Exploitdb Exploits

31,330 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-117725 EXPLOITDB text
Operation Technology ETAP 14.1.0 - Local Privilege Escalation
by LiquidWorm
EIP-2026-116011 EXPLOITDB text
Operation Technology ETAP 14.1.0 - Multiple Stack Buffer Overrun Vulnerabilities
by LiquidWorm
EIP-2026-114419 EXPLOITDB text VERIFIED
XenAPI 1.4.1 for XenForo - Multiple SQL Injections
by Julien Ahrens
CVE-2016-2386 EXPLOITDB CRITICAL text
SAP Netweaver Application Server Java - SQL Injection
SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079.
by ERPScan
CVSS 9.8
CVE-2016-2388 EXPLOITDB MEDIUM text
SAP Netweaver Application Server Java < 7.50 - Information Disclosure
The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846.
by ERPScan
CVSS 5.3
CVE-2016-1848 EXPLOITDB HIGH text VERIFIED
Apple OS X <10.11.5 - Memory Corruption
QuickTime in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file.
by Francis Provencher
CVSS 7.8
EIP-2026-102549 EXPLOITDB text
4digits 1.1.4 - Local Buffer Overflow (PoC)
by N_A
CVE-2016-0168 EXPLOITDB MEDIUM text VERIFIED
Microsoft Windows 10 - Information Disclosure
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics Component Information Disclosure Vulnerability," a different vulnerability than CVE-2016-0169.
by Google Security Research
CVSS 6.5
CVE-2016-0169 EXPLOITDB MEDIUM text VERIFIED
Microsoft Windows 10 - Information Disclosure
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics Component Information Disclosure Vulnerability," a different vulnerability than CVE-2016-0168.
by Google Security Research
CVSS 6.5
CVE-2016-2208 EXPLOITDB CRITICAL text VERIFIED
Symantec Anti-virus Engine < 20151.1.0.32 - Resource Management Error
The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system crash) via a malformed PE header file.
by Google Security Research
CVSS 9.1
CVE-2016-0170 EXPLOITDB HIGH text VERIFIED
Microsoft Windows 10 - Improper Access Control
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted document, aka "Windows Graphics Component RCE Vulnerability."
by Google Security Research
CVSS 8.8
CVE-2016-1105 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player <21.0.0.213 - Unknown Vuln
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
by Google Security Research
CVSS 7.5
CVE-2016-1106 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player <21.0.0.213 - Unknown Vuln
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
by Google Security Research
CVSS 7.5
CVE-2016-1103 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player <21.0.0.213 - Unknown Vuln
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
by Google Security Research
CVSS 7.5
CVE-2016-1104 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player <21.0.0.213 - Unknown Vuln
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
by Google Security Research
CVSS 7.5
CVE-2016-1102 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player <21.0.0.213 - Unknown Vuln
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
by Google Security Research
CVSS 7.5
CVE-2016-1101 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player <21.0.0.213 - Unspecified Vuln
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
by Google Security Research
CVSS 7.5
CVE-2016-4108 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player <21.0.0.213 - Unknown Vuln
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
by Google Security Research
CVSS 7.5
CVE-2016-1096 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player <21.0.0.213 - Unknown Vuln
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
by Google Security Research
CVSS 7.5
CVE-2016-2389 EXPLOITDB HIGH text
SAP Netweaver - Path Traversal
Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978.
by ERPScan
CVSS 7.5
CVE-2016-4807 EXPLOITDB MEDIUM text VERIFIED
Web2py < 2.14.5 - XSS
Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin).
by Narendra Bhati
CVSS 4.8
CVE-2016-4806 EXPLOITDB HIGH text VERIFIED
Web2py < 2.14.5 - Information Disclosure
Web2py versions 2.14.5 and below was affected by Local File Inclusion vulnerability, which allows a malicious intended user to read/access web server sensitive files.
by Narendra Bhati
CVSS 7.5
EIP-2026-117653 EXPLOITDB text
Multiples Nexon Games - Unquoted Path Privilege Escalation
by Cyril Vallicari
EIP-2026-117269 EXPLOITDB text
Hex : Shard of Fate 1.0.1.026 - Unquoted Path Privilege Escalation
by Cyril Vallicari
EIP-2026-115656 EXPLOITDB text
Microsoft Excel 2010 - Crash (PoC) (2)
by HauntIT
By Source
All 31,330 Writeup 59,922 Exploitdb 49,989 Nomisec 21,551 Metasploit 3,218 Github 2,550 Vulncheck_xdb 904 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,330 python 5,932 ruby 5,907 c 3,565 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 90 go 53 postscript 25 xml 24