Exploitdb Exploits

31,337 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-114164 EXPLOITDB text
WordPress Plugin Users Ultra 1.5.50 - Persistent Cross-Site Scripting
by Panagiotis Vagenas
EIP-2026-114163 EXPLOITDB text
WordPress Plugin Users Ultra 1.5.50 - Blind SQL Injection
by Panagiotis Vagenas
CVE-2015-8351 EXPLOITDB CRITICAL text
Gwolle Guestbook <1.5.4 - RCE
PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences regardless of whether allow_url_include is enabled.
by High-Tech Bridge SA
CVSS 9.0
EIP-2026-114609 EXPLOITDB text
ZenPhoto 1.4.10 - Local File Inclusion
by hyp3rlinx
EIP-2026-107919 EXPLOITDB text
Invision Power Board (IP.Board) 4.1.4.x - Persistent Cross-Site Scripting
by Mehdi Alouache
CVE-2015-8368 EXPLOITDB text
ntopng <2.2 - Privilege Escalation
ntopng (aka ntop) before 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua.
by Dolev Farhi
EIP-2026-103290 EXPLOITDB text VERIFIED
Kodi 15 - Web Interface Arbitrary File Access
by Machiel Pronk
EIP-2026-101557 EXPLOITDB text
Belkin N150 Wireless Router F9K1009 v1 - Multiple Vulnerabilities
by Rahul Pratap Singh
EIP-2026-109760 EXPLOITDB text VERIFIED
MyCustomers CMS 1.3.873 - SQL Injection
by Persian Hack Team
EIP-2026-107681 EXPLOITDB text
HumHub 0.11.2/0.20.0-beta.2 - SQL Injection
by LSE Leading Security Experts GmbH
CVE-2013-6025 EXPLOITDB text VERIFIED
Sybase Adaptive Server Enterprise - Code Injection
The XMLParse procedure in SAP Sybase Adaptive Server Enterprise (ASE) 15.7 ESD 2 allows remote authenticated users to read arbitrary files via a SQL statement containing an XML document with an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
by Igor Bulatenko
EIP-2026-114250 EXPLOITDB text
WordPress Plugin WP-Client 3.8.7 - Persistent Cross-Site Scripting
by Pier-Luc Maltais
CVE-2015-7865 EXPLOITDB text VERIFIED
NVIDIA GPU <341.92, <354.35, <358.87 - Privilege Escalation
nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows does not properly restrict access to the stereosvrpipe named pipe, which allows local users to gain privileges via a commandline in a number 2 command, which is stored in the HKEY_LOCAL_MACHINE explorer Run registry key, a different vulnerability than CVE-2011-4784.
by Google Security Research
CVE-2015-4878 EXPLOITDB text
Oracle Outside In Technology - DoS
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4877.
by Francis Provencher
CVE-2015-4877 EXPLOITDB text
Oracle Outside In Technology - DoS
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4878.
by Francis Provencher
CVE-2015-6100 EXPLOITDB text VERIFIED
Microsoft Windows 10 - Access Control
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-6101.
by Nils Sommer
CVE-2015-6101 EXPLOITDB text VERIFIED
Microsoft Windows 10 - Access Control
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-6100.
by Nils Sommer
CVE-2015-6102 EXPLOITDB text VERIFIED
Microsoft Windows 10 - Information Disclosure
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to bypass the KASLR protection mechanism, and consequently discover a driver base address, via a crafted application, aka "Windows Kernel Memory Information Disclosure Vulnerability."
by Nils Sommer
CVE-2015-6098 EXPLOITDB text VERIFIED
Microsoft Windows 7 - Memory Corruption
Buffer overflow in the Network Driver Interface Standard (NDIS) implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows NDIS Elevation of Privilege Vulnerability."
by Nils Sommer
CVE-2015-7622 EXPLOITDB text
Adobe Reader/Acrobat <10.1.16/<11.0.13 - Memory Corruption
Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-6685, CVE-2015-6686, CVE-2015-6693, CVE-2015-6694, and CVE-2015-6695.
by Francis Provencher
CVE-2015-7258 EXPLOITDB HIGH text
ZTE Zxv10 W300 Firmware - Credentials Management
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection.
by Karn Ganeshen
CVSS 8.8
CVE-2015-7257 EXPLOITDB HIGH text
ZTE Zxv10 W300 Firmware - Password Reset Weakness
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin".
by Karn Ganeshen
CVSS 7.5
CVE-2015-7252 EXPLOITDB MEDIUM text
ZTE Zxhn H108n R1a Firmware - XSS
Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to inject arbitrary web script or HTML via the errorpage parameter.
by Karn Ganeshen
CVSS 6.1
CVE-2015-7251 EXPLOITDB CRITICAL text
ZTE Zxhn H108n R1a Firmware - Credentials Management
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session.
by Karn Ganeshen
CVSS 9.8
CVE-2015-7250 EXPLOITDB HIGH text
ZTE Zxhn H108n R1a Firmware - Path Traversal
Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.
by Karn Ganeshen
CVSS 7.5
By Source
All 31,337 Writeup 59,961 Exploitdb 49,996 Nomisec 21,582 Metasploit 3,218 Github 2,553 Vulncheck_xdb 904 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,337 python 5,933 ruby 5,907 c 3,565 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 90 go 53 postscript 25 xml 24