Exploitdb Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2016-1104 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player <=21.0.0.213 Object Placing - Out-of-Bounds Read
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
by Google Security Research
CVSS 7.5
CVE-2016-1102 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player <=21.0.0.213 JXR Processing - Out-of-Bounds Read
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
by Google Security Research
CVSS 7.5
CVE-2016-1101 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player <21.0.0.213 - Unspecified Vuln
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
by Google Security Research
CVSS 7.5
CVE-2016-4108 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player <=21.0.0.213 addProperty - Use-After-Free
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
by Google Security Research
CVSS 7.5
CVE-2016-1096 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player <=21.0.0.213 in IE/Edge - Impact Unknown
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
by Google Security Research
CVSS 7.5
CVE-2016-2389 EXPLOITDB HIGH text
SAP NetWeaver xMII 15.0 - Directory Traversal via GetFileList Path Parameter
Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978.
by ERPScan
CVSS 7.5
CVE-2016-4807 EXPLOITDB MEDIUM text VERIFIED
web2py < 2.14.5 - Reflected Cross-Site Scripting
Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin).
by Narendra Bhati
CVSS 4.8
CVE-2016-4806 EXPLOITDB HIGH text VERIFIED
web2py < 2.14.5 - Local File Inclusion
Web2py versions 2.14.5 and below was affected by Local File Inclusion vulnerability, which allows a malicious intended user to read/access web server sensitive files.
by Narendra Bhati
CVSS 7.5
EIP-2026-117653 EXPLOITDB text
Multiples Nexon Games - Unquoted Path Privilege Escalation
by Cyril Vallicari
EIP-2026-117269 EXPLOITDB text
Hex : Shard of Fate 1.0.1.026 - Unquoted Path Privilege Escalation
by Cyril Vallicari
EIP-2026-115656 EXPLOITDB text
Microsoft Excel 2010 - Crash (PoC) (2)
by HauntIT
CVE-2016-4808 EXPLOITDB HIGH text VERIFIED
web2py < 2.14.5 - Cross-Site Request Forgery
Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the installed application just by sending a URL to victim.
by Narendra Bhati
CVSS 8.8
CVE-2016-4793 EXPLOITDB HIGH text
CakePHP < 3.2.4 - IP Spoofing via CLIENT-IP HTTP Header
The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.
by Dawid Golunski
CVSS 7.5
EIP-2026-103725 EXPLOITDB text VERIFIED
Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Out-of-Bounds Read (2)
by Google Security Research
EIP-2026-102984 EXPLOITDB text
runAV mod_security - Arbitrary Command Execution
by R-73eN
EIP-2026-119445 EXPLOITDB text VERIFIED
Trend Micro - 'CoreServiceShell.exe' Multiple HTTP s
by Google Security Research
CVE-2016-0185 EXPLOITDB HIGH text VERIFIED
Microsoft Windows Media Center - Remote Code Execution via Crafted MCL File
Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, and Windows 8.1 allows remote attackers to execute arbitrary code via a crafted Media Center link (aka .mcl) file, aka "Windows Media Center Remote Code Execution Vulnerability."
by Eduardo Braun Prado
CVSS 7.8
EIP-2026-113991 EXPLOITDB text VERIFIED
WordPress Plugin Q and A (Focus Plus) FAQ 1.3.9.7 - Multiple Vulnerabilities
by Gwendal Le Coguic
EIP-2026-113813 EXPLOITDB text VERIFIED
WordPress Plugin Huge-IT Image Gallery 1.8.9 - Multiple Vulnerabilities
by Gwendal Le Coguic
CVE-2016-15003 EXPLOITDB MEDIUM text
FileZilla Client 3.17.0.0 - Unquoted Search Path
A vulnerability has been found in FileZilla Client 3.17.0.0 and classified as problematic. This vulnerability affects unknown code of the file C:\Program Files\FileZilla FTP Client\uninstall.exe of the component Installer. The manipulation leads to unquoted search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
by Cyril Vallicari
CVSS 6.3
EIP-2026-117340 EXPLOITDB text
Intuit QuickBooks Desktop 2007 < 2016 - Arbitrary Code Execution
by Maxim Tomashevich
CVE-2016-1077 EXPLOITDB CRITICAL text VERIFIED
Adobe Acrobat and Reader < 11.0.16 - Remote Code Execution via Memory Corruption
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.
by Pier-Luc Maltais
CVSS 9.8
EIP-2026-102702 EXPLOITDB text
Nfdump Nfcapd 1.6.14 - Multiple Vulnerabilities
by Security-Assessment.com
EIP-2026-101816 EXPLOITDB text
JVC HDRs / Net (Multiple Cameras) - Multiple Vulnerabilities
by Orwelllabs
CVE-2016-0051 EXPLOITDB HIGH text VERIFIED
Microsoft Windows - Local Privilege Escalation via WebDAV Client
The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "WebDAV Elevation of Privilege Vulnerability."
by hex0r
CVSS 7.8