Exploitdb Exploits

4,728 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-118438 EXPLOITDB python VERIFIED
Dup Scout Enterprise 10.0.18 - 'Login' Remote Buffer Overflow
by sickness
CVE-2017-16806 EXPLOITDB HIGH python
Ulterius Server < 1.9.5.0 - Directory Traversal
The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal.
by Rick Osgood
CVSS 7.5
EIP-2026-110378 EXPLOITDB python
osCommerce 2.3.4.1 - Arbitrary File Upload
by Simon Scannell
EIP-2026-116605 EXPLOITDB python VERIFIED
Xlight FTP Server 3.8.8.5 - Buffer Overflow (PoC)
by bzyo
EIP-2026-116256 EXPLOITDB python
SMPlayer 17.11.0 - '.m3u' Buffer Overflow (PoC)
by bzyo
CVE-2017-16352 EXPLOITDB HIGH python
GraphicsMagick 1.3.26 - Buffer Overflow
GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag.
by SecuriTeam
CVSS 8.8
EIP-2026-115493 EXPLOITDB python
Jnes 1.0.2 - Stack Buffer Overflow
by crash_manucoot
CVE-2017-16513 EXPLOITDB HIGH python VERIFIED
Ipswitch WS_FTP Pro <12.6.0.3 - Buffer Overflow
Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in the local search field and the backup locations field, aka WSCLT-1729.
by Kevin McGuigan
CVSS 7.8
CVE-2017-16353 EXPLOITDB MEDIUM python
GraphicsMagick 1.3.26 - Info Disclosure
GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked.
by SecuriTeam
CVSS 6.5
CVE-2017-16249 EXPLOITDB HIGH python
Debut embedded http server - DoS
The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying (~300 seconds) with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web interface is inaccessible. An attacker can continuously send this malformed request to keep the device inaccessible to legitimate traffic.
by z00n
CVSS 7.5
EIP-2026-102192 EXPLOITDB python
WhatsApp 2.17.52 - Memory Corruption
by Juan Sacco
CVE-2017-10309 EXPLOITDB HIGH python VERIFIED
Oracle Jdk < 11.70.1 - Denial of Service
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).
by mr_me
CVSS 7.1
EIP-2026-114139 EXPLOITDB python
WordPress Plugin Ultimate Product Catalog 4.2.24 - PHP Object Injection
by tomplixsee
EIP-2026-116413 EXPLOITDB python
Tizen Studio 1.3 Smart Development Bridge < 2.3.2 - Buffer Overflow (PoC)
by Marcin Kopec
CVE-2017-5223 EXPLOITDB MEDIUM python
PHPMailer <5.2.22 - Code Injection
An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base directory is provided, it resolves to /, meaning that relative image URLs get treated as absolute local file paths and added as attachments. To form a remote vulnerability, the msgHTML method must be called, passed an unfiltered, user-supplied HTML document, and must not set a base directory.
by Maciek Krupa
CVSS 5.5
EIP-2026-117593 EXPLOITDB python
Mikogo 5.4.1.160608 - Local Credentials Disclosure
by LiquidWorm
CVE-2017-14143 EXPLOITDB CRITICAL python VERIFIED
Kaltura <13.2.0 - Code Injection
The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzone cookie.
by Robin Verton
CVSS 9.8
CVE-2017-15222 EXPLOITDB CRITICAL python VERIFIED
Nftp < 2.0 - Buffer Overflow
Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows remote attackers to execute arbitrary code.
by Berk Cem Göksel
CVSS 9.8
CVE-2017-15223 EXPLOITDB MEDIUM python
Argosoft Mini Mail Server < 1.0.0.2 - Infinite Loop
Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 and earlier allows remote attackers to waste CPU resources (memory consumption) via unspecified vectors, possibly triggering an infinite loop.
by Berk Cem Göksel
CVSS 5.3
EIP-2026-119187 EXPLOITDB python VERIFIED
Sync Breeze Enterprise 10.1.16 - 'POST' Remote Buffer Overflow
by mschenk
CVE-2017-14955 EXPLOITDB MEDIUM python
Checkmk - Information Disclosure
Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report.
by Julien Ahrens
CVSS 5.9
CVE-2017-15276 EXPLOITDB HIGH python
Opentext Documentum Content Server < 7.3 - Path Traversal
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server allows uploading content using batches (TAR archives). When unpacking TAR archives, Content Server fails to verify the contents of an archive, which causes a path traversal vulnerability via symlinks. Because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation.
by Andrey B. Panfilov
CVSS 8.8
CVE-2017-15012 EXPLOITDB HIGH python
Opentext Documentum Content Server < 7.3 - Improper Input Validation
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 does not properly validate the input of the PUT_FILE RPC-command, which allows any authenticated user to hijack an arbitrary file from the Content Server filesystem; because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation.
by Andrey B. Panfilov
CVSS 8.8
CVE-2017-15014 EXPLOITDB MEDIUM python
Opentext Documentum Content Server - Improper Privilege Management
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardless of the attacker's repository permissions: When an authenticated user uploads content to the repository, he performs the following steps: (1) calls the START_PUSH RPC-command; (2) uploads the file to the content server; (3) calls the END_PUSH_V2 RPC-command (here, Content Server returns a DATA_TICKET integer, intended to identify the location of the uploaded file on the Content Server filesystem); (4) creates a dmr_content object in the repository, which has a value of data_ticket equal to the value of DATA_TICKET returned at the end of END_PUSH_V2 call. As the result of this design, any authenticated user may create his own dmr_content object, pointing to already existing content in the Content Server filesystem.
by Andrey B. Panfilov
CVSS 4.3
CVE-2017-15013 EXPLOITDB HIGH python
Opentext Documentum Content Server - Improper Privilege Management
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server stores information about uploaded files in dmr_content objects, which are queryable and "editable" (before release 7.2P02, any authenticated user was able to edit dmr_content objects; now any authenticated user may delete a dmr_content object and then create a new one with the old identifier) by authenticated users; this allows any authenticated user to replace the content of security-sensitive dmr_content objects (for example, dmr_content related to dm_method objects) and gain superuser privileges.
by Andrey B. Panfilov
CVSS 8.8
By Source
All 4,728 Exploitdb 50,130 Writeup 46,953 Nomisec 21,249 Metasploit 3,221 Github 2,386 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,346 ruby 5,952 python 5,798 c 3,565 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 85 go 45 postscript 25 xml 24