Exploitdb Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-111540 EXPLOITDB text
ProjectSend r582 - Multiple Cross-Site Scripting Vulnerabilities
by Michael Helwig
EIP-2026-108022 EXPLOITDB text VERIFIED
iTop 2.2.1 - Cross-Site Request Forgery
by High-Tech Bridge SA
EIP-2026-106464 EXPLOITDB text
Disc ORGanizer (DORG) - Multiple Vulnerabilities
by SECUPENT
EIP-2026-106366 EXPLOITDB text
Dating Pro Genie 2015.7 - Cross-Site Request Forgery
by High-Tech Bridge SA
EIP-2026-101652 EXPLOITDB text
D-Link DWR-932 Firmware 4.00 - Authentication Bypass
by Saeed reza Zamanian
CVE-2016-0793 EXPLOITDB HIGH text VERIFIED
WildFly <10.0.0.Final - Info Disclosure
Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the (1) WEB-INF or (2) META-INF directory via a request that contains (a) lowercase or (b) "meaningless" characters.
by Tal Solomon of Palantir Security
CVSS 7.5
EIP-2026-114610 EXPLOITDB text VERIFIED
ZenPhoto 1.4.11 - Remote File Inclusion
by Curesec Research Team
EIP-2026-111288 EXPLOITDB text
PivotX 2.3.11 - Directory Traversal
by Curesec Research Team
CVE-2016-11017 EXPLOITDB CRITICAL text
AKIPS Network Monitor 15.37-16.5 - Unauthenticated OS Command Injection via Username Parameter
The application login page in AKIPS Network Monitor 15.37 through 16.5 allows a remote unauthenticated attacker to execute arbitrary OS commands via shell metacharacters in the username parameter (a failed login attempt returns the command-injection output to a limited login failure field). This is fixed in 16.6.
by BrianWGray
CVSS 9.8
EIP-2026-115936 EXPLOITDB text
Netwrix Auditor 7.1.322.0 - ActiveX 'sourceFile' Stack Buffer Overflow
by LiquidWorm
EIP-2026-109568 EXPLOITDB text
Monstra CMS 3.0.3 - Multiple Vulnerabilities
by Sarim Kiani
CVE-2016-15044 EXPLOITDB CRITICAL text
Kaltura Video Platform < 11.1.0-2 - Unauthenticated Remote Code Execution via Unsafe Deserialization in keditorservices
A remote code execution vulnerability exists in Kaltura versions prior to 11.1.0-2 due to unsafe deserialization of user-controlled data within the keditorservices module. An unauthenticated remote attacker can exploit this issue by sending a specially crafted serialized PHP object in the kdata GET parameter to the redirectWidgetCmd endpoint. Successful exploitation leads to execution of arbitrary PHP code in the context of the web server process.
by Security-Assessment.com
CVE-2015-7563 EXPLOITDB HIGH text VERIFIED
TeamPass < 2.1.24.0 - Cross-Site Request Forgery
Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user.
by Vincent Malguy
CVSS 8.8
CVE-2015-7562 EXPLOITDB MEDIUM text VERIFIED
TeamPass < 2.1.24 - Cross-Site Scripting via Item Label or Role Name
Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role.
by Vincent Malguy
CVSS 6.1
CVE-2016-0120 EXPLOITDB MEDIUM text VERIFIED
Microsoft Windows - Denial of Service via Crafted OpenType Font
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to cause a denial of service (system hang) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."
by Google Security Research
CVSS 6.5
CVE-2016-0121 EXPLOITDB HIGH text VERIFIED
Microsoft Windows - Remote Code Execution via Crafted OpenType Font
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."
by Google Security Research
CVSS 8.8
EIP-2026-114062 EXPLOITDB text VERIFIED
WordPress Plugin Site Import 1.0.1 - Local/Remote File Inclusion
by Wadeek
CVE-2015-7564 EXPLOITDB CRITICAL text VERIFIED
TeamPass < 2.1.24 - SQL Injection via Item Query or View Log Parameters
Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php.
by Vincent Malguy
CVSS 9.8
CVE-2016-2184 EXPLOITDB MEDIUM text
Linux Kernel < 4.5.1 - Denial of Service via Crafted USB Device Descriptor
The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.
by OpenSource Security
CVSS 4.6
CVE-2016-2188 EXPLOITDB MEDIUM text
SUSE Linux Enterprise - Denial of Service via USB Device Descriptor
The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
by OpenSource Security
CVSS 4.6
CVE-2016-10997 EXPLOITDB MEDIUM text
beauty-premium 1.0.8 - Cross-Site Request Forgery with Arbitrary File Upload in sendmail.php
The beauty-premium theme 1.0.8 for WordPress has CSRF with resultant arbitrary file upload in includes/sendmail.php.
by Colette Chamberland
CVSS 6.5
EIP-2026-113700 EXPLOITDB text
WordPress Plugin DZS Videogallery < 8.60 - Multiple Vulnerabilities
by Colette Chamberland
EIP-2026-115941 EXPLOITDB text VERIFIED
Nitro Pro 10.5.7.32 / Nitro Reader 5.5.3.1 - Heap Memory Corruption
by Francis Provencher
EIP-2026-114204 EXPLOITDB text
WordPress Plugin WP Advanced Comment 0.10 - Persistent Cross-Site Scripting
by Mohammad Khaleghi
EIP-2026-113593 EXPLOITDB text
WordPress Plugin Best Web Soft Captcha 4.1.5 - Multiple Vulnerabilities
by Colette Chamberland