Exploitdb Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-115069 EXPLOITDB text VERIFIED
Comodo - PackMan Unpacker Insufficient Parameter Validation
by Google Security Research
EIP-2026-115068 EXPLOITDB text VERIFIED
Comodo - LZMA Decoder Heap Overflow via Insufficient Parameter Checks
by Google Security Research
EIP-2026-115067 EXPLOITDB text VERIFIED
Comodo - Integer Overlow Leading to Heap Overflow Parsing Composite Documents
by Google Security Research
EIP-2026-115066 EXPLOITDB text VERIFIED
Comodo - Integer Overflow Leading to Heap Overflow in Win32 Emulation
by Google Security Research
EIP-2026-114962 EXPLOITDB text VERIFIED
Avira - Heap Underflow Parsing PE Section Headers
by Google Security Research
CVE-2016-1001 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player < 18.0.0.333, 19.x-21.x < 21.0.0.182 - Remote Code Execution
Heap-based buffer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors.
by Google Security Research
CVSS 8.8
CVE-2016-0998 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player <18.0.0.333 & 19.x-21.x - Use After Free
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0999, and CVE-2016-1000.
by Google Security Research
CVSS 8.8
CVE-2016-0997 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player <18.0.0.333,19.x-21.x - RCE
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000.
by Google Security Research
CVSS 8.8
CVE-2016-0999 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player <18.0.0.333,19.x-21.x - RCE
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, and CVE-2016-1000.
by Google Security Research
CVSS 8.8
CVE-2016-1000 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player < 18.0.0.333, 19.x-21.x < 21.0.0.182, < 11.2.202.577 - Use-After-Free
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, and CVE-2016-0999.
by Google Security Research
CVSS 8.8
CVE-2016-1002 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player Remote Code Execution or DoS via Memory Corruption
Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, and CVE-2016-1005.
by Google Security Research
CVSS 8.8
EIP-2026-104339 EXPLOITDB text
MiCollab 7.0 - SQL Injection
by Goran Tuzovic
CVE-2016-1757 EXPLOITDB HIGH text VERIFIED
Apple iOS <9.3 & OS X <10.11.4 - RCE
Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app.
by Google Security Research
CVSS 7.0
EIP-2026-103735 EXPLOITDB text VERIFIED
Wireshark - dissect_ber_integer Static Out-of-Bounds Write
by Google Security Research
CVE-2016-20081 EXPLOITDB HIGH text VERIFIED
WordPress Plugin HB Audio Gallery Lite 1.0.0 Path Traversal File Download
WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the file_path parameter. Attackers can send requests to the audio-download.php endpoint with directory traversal sequences to access sensitive files like wp-config.php outside the intended gallery directory.
by CrashBandicot
CVSS 7.5
CVE-2016-20080 EXPLOITDB MEDIUM text
WordPress Brandfolder Plugin 3.0 Local File Inclusion via callback.php
WordPress Brandfolder plugin version 3.0 and earlier contains a local file inclusion vulnerability in callback.php that allows unauthenticated attackers to include arbitrary files by manipulating the wp_abspath parameter. Attackers can supply path traversal sequences or remote URLs through the wp_abspath parameter to read sensitive files like wp-config.php or execute remote code.
by AMAR^SHG
CVSS 6.2
CVE-2016-20079 EXPLOITDB MEDIUM text
WordPress Dharma Booking 2.28.3 Local File Inclusion via proccess.php
WordPress Dharma Booking 2.28.3 and earlier contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the gateway parameter. Attackers can supply file paths with directory traversal sequences or null byte injection to the gateway parameter in proccess.php to read sensitive files like configuration and system files.
by AMAR^SHG
CVSS 6.2
EIP-2026-113889 EXPLOITDB text VERIFIED
WordPress Plugin Memphis Document Library 3.1.5 - Arbitrary File Download
by Felipe Molina
EIP-2026-108631 EXPLOITDB text VERIFIED
Joomla! Component Easy Youtube Gallery 1.0.2 - SQL Injection
by Persian Hack Team
CVE-2016-20082 EXPLOITDB MEDIUM text
WordPress Plugin Abtest Local File Inclusion via abtest_admin.php
WordPress Plugin Abtest contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the action parameter. Attackers can send GET requests to abtest_admin.php with malicious action values to include files from the admin directory and execute arbitrary code.
by CrashBandicot
CVSS 6.2
EIP-2026-114466 EXPLOITDB text
XOOPS 2.5.7.2 - Directory Traversal Bypass
by hyp3rlinx
EIP-2026-114465 EXPLOITDB text
Xoops 2.5.7.2 - Cross-Site Request Forgery (Arbitrary User Deletions)
by hyp3rlinx
EIP-2026-113827 EXPLOITDB text
WordPress Plugin Import CSV 1.0 - Directory Traversal
by Wadeek
EIP-2026-113822 EXPLOITDB text
WordPress Plugin Image Export 1.1.0 - Arbitrary File Disclosure
by AMAR^SHG
EIP-2026-113713 EXPLOITDB text VERIFIED
WordPress Plugin eBook Download 1.1 - Directory Traversal
by Wadeek