB CRITICAL python VERIFIED
Monitorr 1.7.6m - Unauthenticated Remote Code Execution via Insecure File Upload
Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload.
by Lyhin\'s Lab
CVSS 9.8
EIP-2026-114049 EXPLOITDB python
WordPress Plugin Simple File List 4.2.2 - Arbitrary File Upload
by H4rk3nz0
EIP-2026-102354 EXPLOITDB python
Apache Flink 1.9.x - File Upload RCE (Unauthenticated)
by bigger.wing
EIP-2026-112081 EXPLOITDB python
Simple College Website 1.0 - 'username' SQL Injection / Remote Code Execution
by yunaranyancat
EIP-2026-104201 EXPLOITDB python
Citadel WebCit < 926 - Session Hijacking Exploit
by Simone Quatrini
EIP-2026-102433 EXPLOITDB python
WebLogic Server 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 - Unauthenticated RCE via GET request
by Mohammed Althibyani
CVE-2020-5791 EXPLOITDB HIGH python
Nagios XI 5.6.0-5.7.3 - Mibs.php Authenticated Remote Code Exection
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.
by Matthew Aberegg
CVSS 7.2
EIP-2026-102944 EXPLOITDB python
PackageKit < 1.1.13 - File Existence Disclosure
by Vaisha Bernard
EIP-2026-102779 EXPLOITDB python
aptdaemon < 1.1.1 - File Existence Disclosure
by Vaisha Bernard
EIP-2026-112381 EXPLOITDB python
Sphider Search Engine 1.3.6 - 'word_upper_bound' RCE (Authenticated)
by Gurkirat Singh
CVE-2019-15813 EXPLOITDB HIGH python
Sentrifugo 3.2 - Authenticated Arbitrary File Upload via Restriction Bypass
Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell.
by Gurkirat Singh
CVSS 8.8
EIP-2026-101294 EXPLOITDB python
GoAhead Web Server 5.1.1 - Digest Authentication Capture Replay Nonce Reuse
by LiquidWorm
CVE-2020-28870 EXPLOITDB CRITICAL python VERIFIED
InoERP 0.7.2 - Unauthenticated Remote Code Execution via /modules/sys/form_personalization/json_fp.php
In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/form_personalization/json_fp.php.
by Lyhin\'s Lab
CVSS 9.8
CVE-2017-16783 EXPLOITDB CRITICAL python
CMS Made Simple 2.1.6 - Server-Side Template Injection via cntnt01detailtemplate Parameter
In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.
by Gurkirat Singh
CVSS 9.8
By Source
All 4,759 Writeup 62,320 Exploitdb 50,076 Nomisec 22,421 Github 3,644 Metasploit 3,314 Vulncheck_xdb 929 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,581 ruby 6,005 c 3,628 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 229 shell 132 go 73 postscript 25 typescript 25