Exploitdb Exploits

2,689 exploits tracked across all sources.

Sort: Activity Stars
CVE-2016-6253 EXPLOITDB HIGH ruby VERIFIED
NetBSD <7.0 - Local Privilege Escalation
mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox.
by Metasploit
CVSS 7.8
CVE-2025-25034 EXPLOITDB CRITICAL ruby
SugarCRM - Unauthenticated Remote Code Execution via PHP Object Injection
A PHP object injection vulnerability exists in SugarCRM versions prior to 6.5.24, 6.7.13, 7.5.2.5, 7.6.2.2, and 7.7.1.0 due to improper validation of PHP serialized input in the SugarRestSerialize.php script. The vulnerable code fails to sanitize the rest_data parameter before passing it to the unserialize() function. This allows an unauthenticated attacker to submit crafted serialized data containing malicious object declarations, resulting in arbitrary code execution within the application context. Although SugarCRM released a prior fix in advisory sugarcrm-sa-2016-001, the patch was incomplete and failed to address some vectors. Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-13 UTC.
by Egidio Romano
EIP-2026-104751 EXPLOITDB ruby VERIFIED
Phoenix Exploit Kit - Remote Code Execution (Metasploit)
by Metasploit
EIP-2026-104750 EXPLOITDB ruby VERIFIED
Phoenix Exploit Kit - Remote Code Execution (Metasploit)
by Metasploit
EIP-2026-117531 EXPLOITDB ruby
Microsoft Windows - Fileless UAC Protection Bypass Privilege Escalation (Metasploit)
by Pablo González
CVE-2016-5330 EXPLOITDB HIGH ruby VERIFIED
VMware Workstation Player 12.1.0-12.1.1 - Untrusted Search Path via HGFS Shared Folders
Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
by Metasploit
CVSS 7.8
EIP-2026-103079 EXPLOITDB ruby
Barracuda Web Application Firewall 8.0.1.008 - (Authenticated) Remote Command Execution (Metasploit)
by xort
EIP-2026-103078 EXPLOITDB ruby
Barracuda Web App Firewall 8.0.1.008/Load Balancer 5.4.0.004 - (Authenticated) Remote Command Execution (Metasploit) (3)
by xort
EIP-2026-114665 EXPLOITDB ruby VERIFIED
Centreon 2.5.3 - Web Useralias Command Execution (Metasploit)
by Metasploit
EIP-2026-103076 EXPLOITDB ruby
Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - (Authenticated) Remote Command Execution (Metasploit)
by xort
EIP-2026-106592 EXPLOITDB ruby
Drupal Module CODER 2.5 - Remote Command Execution (Metasploit)
by Mehmet Ince
EIP-2026-103077 EXPLOITDB ruby
Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - Remote Command Execution (Metasploit)
by xort
EIP-2026-103075 EXPLOITDB ruby
Barracuda Spam & Virus Firewall 5.1.3.007 - Remote Command Execution (Metasploit)
by xort
EIP-2026-104721 EXPLOITDB ruby VERIFIED
Drupal Module RESTWS 7.x - PHP Remote Code Execution (Metasploit)
by Mehmet Ince
CVE-2025-34112 EXPLOITDB CRITICAL ruby VERIFIED
Riverbed SteelCentral NetProfiler & NetExpress <10.8.7 - RCE
An authenticated multi-stage remote code execution vulnerability exists in Riverbed SteelCentral NetProfiler and NetExpress 10.8.7 virtual appliances. A SQL injection vulnerability in the '/api/common/1.0/login' endpoint can be exploited to create a new user account in the appliance database. This user can then trigger a command injection vulnerability in the '/index.php?page=licenses' endpoint to execute arbitrary commands. The attacker may escalate privileges to root by exploiting an insecure sudoers configuration that allows the 'mazu' user to execute arbitrary commands as root via SSH key extraction and command chaining. Successful exploitation allows full remote root access to the virtual appliance.
by Metasploit
CVE-2016-0099 EXPLOITDB HIGH ruby VERIFIED
MS16-032 Secondary Logon Handle Privilege Escalation
The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability."
by Metasploit
CVSS 7.8
CVE-2025-34111 EXPLOITDB CRITICAL ruby VERIFIED
Tiki Wiki CMS Groupware < 15.1 - Unauthenticated Arbitrary File Upload via ELFinder Connector
An unauthenticated arbitrary file upload vulnerability exists in Tiki Wiki CMS Groupware version 15.1 and earlier via the ELFinder component's default connector (connector.minimal.php), which allows remote attackers to upload and execute malicious PHP scripts in the context of the web server. The vulnerable component does not enforce file type validation, allowing attackers to craft a POST request to upload executable PHP payloads through the ELFinder interface exposed at /vendor_extra/elfinder/.
by Mehmet Ince
CVSS 9.8
CVE-2016-0051 EXPLOITDB HIGH ruby VERIFIED
Microsoft Windows - Local Privilege Escalation via WebDAV Client
The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "WebDAV Elevation of Privilege Vulnerability."
by Metasploit
CVSS 7.8
CVE-2016-2098 EXPLOITDB HIGH ruby VERIFIED
Debian Linux < 3.2.22.1 - Improper Input Validation
Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.
by Metasploit
CVSS 7.3
EIP-2026-103174 EXPLOITDB ruby VERIFIED
Nagios XI Chained - Remote Code Execution (Metasploit)
by Metasploit
CVE-2015-6568 EXPLOITDB HIGH ruby
Wolf CMS < 0.8.3.1 - Authenticated Arbitrary File Upload and PHP Code Execution via File Manager
Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not prevent a change of a file extension to ".php" after originally using the parameter "filename" for uploading a JPEG image. Exploitation requires a registered user who has access to upload functionality.
by s0nk3y
CVSS 8.8
EIP-2026-119657 EXPLOITDB ruby
PCMan FTP Server 2.0.7 - 'ls' Remote Buffer Overflow (Metasploit)
by quanyechavshuo
CVE-2015-6567 EXPLOITDB HIGH ruby
Wolf CMS < 0.8.3.1 - Authenticated Arbitrary File Upload and PHP Code Execution via File Manager
Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not validate the parameter "filename" properly. Exploitation requires a registered user who has access to upload functionality.
by s0nk3y
CVSS 8.8
EIP-2026-118396 EXPLOITDB ruby VERIFIED
DarkComet Server - Arbitrary File Download (Metasploit)
by Jos Wetzels
EIP-2026-118012 EXPLOITDB ruby
Tomabo MP4 Player 3.11.6 - Local Stack Overflow (SEH) (Metasploit)
by s0nk3y
By Source
All 2,689 Writeup 62,021 Exploitdb 50,076 Nomisec 22,329 Github 3,511 Metasploit 3,295 Vulncheck_xdb 926 Inthewild 514 Gitlab 470 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,510 ruby 5,985 c 3,622 perl 2,849 html 2,072 php 1,332 bash 462 java 370 c++ 257 javascript 228 shell 130 go 72 postscript 25 typescript 25