Exploitdb Exploits

31,392 exploits tracked across all sources.

Sort: Activity Stars
CVE-2016-4136 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player <=21.0.0.242 - Second Exploit-Referenced Impact Unknown
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
by Google Security Research
CVSS 8.8
CVE-2016-4135 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player <=21.0.0.242 - Exploit-Referenced Impact Unknown
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
by Google Security Research
CVSS 8.8
CVE-2016-4138 EXPLOITDB CRITICAL text VERIFIED
Adobe Flash Player <=21.0.0.242 - Fourth Exploit-Referenced Impact Unknown
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
by Google Security Research
CVSS 9.8
CVE-2016-20074 EXPLOITDB MEDIUM text
WordPress Lazy Content Slider Plugin 3.4 CSRF
WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via lzcs_admin.php to modify plugin configuration parameters like lzcs_color and lzcs_count.
by Persian Hack Team
CVSS 4.3
EIP-2026-119672 EXPLOITDB text
CyberPower Systems PowerPanel 3.1.2 - XML External Entity Out-Of-Band Data Retrieval
by LiquidWorm
EIP-2026-117323 EXPLOITDB text
InstantHMI 6.1 - Local Privilege Escalation
by sh4d0wman
EIP-2026-117272 EXPLOITDB text
Hide.Me VPN Client 1.2.4 - Local Privilege Escalation
by sh4d0wman
EIP-2026-115775 EXPLOITDB text
Microsoft WinDbg - 'logviewer.exe' Crash (PoC)
by hyp3rlinx
EIP-2026-112447 EXPLOITDB text VERIFIED
Streamo Online Radio And TV Streaming CMS - SQL Injection
by N4TuraL
EIP-2026-110218 EXPLOITDB text
OPAC KpwinSQL - Multiple Vulnerabilities
by Yakir Wizman
EIP-2026-105853 EXPLOITDB text
CIMA DocuClass ECM - Multiple Vulnerabilities
by Karn Ganeshen
EIP-2026-104995 EXPLOITDB text
Advanced Webhost Billing System (AWBS) 2.9.6 - Multiple Vulnerabilities
by Bikramaditya Guha
CVE-2016-4971 EXPLOITDB HIGH text VERIFIED
GNU wget < 1.18 - Arbitrary File Write via HTTP-to-FTP Redirect
GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.
by Dawid Golunski
CVSS 8.8
EIP-2026-102452 EXPLOITDB text
24online SMS_2500i 8.3.6 build 9.0 - SQL Injection
by Rahul Raz
EIP-2026-100872 EXPLOITDB text
PaKnPost Pro 1.14 - Multiple Vulnerabilities
by Edvin Rustemagic_ Grega Preseren
EIP-2026-100059 EXPLOITDB text VERIFIED
Samsung Android JACK - Local Privilege Escalation
by Google Security Research
EIP-2026-113255 EXPLOITDB text
WebCalendar 1.2.7 - Multiple Vulnerabilities
by hyp3rlinx
EIP-2026-109045 EXPLOITDB text
Ktools Photostore 4.7.5 - Multiple Vulnerabilities
by Yakir Wizman
EIP-2026-106750 EXPLOITDB text
eCardMAX 10.5 - Multiple Vulnerabilities
by Bikramaditya Guha
EIP-2026-102543 EXPLOITDB text
XpoLog Center 6 - Remote Command Execution / Cross-Site Request Forgery
by LiquidWorm
CVE-2016-0772 EXPLOITDB MEDIUM text
CPython <3.4.5-2.7.12 - Info Disclosure
The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
by tintinweb
CVSS 6.5
EIP-2026-110592 EXPLOITDB text VERIFIED
Phoenix Exploit Kit - Remote Code Execution
by CrashBandicot
CVE-2016-4337 EXPLOITDB CRITICAL text VERIFIED
Ktools.net Photostore <4.7.5 - SQL Injection
SQL injection vulnerability in the mgr.login.php file in Ktools.net Photostore before 4.7.5 allows remote attackers to execute arbitrary SQL commands via the email parameter in a recover_login action.
by Gal Goldshtein & Viktor Minin
CVSS 9.8
CVE-2016-3653 EXPLOITDB HIGH text VERIFIED
Symantec Endpoint Protection Manager < 12.1.6 - Authenticated Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to hijack the authentication of arbitrary users.
by hyp3rlinx
CVSS 8.0
CVE-2016-3652 EXPLOITDB MEDIUM text VERIFIED
Symantec Endpoint Protection Manager <12.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
by hyp3rlinx
CVSS 5.4