Exploitdb Exploits

2,689 exploits tracked across all sources.

Sort: Activity Stars
CVE-2015-0235 EXPLOITDB ruby VERIFIED
Exim GHOST (glibc gethostbyname) Buffer Overflow
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
by Qualys Corporation
CVE-2015-0318 EXPLOITDB ruby VERIFIED
Adobe Flash Player < 13.0.0.269 and 14.x-16.x < 16.0.0.305 - Remote Code Execution
Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330.
by Metasploit
CVE-2015-0925 EXPLOITDB ruby VERIFIED
iPass Open Mobile < 2.4.4 - Authenticated Remote Code Execution via DLL Pathname in Unicode String
The client in iPass Open Mobile before 2.4.5 on Windows allows remote authenticated users to execute arbitrary code via a DLL pathname in a crafted Unicode string that is improperly handled by a subprocess reached through a named pipe, as demonstrated by a UNC share pathname.
by Metasploit
CVE-2015-1427 EXPLOITDB CRITICAL ruby VERIFIED
Elasticsearch <1.3.8, <1.4.3 - Command Injection
The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.
by Metasploit
CVSS 9.8
CVE-2015-0311 EXPLOITDB CRITICAL ruby VERIFIED
Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free
Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015.
by Metasploit
CVSS 9.8
CVE-2014-2623 EXPLOITDB ruby VERIFIED
HP Storage Data Protector 8.x - Remote Code Execution
Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors.
by Metasploit
CVE-2014-8687 EXPLOITDB CRITICAL ruby VERIFIED
Seagate Business NAS <2015.00322 - RCE
Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session tokens.
by Metasploit
CVSS 9.8
CVE-2014-8686 EXPLOITDB CRITICAL ruby VERIFIED
CodeIgniter <2.2.0 - Info Disclosure
CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available.
by Metasploit
CVSS 9.8
CVE-2014-7285 EXPLOITDB ruby VERIFIED
Symantec Web Gateway <5.2.2 - Command Injection
The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.
by Metasploit
CVE-2015-1497 EXPLOITDB ruby
Persistent Systems Radia Client Automation <9.1 - RCE
radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitrary commands via a crafted request to TCP port 3465.
by Ben Turner
CVE-2015-1187 EXPLOITDB CRITICAL ruby VERIFIED
D-Link Routers - Remote Code Execution via ping.ccp
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.
by Metasploit
CVSS 9.8
CVE-2015-1497 EXPLOITDB ruby VERIFIED
Persistent Systems Radia Client Automation <9.1 - RCE
radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitrary commands via a crafted request to TCP port 3465.
by Metasploit
CVE-2013-5572 EXPLOITDB ruby
Zabbix 2.0.5 - Authenticated LDAP Bind Password Exposure via HTML Source Code
Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldap_bind_password value in the HTML source code.
by Pablo González
CVE-2025-34128 EXPLOITDB HIGH ruby VERIFIED
X360 VideoPlayer <2.6 - Buffer Overflow
A buffer overflow vulnerability exists in the X360 VideoPlayer ActiveX control (VideoPlayer.ocx) version 2.6 when handling overly long arguments to the ConvertFile() method. An attacker can exploit this vulnerability by supplying crafted input to cause memory corruption and execute arbitrary code within the context of the current process.
by Metasploit
CVE-2015-2342 EXPLOITDB ruby VERIFIED
VMware vCenter Server 5.0-5.5 and 6.0 - Remote Code Execution via JMX RMI MBean Registration
The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol.
by Metasploit
CVE-2025-34127 EXPLOITDB CRITICAL ruby VERIFIED
Achat Chat Server 0.150 - Stack-based Buffer Overflow via UDP Port 9256
A stack-based buffer overflow exists in Achat v0.150 in its default configuration. By sending a specially crafted message to the UDP port 9256, an attacker can overwrite the structured exception handler (SEH) due to insufficient bounds checking on user-supplied input leading to remote code execution.
by Metasploit
CVE-2015-1172 EXPLOITDB ruby VERIFIED
Holding Pattern < 0.6 - Unauthenticated Arbitrary File Upload via admin/upload-file.php
Unrestricted file upload vulnerability in admin/upload-file.php in the Holding Pattern theme (aka holding_pattern) 0.6 and earlier for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory.
by Metasploit
CVE-2015-1592 EXPLOITDB ruby VERIFIED
Movable Type <5.2.12 & <6.0.7 - Code Injection
Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and execute arbitrary local Perl files and possibly execute arbitrary code via unspecified vectors.
by Metasploit
CVE-2014-9308 EXPLOITDB ruby VERIFIED
WP EasyCart < 3.0.8 - Authenticated Arbitrary File Upload via Banner Upload Script
Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart (aka WordPress Shopping Cart) plugin before 3.0.9 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in products/banners/.
by Metasploit
CVE-2015-0016 EXPLOITDB HIGH ruby VERIFIED
Windows TS WebProxy - Directory Traversal Elevation of Privilege via Crafted Executable Pathname
Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted pathname in an executable file, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Directory Traversal Elevation of Privilege Vulnerability."
by Metasploit
CVSS 7.8
CVE-2012-0261 EXPLOITDB ruby VERIFIED
op5 Monitor/Appliance <1.6.2/<5.5.3 - Command Injection
license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action.
by Metasploit
CVE-2015-1362 EXPLOITDB ruby
Exif Pilot 4.7.2 - Buffer Overflow via Long Maker Element in XML File
Buffer overflow in the Customize 35mm tab in Two Pilots Exif Pilot 4.7.2 allows remote attackers to execute arbitrary code via a long string in the maker element in an XML file.
by Osanda Malith Jayathissa
CVE-2014-5301 EXPLOITDB HIGH ruby VERIFIED
ManageEngine ServiceDesk Plus MSP 5-9.0.9030 Path Traversal
Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4.
by Metasploit
CVSS 8.8
CVE-2012-5613 EXPLOITDB ruby VERIFIED
MySQL <5.5.19 & MariaDB <5.5.28a - Privilege Escalation
MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue.
by Metasploit
CVE-2014-10021 EXPLOITDB ruby VERIFIED
WP Symposium 14.11 - Unauthenticated Arbitrary File Upload via UploadHandler.php
Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in server/php/.
by Metasploit
By Source
All 2,689 Writeup 62,043 Exploitdb 50,076 Nomisec 22,336 Github 3,517 Metasploit 3,299 Vulncheck_xdb 927 Inthewild 514 Gitlab 470 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,515 ruby 5,989 c 3,622 perl 2,849 html 2,072 php 1,332 bash 462 java 370 c++ 257 javascript 228 shell 130 go 72 postscript 25 typescript 25