Exploitdb Exploits

2,689 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-101351 EXPLOITDB ruby VERIFIED
Linksys WRT54GL - 'apply.cgi' Command Execution (Metasploit)
by Metasploit
EIP-2026-116370 EXPLOITDB ruby VERIFIED
Sysax Multi Server 6.10 - SSH Denial of Service
by Matt Andreko
CVE-2013-10061 EXPLOITDB HIGH ruby VERIFIED
Netgear routers <1.1.00.45 - Command Injection
An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45) via the TimeToLive parameter in the setup.cgi endpoint. The vulnerability arises from improper input neutralization, enabling command injection through crafted POST requests. This flaw enables remote attackers to deploy payloads or manipulate system state post-authentication.
by Metasploit
CVSS 7.2
CVE-2013-1080 EXPLOITDB ruby VERIFIED
Novell ZENworks Configuration Management < 11.2.4 - Directory Traversal & Arbitrary File Upload
The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a request to TCP port 443.
by Metasploit
CVE-2013-1892 EXPLOITDB ruby VERIFIED
MongoDB < 2.0.9 and 2.2.x < 2.2.4 - Authenticated Remote Code Execution via nativeHelper Function
MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument.
by Metasploit
EIP-2026-103141 EXPLOITDB ruby VERIFIED
HP System Management - Anonymous Access Code Execution (Metasploit)
by Metasploit
EIP-2026-102868 EXPLOITDB ruby VERIFIED
HP System Management Homepage - Local Privilege Escalation (Metasploit)
by Metasploit
EIP-2026-101347 EXPLOITDB ruby VERIFIED
Linksys E1500/E2500 - 'apply.cgi' Remote Command Injection (Metasploit)
by Metasploit
CVE-2005-0575 EXPLOITDB ruby VERIFIED
Stormy Studios Knet <= 1.04c - Buffer Overflow via Long HTTP GET Request
Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP GET request.
by Myo Soe
CVE-2013-1493 EXPLOITDB ruby VERIFIED
Oracle JRE < 1.7.0 - Remote Code Execution via Crafted Image Raster Parameters
The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.
by Metasploit
EIP-2026-104779 EXPLOITDB ruby VERIFIED
STUNSHELL (Web Shell) - Remote Code Execution (Metasploit)
by Metasploit
EIP-2026-104778 EXPLOITDB ruby VERIFIED
STUNSHELL (Web Shell) - Remote Code Execution (Metasploit)
by Metasploit
EIP-2026-104777 EXPLOITDB ruby VERIFIED
STUNSHELL (Web Shell) - PHP Remote Code Execution (Metasploit)
by Metasploit
EIP-2026-104776 EXPLOITDB ruby VERIFIED
STUNSHELL (Web Shell) - PHP Remote Code Execution (Metasploit)
by Metasploit
EIP-2026-104115 EXPLOITDB ruby VERIFIED
v0pCr3w (Web Shell) - Remote Code Execution (Metasploit)
by Metasploit
EIP-2026-104114 EXPLOITDB ruby VERIFIED
v0pCr3w (Web Shell) - Remote Code Execution (Metasploit)
by Metasploit
CVE-2012-5201 EXPLOITDB ruby VERIFIED
HP Intelligent Management Center < 5.1 - Remote Code Execution
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1611.
by Metasploit
EIP-2026-118229 EXPLOITDB ruby VERIFIED
ActFax 5.01 - RAW Server Buffer Overflow (Metasploit)
by Metasploit
CVE-2012-4711 EXPLOITDB ruby VERIFIED
KingView <6.52-6.55 - Buffer Overflow
Buffer overflow in kingMess.exe 65.20.2003.10300 in WellinTech KingView 6.52, kingMess.exe 65.20.2003.10400 in KingView 6.53, and kingMess.exe 65.50.2011.18049 in KingView 6.55 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted packet.
by Metasploit
EIP-2026-111659 EXPLOITDB ruby
Ra1NX PHP Bot - pubcall Authentication Bypass Remote Code Execution (Metasploit)
by bwall
CVE-2012-3001 EXPLOITDB ruby VERIFIED
Mutiny Standard <4.5-1.12 - Command Injection
Mutiny Standard before 4.5-1.12 allows remote attackers to execute arbitrary commands via the network-interface menu, related to a "command injection vulnerability."
by Metasploit
EIP-2026-119103 EXPLOITDB ruby VERIFIED
Sami FTP Server - 'LIST' Buffer Overflow (Metasploit)
by Metasploit
CVE-2012-4914 EXPLOITDB ruby VERIFIED
CoolPDF 3.0.2.256 - Buffer Overflow
Stack-based buffer overflow in the reader in CoolPDF 3.0.2.256 allows remote attackers to execute arbitrary code via a PDF document with a crafted stream.
by Metasploit
EIP-2026-113829 EXPLOITDB ruby
WordPress Plugin IndiaNIC FAQs Manager 1.0 - Blind SQL Injection
by m3tamantra
CVE-2011-3923 EXPLOITDB CRITICAL ruby VERIFIED
Apache Struts <2.3.1.2 - Command Injection
Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.
by Metasploit
CVSS 9.8
By Source
All 2,689 Writeup 62,188 Exploitdb 50,076 Nomisec 22,383 Github 3,590 Metasploit 3,311 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,552 ruby 6,001 c 3,625 perl 2,849 html 2,074 php 1,333 bash 462 java 370 c++ 260 javascript 229 shell 131 go 73 postscript 25 typescript 25