Exploitdb Exploits

2,689 exploits tracked across all sources.

Sort: Activity Stars
CVE-2015-7808 EXPLOITDB ruby
vBulletin 5 Connect <5.1.9 - Code Injection
The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments.
by Metasploit
CVE-2017-11346 EXPLOITDB CRITICAL ruby
ManageEngine Desktop Central < 10.0 - Remote Code Execution via Help Desk Video Upload
Zoho ManageEngine Desktop Central before build 100092 allows remote attackers to execute arbitrary code via vectors involving the upload of help desk videos.
by Kacper Szurek
CVSS 9.8
EIP-2026-100719 EXPLOITDB ruby VERIFIED
IPFire < 2.19 Update Core 110 - Remote Code Execution (Metasploit)
by Metasploit
EIP-2026-100901 EXPLOITDB ruby
Sonicwall < 8.1.0.6-21sv - 'gencsr.cgi' Command Injection (Metasploit)
by xort
EIP-2026-100900 EXPLOITDB ruby
Sonicwall < 8.1.0.2-14sv - 'sitecustomization.cgi' Command Injection (Metasploit)
by xort
CVE-2017-6316 EXPLOITDB CRITICAL ruby
Citrix NetScaler SD-WAN <v9.1.2.26.561201 - Command Injection
Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID.
by xort
CVSS 9.8
CVE-2017-6182 EXPLOITDB CRITICAL ruby VERIFIED
Sophos Web Appliance < 4.3.1.2 - Remote Command Injection via Report Generation Functions
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304.
by xort
CVSS 9.8
CVE-2017-6320 EXPLOITDB HIGH ruby
Barracuda Load Balancer ADC < 6.0.1.006 - Authenticated OS Command Injection via delete_assessment Command
A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in which an authenticated user can execute arbitrary shell commands and gain root privileges. The vulnerability stems from unsanitized data being processed in a system call when the delete_assessment command is issued.
by xort
CVSS 8.8
CVE-2015-2843 EXPLOITDB ruby VERIFIED
GoAutoDial GoAdmin CE - SQL Injection via User Credentials or PATH_INFO
Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute arbitrary SQL commands via the (1) user_name or (2) user_pass parameter in go_login.php or the PATH_INFO to (3) go_login/validate_credentials/admin/ or (4) index.php/go_site/go_get_user_info/.
by Metasploit
CVE-2015-2845 EXPLOITDB ruby VERIFIED
GoAutoDial GoAdmin CE - OS Command Injection via cpanel PATH_INFO
The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary commands via the $type portion of the PATH_INFO.
by Metasploit
CVE-2017-8895 EXPLOITDB CRITICAL ruby VERIFIED
Veritas Backup Exec <16 FP1 - Use After Free
In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this vulnerability to crash the agent or potentially take control of the agent process and then the system it is running on.
by Metasploit
CVSS 9.8
CVE-2016-3088 EXPLOITDB CRITICAL ruby VERIFIED
ActiveMQ web shell upload
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.
by Metasploit
CVSS 9.8
CVE-2017-6326 EXPLOITDB CRITICAL ruby VERIFIED
Symantec Messaging Gateway < 10.6.3 - Remote Code Execution
The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process.
by Mehmet Ince
CVSS 10.0
CVE-2017-6334 EXPLOITDB HIGH ruby VERIFIED
NETGEAR DGN2200 Series Firmware <= 10.0.0.50 - Authenticated OS Command Injection via dnslookup.cgi host_name Parameter
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077.
by Metasploit
CVSS 8.8
EIP-2026-118459 EXPLOITDB ruby VERIFIED
Easy File Sharing HTTP Server 7.2 - POST Buffer Overflow (Metasploit)
by Metasploit
EIP-2026-117541 EXPLOITDB ruby VERIFIED
Microsoft Windows - UAC Protection Bypass via FodHelper Registry Key (Metasploit)
by Metasploit
EIP-2026-117540 EXPLOITDB ruby VERIFIED
Microsoft Windows - UAC Protection Bypass via FodHelper Registry Key (Metasploit)
by Metasploit
CVE-2017-20198 EXPLOITDB CRITICAL ruby VERIFIED
DC/OS Marathon < 1.9.0 - Docker Root Mount Code Execution
The Marathon UI in DC/OS < 1.9.0 allows unauthenticated users to deploy arbitrary Docker containers. Due to improper restriction of volume mount configurations, attackers can deploy a container that mounts the host's root filesystem (/) with read/write privileges. When using a malicious Docker image, the attacker can write to /etc/cron.d/ on the host, achieving arbitrary code execution with root privileges. This impacts any system where the Docker daemon honors Marathon container configurations without policy enforcement.
by Metasploit
EIP-2026-118978 EXPLOITDB ruby VERIFIED
Octopus Deploy - (Authenticated) Code Execution (Metasploit)
by Metasploit
CVE-2017-7494 EXPLOITDB CRITICAL ruby VERIFIED
Samba is_known_pipename() Arbitrary Module Load
Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
by Metasploit
CVSS 9.8
EIP-2026-119263 EXPLOITDB ruby VERIFIED
VX Search Enterprise 9.5.12 - GET Buffer Overflow (Metasploit)
by Metasploit
CVE-2025-34101 EXPLOITDB CRITICAL ruby VERIFIED
Serviio Media Server <1.8 - Command Injection
An unauthenticated command injection vulnerability exists in Serviio Media Server versions 1.4 through 1.8 on Windows, in the /rest/action API endpoint exposed by the console component (default port 23423). The checkStreamUrl method accepts a VIDEO parameter that is passed unsanitized to a call to cmd.exe, enabling arbitrary command execution under the privileges of the web server. No authentication is required to exploit this issue, as the REST API is exposed by default and lacks access controls.
by Metasploit
EIP-2026-118444 EXPLOITDB ruby VERIFIED
Dup Scout Enterprise 9.5.14 - GET Buffer Overflow (Metasploit)
by Metasploit
CVE-2016-10033 EXPLOITDB CRITICAL ruby VERIFIED
PHPMailer Sendmail Argument Injection
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
by Metasploit
CVSS 9.8
EIP-2026-104717 EXPLOITDB ruby VERIFIED
BuilderEngine 3.5.0 - Arbitrary File Upload and Execution (Metasploit)
by Metasploit
By Source
All 2,689 Writeup 62,021 Exploitdb 50,076 Nomisec 22,325 Github 3,504 Metasploit 3,295 Vulncheck_xdb 926 Inthewild 514 Gitlab 470 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,507 ruby 5,985 c 3,621 perl 2,849 html 2,072 php 1,332 bash 462 java 370 c++ 257 javascript 228 shell 127 go 72 postscript 25 typescript 25