Exploitdb Exploits

31,392 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-113561 EXPLOITDB text
WordPress Plugin ALO EasyMail NewsLetter 2.9.2 - Cross-Site Request Forgery (Add/Import Arbitrary Subscribers)
by Yorick Koster
EIP-2026-117662 EXPLOITDB text
mySCADAPro 7 - Local Privilege Escalation
by Karn Ganeshen
EIP-2026-114138 EXPLOITDB text
WordPress Plugin Ultimate Product Catalog 3.9.8 - do_shortcode via ajax Blind SQL Injection
by i0akiN SEC-LABORATORY
CVE-2016-5840 EXPLOITDB HIGH text
Trend Micro Deep Discovery Inspector <3.8 - RCE
hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header.
by korpritzombie
CVSS 7.2
CVE-2015-8257 EXPLOITDB HIGH text
AXIS network cameras - Command Injection
The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml.
by Orwelllabs
CVSS 8.8
EIP-2026-100075 EXPLOITDB text VERIFIED
Linux Kernel (ARM/ARM64) - 'perf_event_open()' Arbitrary Memory Read
by Google Security Research
EIP-2026-110699 EXPLOITDB text
PHP File Vault 0.9 - Directory Traversal
by N_A
EIP-2026-103149 EXPLOITDB text
Iris ID IrisAccess iCAM4000/iCAM7000 - Hard-Coded Credentials Remote Shell Access
by LiquidWorm
EIP-2026-100833 EXPLOITDB text
Iris ID IrisAccess ICU 7000-2 - Remote Command Execution
by LiquidWorm
EIP-2026-100832 EXPLOITDB text
Iris ID IrisAccess ICU 7000-2 - Multiple Vulnerabilities
by LiquidWorm
CVE-2016-1611 EXPLOITDB HIGH text VERIFIED
Novell Filr <1.2-2.0 - Privilege Escalation
Novell Filr 1.2 before Hot Patch 6 and 2.0 before Hot Patch 2 uses world-writable permissions for /etc/profile.d/vainit.sh, which allows local users to gain privileges by replacing this file's content with arbitrary shell commands.
by SEC Consult
CVSS 7.8
CVE-2016-1609 EXPLOITDB MEDIUM text VERIFIED
Novell Filr <1.2 SU3 & <2.0 SU2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input, as demonstrated by a crafted attribute of an IMG element in the phone field of a user profile.
by SEC Consult
CVSS 5.4
CVE-2016-1608 EXPLOITDB HIGH text VERIFIED
Novell Filr <2.0 - Authenticated RCE
vaconfig/time in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ntpServer parameter.
by SEC Consult
CVSS 8.8
CVE-2016-1607 EXPLOITDB HIGH text VERIFIED
Novell Filr < 2.0 - Cross-Site Request Forgery via Administrative Interface
Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of administrators, as demonstrated by reconfiguring time settings via a vaconfig/time request.
by SEC Consult
CVSS 7.2
EIP-2026-117830 EXPLOITDB text VERIFIED
Rapid7 AppSpider 6.12 - Local Privilege Escalation
by LiquidWorm
CVE-2016-6175 EXPLOITDB CRITICAL text VERIFIED
php-gettext <1.0.12 - Code Injection
Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header.
by kmkz
CVSS 9.8
EIP-2026-107512 EXPLOITDB text
GRR Système de Gestion et de Réservations de Ressources 3.0.0-RC1 - Arbitrary File Upload
by kmkz
EIP-2026-106049 EXPLOITDB text
CodoForum 3.2.1 - SQL Injection
by Yakir Wizman
CVE-2016-1610 EXPLOITDB HIGH text VERIFIED
Novell Filr <1.2 SU3, 2.0 SU2 - Path Traversal
Directory traversal vulnerability in the email-template feature in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote attackers to bypass intended access restrictions and write to arbitrary files via a .. (dot dot) in a blob name.
by SEC Consult
CVSS 7.5
EIP-2026-101774 EXPLOITDB text
Hitron CGNV4 Modem/Router 4.3.9.9-SIP-UPC - Multiple Vulnerabilities
by Gergely Eberhardt
EIP-2026-101603 EXPLOITDB text
Compal CH7465LG-LC Modem/Router CH7465LG-NCIP-4.50.18.13-NOSH - Multiple Vulnerabilities
by Gergely Eberhardt
EIP-2026-112581 EXPLOITDB text
TeamPass Passwords Management System 2.1.26 - Arbitrary File Download
by Hasan Emre Ozer
CVE-2016-20036 EXPLOITDB MEDIUM text
Wowza Streaming Engine 4.5.0 Multiple Cross-Site Scripting Vulnerabilities
Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where input passed through various parameters is not properly sanitized before being returned to users. Attackers can inject malicious script code through parameters like appName, vhost, uiAppType, and wowzaCloudDestinationType in multiple endpoints to execute arbitrary HTML and JavaScript in a user's browser session.
by LiquidWorm
CVSS 6.1
CVE-2016-20033 EXPLOITDB HIGH text
Wowza Streaming Engine 4.5.0 Local Privilege Escalation via nssm_x64.exe
Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability that allows authenticated users to escalate privileges by replacing executable files due to improper file permissions granting full access to the Everyone group. Attackers can replace the nssm_x64.exe binary in the manager and engine service directories with malicious executables to execute code with LocalSystem privileges when services restart.
by LiquidWorm
CVSS 7.8
CVE-2016-6186 EXPLOITDB MEDIUM text VERIFIED
Django <1.8.14, <1.9.x, <1.10rc1 - XSS
Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.
by Vulnerability-Lab
CVSS 6.1