Exploitdb Exploits

2,689 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-6553 EXPLOITDB CRITICAL ruby VERIFIED
Quest Privilege Manager for Unix < 6.0.0-50 - Buffer Overflow via ACT_ALERT_EVENT Request
Buffer Overflow in Quest One Identity Privilege Manager for Unix before 6.0.0.061 allows remote attackers to obtain full access to the policy server via an ACT_ALERT_EVENT request that causes memory corruption in the pmmasterd daemon.
by Metasploit
CVSS 9.8
CVE-2017-7269 EXPLOITDB CRITICAL ruby VERIFIED
Internet Information Services 6.0 - Remote Code Execution via WebDAV PROPFIND Request
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.
by Metasploit
CVSS 9.8
CVE-2025-34102 EXPLOITDB CRITICAL ruby VERIFIED
CryptoLog PHP - Unauthenticated Remote Code Execution via SQL Injection and Command Injection
A remote code execution vulnerability exists in CryptoLog (PHP version, discontinued since 2009) due to a chained exploitation of SQL injection and command injection vulnerabilities. An unauthenticated attacker can gain shell access as the web server user by first exploiting a SQL injection flaw in login.php to bypass authentication, followed by command injection in logshares_ajax.php to execute arbitrary operating system commands. The login bypass is achieved by submitting crafted SQL via the user POST parameter. Once authenticated, the attacker can abuse the lsid POST parameter in the logshares_ajax.php endpoint to inject and execute a command using $(...) syntax, resulting in code execution under the web context. This exploitation path does not exist in the ASP.NET version of CryptoLog released since 2009.
by Mehmet Ince
CVE-2017-8779 EXPLOITDB HIGH ruby
rpcbind < 0.2.4 - Denial of Service via Crafted UDP Packet
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.
by Guido Vranken
CVSS 7.5
CVE-2017-8291 EXPLOITDB HIGH ruby VERIFIED
Ghostscript Type Confusion Arbitrary Command Execution
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
by Metasploit
CVSS 7.8
EIP-2026-114672 EXPLOITDB ruby VERIFIED
Mercurial - Custom hg-ssh Wrapper Remote Code Exec (Metasploit)
by Metasploit
CVE-2025-34103 EXPLOITDB CRITICAL ruby VERIFIED
WePresent WiPG-1000 <2.2.3.0 - Command Injection
An unauthenticated command injection vulnerability exists in WePresent WiPG-1000 firmware versions prior to 2.2.3.0, due to improper input handling in the undocumented /cgi-bin/rdfs.cgi endpoint. The Client parameter is not sanitized before being passed to a system call, allowing an unauthenticated remote attacker to execute arbitrary commands as the web server user.
by Metasploit
CVE-2017-0199 EXPLOITDB HIGH ruby VERIFIED
Microsoft Office Word Malicious Hta Execution
Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."
by Metasploit
CVSS 7.8
EIP-2026-101310 EXPLOITDB ruby VERIFIED
Huawei HG532n - Command Injection (Metasploit)
by Metasploit
EIP-2026-101309 EXPLOITDB ruby VERIFIED
Huawei HG532n - Command Injection (Metasploit)
by Metasploit
CVE-2017-0148 EXPLOITDB HIGH ruby VERIFIED
Microsoft Windows SMBv1 - Remote Code Execution via Crafted Packets
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0146.
by Sean Dillon
CVSS 8.1
CVE-2017-0146 EXPLOITDB HIGH ruby VERIFIED
Microsoft Windows SMBv1 - Remote Code Execution via Crafted Packets
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0148.
by Sean Dillon
CVSS 8.8
CVE-2017-0145 EXPLOITDB HIGH ruby VERIFIED
Microsoft Windows SMBv1 - Remote Code Execution via Crafted Packets
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0146, and CVE-2017-0148.
by Sean Dillon
CVSS 8.8
CVE-2017-0144 EXPLOITDB HIGH ruby VERIFIED
Microsoft Windows SMBv1 - Remote Code Execution via Crafted Packets
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
by Sean Dillon
CVSS 8.8
CVE-2017-0143 EXPLOITDB HIGH ruby VERIFIED
Microsoft Windows SMBv1 - Remote Code Execution via Crafted Packets
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
by Sean Dillon
CVSS 8.8
CVE-2017-0147 EXPLOITDB HIGH ruby VERIFIED
Microsoft Windows - SMBv1 Information Disclosure via Crafted Packets
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted packets, aka "Windows SMB Information Disclosure Vulnerability."
by Sean Dillon
CVSS 7.5
EIP-2026-116562 EXPLOITDB ruby VERIFIED
WinSCP 5.9.4 - 'LIST' Denial of Service (Metasploit)
by mohammed Mohammed
EIP-2026-105095 EXPLOITDB ruby
Alienvault OSSIM/USM 5.3.4/5.3.5 - Remote Command Execution (Metasploit)
by Peter Lapp
CVE-2016-9091 EXPLOITDB HIGH ruby VERIFIED
Blue Coat ASG <6.6.5.4 & CAS <1.3.7.4 - Command Injection
Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges.
by Chris Hebert
CVSS 7.2
CVE-2016-9091 EXPLOITDB HIGH ruby VERIFIED
Blue Coat ASG <6.6.5.4 & CAS <1.3.7.4 - Command Injection
Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges.
by Chris Hebert
CVSS 7.2
EIP-2026-103114 EXPLOITDB ruby VERIFIED
Github Enterprise - Default Session Secret and Deserialization (Metasploit)
by Metasploit
EIP-2026-103113 EXPLOITDB ruby VERIFIED
Github Enterprise - Default Session Secret and Deserialization (Metasploit)
by Metasploit
CVE-2017-5869 EXPLOITDB HIGH ruby
Nuxeo Platform 6.0, 7.1-7.3 - Authenticated Path Traversal and Remote Code Execution via X-File-Name Header
Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. (dot dot) in the X-File-Name header.
by Sysdream
CVSS 8.8
EIP-2026-114670 EXPLOITDB ruby VERIFIED
Logsign 4.4.2/4.4.137 - Remote Command Injection (Metasploit)
by Mehmet Ince
CVE-2016-10174 EXPLOITDB CRITICAL ruby VERIFIED
NETGEAR Multiple Routers - Unauthenticated Remote Code Execution via Hidden Lang AVI Parameter Buffer Overflow
The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.
by Pedro Ribeiro
CVSS 9.8
By Source
All 2,689 Writeup 62,021 Exploitdb 50,076 Nomisec 22,329 Github 3,511 Metasploit 3,295 Vulncheck_xdb 926 Inthewild 514 Gitlab 470 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,510 ruby 5,985 c 3,622 perl 2,849 html 2,072 php 1,332 bash 462 java 370 c++ 257 javascript 228 shell 130 go 72 postscript 25 typescript 25