Exploitdb Exploits

4,724 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-101854 EXPLOITDB python
Nanometrics Centaur 4.3.23 - Unauthenticated Remote Memory Leak
by byteGoblin
CVE-2020-37159 EXPLOITDB CRITICAL python
Parallaxis Cuckoo Clock 5.0 - Buffer Overflow
Parallaxis Cuckoo Clock 5.0 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory registers in the alarm scheduling feature. Attackers can craft a malicious payload exceeding 260 bytes to overwrite EIP and EBP, enabling shellcode execution with potential remote code execution.
by boku
CVSS 9.8
CVE-2020-7959 EXPLOITDB MEDIUM python
LabVantage LIMS 8.3 - Info Disclosure
LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example, the web application exposes the database name. An attacker might be able to enumerate database names by providing his own database name in a request, because the response will return an 'Unrecognized Database exception message if the database does not exist.
by Joel Aviad Ossi
CVSS 5.3
CVE-2020-8947 EXPLOITDB HIGH python
Artica Pandora Fms - OS Command Injection
functions_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the index.php?operation/netflow/nf_live_view ip_dst, dst_port, or src_port parameter, a different vulnerability than CVE-2019-20224.
by Engin Demirbilek
CVSS 7.2
EIP-2026-117666 EXPLOITDB python
MyVideoConverter Pro 3.14 - 'TVSeries' Buffer Overflow
by ZwX
EIP-2026-117665 EXPLOITDB python
MyVideoConverter Pro 3.14 - 'Output Folder' Buffer Overflow
by ZwX
EIP-2026-117664 EXPLOITDB python
MyVideoConverter Pro 3.14 - 'Movie' Buffer Overflow
by ZwX
CVE-2020-37161 EXPLOITDB CRITICAL python
Wedding Slideshow Studio 1.36 - RCE
Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the registration name field with malicious payload. Attackers can craft a specially designed payload to trigger remote code execution, demonstrating the ability to run system commands like launching the calculator.
by ZwX
CVSS 9.8
EIP-2026-118016 EXPLOITDB python
Torrent iPod Video Converter 1.51 - Stack Overflow
by boku
EIP-2026-117080 EXPLOITDB python
DVD Photo Slideshow Professional 8.07 - 'Name' Buffer Overflow
by ZwX
EIP-2026-117079 EXPLOITDB python
DVD Photo Slideshow Professional 8.07 - 'Key' Buffer Overflow
by ZwX
CVE-2020-37162 EXPLOITDB CRITICAL python
Wedding Slideshow Studio <1.36 - Buffer Overflow
Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability in the registration key input that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload of 1608 bytes to trigger a stack-based buffer overflow and execute commands through the registration key field.
by ZwX
CVSS 9.8
EIP-2026-102755 EXPLOITDB python VERIFIED
usersctp - Out-of-Bounds Reads in sctp_load_addresses_from_init
by Google Security Research
CVE-2020-37171 EXPLOITDB MEDIUM python
TapinRadio 2.12.3 - DoS
TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy username configuration that allows local attackers to crash the application. Attackers can overwrite the username field with 10,000 bytes of arbitrary data to trigger an application crash and prevent normal program functionality.
by chuyreds
CVSS 6.2
CVE-2020-37170 EXPLOITDB MEDIUM python
TapinRadio 2.12.3 - DoS
TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy address configuration that allows local attackers to crash the application. Attackers can overwrite the address field with 3000 bytes of arbitrary data to trigger an application crash and prevent normal program functionality.
by chuyreds
CVSS 6.2
CVE-2020-37166 EXPLOITDB MEDIUM python
AbsoluteTelnet <11.12 - DoS
AbsoluteTelnet 11.12 contains a denial of service vulnerability in the SSH2 username input field that allows local attackers to crash the application. Attackers can overwrite the username field with a 1000-byte buffer, causing the application to become unresponsive and terminate.
by chuyreds
CVSS 6.2
CVE-2020-37165 EXPLOITDB MEDIUM python
AbsoluteTelnet <11.12 - DoS
AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized license name. Attackers can generate a 2500-character payload and paste it into the license name field to trigger an application crash.
by chuyreds
CVSS 6.2
CVE-2020-37164 EXPLOITDB MEDIUM python
AbsoluteTelnet <11.12 - DoS
AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized license name. Attackers can generate a 2500-character payload and paste it into the license entry field to trigger an application crash.
by chuyreds
CVSS 6.2
EIP-2026-116152 EXPLOITDB python
RarmaRadio 2.72.4 - 'username' Denial of Service (PoC)
by chuyreds
EIP-2026-116151 EXPLOITDB python
RarmaRadio 2.72.4 - 'server' Denial of Service (PoC)
by chuyreds
CVE-2019-15978 EXPLOITDB HIGH python VERIFIED
Cisco DCNM - Command Injection
Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative privileges on the DCNM application to inject arbitrary commands on the underlying operating system (OS). For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.
by mr_me
CVSS 7.2
CVE-2019-15984 EXPLOITDB HIGH python VERIFIED
Cisco DCNM - SQL Injection
Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.
by mr_me
CVSS 7.2
CVE-2019-15975 EXPLOITDB CRITICAL python VERIFIED
Cisco DCNM - Privilege Escalation
Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
by mr_me
CVSS 9.8
CVE-2019-10716 EXPLOITDB HIGH python
Verodin Director < 3.5.3.1 - Improper Privilege Management
An Information Disclosure issue in Verodin Director 3.5.3.1 and earlier reveals usernames and passwords of integrated security technologies via a /integrations.json JSON REST API request.
by nxkennedy
CVSS 7.7
CVE-2020-8495 EXPLOITDB HIGH python
Kronos Web Time and Attendance <4.0 - Privilege Escalation
In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H491delegate servlet allows an attacker with Timekeeper or Supervisor privileges to gain unauthorized administrative privileges within the application via the delegate, delegateRole, and delegatorUserId parameters.
by nxkennedy
CVSS 7.5
By Source
All 4,724 Exploitdb 50,121 Writeup 46,733 Nomisec 21,197 Metasploit 3,189 Github 2,248 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,738 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 260 c++ 247 shell 68 go 41 postscript 25 xml 24