Exploitdb Exploits

31,337 exploits tracked across all sources.

Sort: Activity Stars
CVE-2015-7808 EXPLOITDB text VERIFIED
vBulletin 5 Connect <5.1.9 - Code Injection
The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments.
by hhjj
EIP-2026-102595 EXPLOITDB text VERIFIED
FreeType 2.6.1 - TrueType tt_cmap14_validate Parsing Heap Out-of-Bounds Reads
by Google Security Research
EIP-2026-116112 EXPLOITDB text
Python 3.3 < 3.5 - 'product_setstate()' Out-of-Bounds Read
by John Leitch
EIP-2026-116111 EXPLOITDB text
Python 2.7 hotshot Module - 'pack_string' Heap Buffer Overflow (PoC)
by John Leitch
EIP-2026-116110 EXPLOITDB text
Python 2.7 - 'strop.replace()' Method Integer Overflow
by John Leitch
EIP-2026-103642 EXPLOITDB text
Python 2.7 - 'array.fromstring' Method Use-After-Free
by John Leitch
CVE-2015-7898 EXPLOITDB MEDIUM text VERIFIED
Samsung Galaxy S6 - DoS
Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).
by Google Security Research
CVSS 5.5
CVE-2015-7895 EXPLOITDB MEDIUM text VERIFIED
Samsung Gallery <Galaxy S6 - DoS
Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).
by Google Security Research
CVSS 5.5
CVE-2015-7896 EXPLOITDB MEDIUM text VERIFIED
Samsung Galaxy S6 <Oct 2015 - Memory Corruption
LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file.
by Google Security Research
CVSS 6.5
CVE-2015-7897 EXPLOITDB text VERIFIED
Samsung Galaxy S6 Edge - Memory Corruption
The media scanning functionality in the face recognition library in android.media.process in Samsung Galaxy S6 Edge before G925VVRU4B0G9 allows remote attackers to gain privileges or cause a denial of service (memory corruption) via a crafted BMP image file.
by Google Security Research
CVE-2015-7894 EXPLOITDB HIGH text VERIFIED
Samsung LibQjpeg - RCE
The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V device running build number LRX22G.G925VVRU1AOE2 allows remote attackers to cause a denial of service (segmentation fault and process crash) and execute arbitrary code via a crafted JPG.
by Google Security Research
CVSS 8.8
EIP-2026-119345 EXPLOITDB text
actiTIME 2015.2 - Multiple Vulnerabilities
by LiquidWorm
CVE-2015-2554 EXPLOITDB text VERIFIED
Microsoft Windows 10 - Access Control
The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Windows Object Reference Elevation of Privilege Vulnerability."
by Google Security Research
EIP-2026-111342 EXPLOITDB text
Pligg CMS 2.0.2 - Multiple SQL Injections
by Curesec Research Team
EIP-2026-111341 EXPLOITDB text
Pligg CMS 2.0.2 - Directory Traversal
by Curesec Research Team
EIP-2026-111340 EXPLOITDB text
Pligg CMS 2.0.2 - Cross-Site Request Forgery / Code Execution
by Curesec Research Team
EIP-2026-110760 EXPLOITDB text
PHP Server Monitor 3.1.1 - Multiple Cross-Site Request Forgery Vulnerabilities
by hyp3rlinx
CVE-2015-5534 EXPLOITDB text
Oxwall <1.8 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall before 1.8 allow remote attackers to hijack the authentication of administrators for requests that (1) put the website under maintenance via the maintenance_enable parameter or (2) conduct cross-site scripting (XSS) attacks via the maintenance_text parameter to admin/pages/maintenance.
by High-Tech Bridge SA
CVE-2015-5161 EXPLOITDB text
Zend Framework < 2.4.6 - XXE
The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters.
by Dawid Golunski
EIP-2026-101775 EXPLOITDB text
Hitron Router CGN3ACSMR 4.5.8.16 - Arbitrary Code Execution
by Dolev Farhi
EIP-2026-108402 EXPLOITDB text
Joomla! Component com_jnews 8.5.1 - SQL Injection
by Omer Ramić
EIP-2026-101967 EXPLOITDB text
Sagem FAST3304-V2 - Authentication Bypass (2)
by Soufiane Alami Hassani
CVE-2015-7891 EXPLOITDB HIGH text VERIFIED
Samsung Graphics 2D driver - Memory Corruption
Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging definition of g2d_lock and g2d_unlock lock macros as no-ops, aka SVE-2015-4598.
by Google Security Research
CVSS 7.0
CVE-2015-7889 EXPLOITDB MEDIUM text VERIFIED
Samsung S6 Edge - Info Disclosure
The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent.
by Google Security Research
CVSS 5.5
CVE-2015-7890 EXPLOITDB MEDIUM text VERIFIED
Exynos Seiren Audio < - Buffer Overflow
Multiple buffer overflows in the esa_write function in /dev/seirenin the Exynos Seiren Audio driver, as used in Samsung S6 Edge, allow local users to cause a denial of service (memory corruption) via a large (1) buffer or (2) size parameter.
by Google Security Research
CVSS 5.5
By Source
All 31,337 Writeup 59,964 Exploitdb 49,996 Nomisec 21,591 Metasploit 3,218 Github 2,553 Vulncheck_xdb 904 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,337 python 5,933 ruby 5,907 c 3,565 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 90 go 53 postscript 25 xml 24