Exploitdb Exploits

2,731 exploits tracked across all sources.

Sort: Activity Stars
CVE-2015-7858 EXPLOITDB ruby VERIFIED
Joomla! <3.4.4 - SQL Injection
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297.
by Metasploit
CVE-2014-0476 EXPLOITDB ruby VERIFIED
chkrootkit <0.50 - Code Injection
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.
by Metasploit
CVE-2015-3628 EXPLOITDB ruby VERIFIED
F5 BIG-IP <11.6.0 HF6 - RCE
The iControl API in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP AAM 11.4.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0, BIG-IP GTM 11.3.0 before 11.6.0 HF6, BIG-IP PSM 11.3.0 through 11.4.1, Enterprise Manager 3.1.0 through 3.1.1, BIG-IQ Cloud and Security 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, and BIG-IQ ADC 4.5.0 allows remote authenticated users with the "Resource Administrator" role to gain privileges via an iCall (1) script or (2) handler in a SOAP request to iControl/iControlPortal.cgi.
by Metasploit
CVE-2025-34121 EXPLOITDB CRITICAL ruby VERIFIED
Idera Up.Time Monitoring Station <=7.2 - RCE
An unauthenticated arbitrary file upload vulnerability exists in Idera Up.Time Monitoring Station versions up to and including 7.2. The `wizards/post2file.php` script accepts arbitrary POST parameters, allowing attackers to upload crafted PHP files to the webroot. Successful exploitation results in remote code execution as the web server user. NOTE: The bypass for this vulnerability is tracked as CVE-2015-9263.
by Metasploit
EIP-2026-104733 EXPLOITDB ruby VERIFIED
Idera Up.Time Monitoring Station 7.4 - 'post2file.php' Arbitrary File Upload (Metasploit)
by Metasploit
EIP-2026-104787 EXPLOITDB ruby VERIFIED
WordPress Plugin Ajax Load More 2.8.1.1 - PHP Upload (Metasploit)
by Metasploit
CVE-2015-1793 EXPLOITDB MEDIUM ruby
Oracle Supply Chain Products Suite < 2.0.0.6 - Security Feature Bypass
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.
by Ramon de C Valle
CVSS 6.5
CVE-2014-6593 EXPLOITDB ruby
Oracle Java SE <8.0 - Info Disclosure
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
by Ramon de C Valle
EIP-2026-104782 EXPLOITDB ruby VERIFIED
Th3 MMA - 'mma.php' Backdoor Arbitrary File Upload (Metasploit)
by Metasploit
CVE-2015-5889 EXPLOITDB ruby VERIFIED
Apple OS X <10.11 - Privilege Escalation
rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables.
by Metasploit
CVE-2015-7007 EXPLOITDB ruby VERIFIED
Apple OS X <10.11.1 - Auth Bypass
Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement for AppleScript execution via unspecified vectors.
by Metasploit
CVE-2013-2097 EXPLOITDB HIGH ruby VERIFIED
ZPanel <10.1.0 - RCE
ZPanel through 10.1.0 has Remote Command Execution
by Metasploit
CVSS 7.8
CVE-2015-6967 EXPLOITDB ruby VERIFIED
Nibbleblog < 4.0.4 - Unrestricted File Upload
Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in content/private/plugins/my_image/image.php.
by Metasploit
EIP-2026-113549 EXPLOITDB ruby
WordPress Plugin Ajax Load More < 2.8.2 - Arbitrary File Upload
by PizzaHatHacker
CVE-2015-6922 EXPLOITDB CRITICAL ruby VERIFIED
Kaseya Virtual System Administrator < 7.0.0.33 - Authentication Bypass
Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before 9.1.0.9 does not properly require authentication, which allows remote attackers to bypass authentication and (1) add an administrative account via crafted request to LocalAuth/setAccount.aspx or (2) write to and execute arbitrary files via a full pathname in the PathData parameter to ConfigTab/uploader.aspx.
by Metasploit
CVSS 9.8
EIP-2026-104139 EXPLOITDB ruby VERIFIED
Zemra Botnet (C2 Web Panel) - Remote Code Execution (Metasploit)
by Metasploit
EIP-2026-104138 EXPLOITDB ruby VERIFIED
Zemra Botnet (C2 Web Panel) - Remote Code Execution (Metasploit)
by Metasploit
CVE-2015-7387 EXPLOITDB ruby VERIFIED
Zohocorp Manageengine Eventlog Analyzer < 10.6 - SQL Injection
ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrated by "SELECT 1;INSERT INTO." Fixed in Build 11200.
by Metasploit
CVE-2015-5452 EXPLOITDB ruby VERIFIED
Watchguard XCS <10.0 - SQL Injection
SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before build 150522 allows remote attackers to execute arbitrary SQL commands via the sid cookie, as demonstrated by a request to borderpost/imp/compose.php3.
by Metasploit
CVE-2015-5453 EXPLOITDB ruby VERIFIED
Watchguard XCS <10.0 - Command Injection
Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the id parameter to ADMIN/mailqueue.spl.
by Metasploit
EIP-2026-100688 EXPLOITDB ruby VERIFIED
Watchguard XCS - FixCorruptMail Privilege Escalation (Metasploit)
by Metasploit
CVE-2015-6589 EXPLOITDB HIGH ruby
Kaseya Virtual System Administrator < 7.0.0.33 - Path Traversal
Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, 9.0.0.0 before 9.0.0.19, and 9.1.0.0 before 9.1.0.9 allows remote authenticated users to write to and execute arbitrary files due to insufficient restrictions in file paths to json.ashx.
by Pedro Ribeiro
CVSS 8.8
EIP-2026-104123 EXPLOITDB ruby VERIFIED
w3tw0rk / Pitbul IRC Bot - Remote Code Execution (Metasploit)
by Metasploit
CVE-2015-7768 EXPLOITDB ruby VERIFIED
Konica Minolta FTP Utility 1.0 - RCE
Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote attackers to execute arbitrary code via a long CWD command.
by Metasploit
CVE-2015-7765 EXPLOITDB ruby VERIFIED
ZOHO ManageEngine OpManager <11.5.11600 - Auth Bypass
ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password.
by Metasploit
By Source
All 2,731 Exploitdb 50,121 Writeup 46,637 Nomisec 21,130 Metasploit 3,189 Github 2,236 Vulncheck_xdb 900 Inthewild 518 Gitlab 438 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,730 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 260 c++ 246 shell 68 go 41 postscript 25 xml 24