Exploitdb Exploits

31,337 exploits tracked across all sources.

Sort: Activity Stars
CVE-2015-7387 EXPLOITDB text VERIFIED
Zohocorp Manageengine Eventlog Analyzer < 10.6 - SQL Injection
ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrated by "SELECT 1;INSERT INTO." Fixed in Build 11200.
by xistence
EIP-2026-115428 EXPLOITDB text
IKEView.exe Fox Beta 1 - Stack Buffer Overflow (PoC)
by hyp3rlinx
EIP-2026-109564 EXPLOITDB text
Monsta FTP 1.6.2 - Multiple Vulnerabilities
by hyp3rlinx
CVE-2015-6908 EXPLOITDB text
Openldap < 2.4.42 - Improper Input Validation
The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.
by Denis Andzakovic
EIP-2026-110017 EXPLOITDB text
Octogate UTM 3.0.12 - Admin Interface Directory Traversal
by Oliver Karow
CVE-2015-5754 EXPLOITDB text VERIFIED
Apple OS X <10.10.5 - RCE
Race condition in runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages incorrect privilege dropping associated with a locking error.
by Google Security Research
CVE-2015-5784 EXPLOITDB text VERIFIED
Apple OS X <10.10.5 - Privilege Escalation
runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
by Google Security Research
CVE-2015-3704 EXPLOITDB text VERIFIED
Apple OS X <10.10.4 - Privilege Escalation
runner in Install.framework in the Install Framework Legacy subsystem in Apple OS X before 10.10.4 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
by Google Security Research
CVE-2015-6912 EXPLOITDB text
Synology Video Station < 1.5-0757 - Command Injection
Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary shell commands via shell metacharacters in the subtitle_codepage parameter to subtitle.cgi.
by Han Sahin
CVE-2015-3623 EXPLOITDB text
QlikTech Qlikview <11.20 SR12 - SSRF
XML external entity (XXE) vulnerability in QlikTech Qlikview before 11.20 SR12 allows remote attackers to conduct server-side request forgery (SSRF) attacks and read arbitrary files via crafted XML data in a request to AccessPoint.aspx.
by Alex Haynes
CVE-2015-6835 EXPLOITDB CRITICAL text VERIFIED
Joomla HTTP Header Unauthenticated Remote Code Execution
The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted session content.
by Taoguang Chen
CVSS 9.8
EIP-2026-104672 EXPLOITDB text
PHP GMP - 'unserialize()' Use-After-Free
by Taoguang Chen
CVE-2015-6834 EXPLOITDB CRITICAL text VERIFIED
Php < 5.4.44 - Use After Free
Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.
by Taoguang Chen
CVSS 9.8
CVE-2015-6834 EXPLOITDB CRITICAL text VERIFIED
Php < 5.4.44 - Use After Free
Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.
by Taoguang Chen
CVSS 9.8
EIP-2026-104664 EXPLOITDB text
PHP 5.4/5.5/5.6 - 'Unserialize()' Use-After-Free
by Taoguang Chen
CVE-2014-9208 EXPLOITDB text
Advantech WebAccess <8.0.1 - Buffer Overflow
Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execute arbitrary code via unknown vectors.
by Praveen Darshanam
EIP-2026-114360 EXPLOITDB text VERIFIED
WordPress Theme White-Label Framework 2.0.6 - Cross-Site Scripting
by Outlasted
EIP-2026-106459 EXPLOITDB text
DirectAdmin Web Control Panel 1.483 - Multiple Vulnerabilities
by Ashiyane Digital Security Team
EIP-2026-100010 EXPLOITDB text VERIFIED
IBM AIX High Availability Cluster Multiprocessing (HACMP) - Local Privilege Escalation
by Kristian Erik Hermansen
CVE-2015-6945 EXPLOITDB text
Jsp/mysql Administrador Web - XSS
Cross-site scripting (XSS) vulnerability in JSP/MySQL Administrador Web 1 allows remote attackers to inject arbitrary web script or HTML via the bd parameter to sys/sys/listaBD2.jsp.
by hyp3rlinx
EIP-2026-101876 EXPLOITDB text
Netgear Wireless Management System 2.1.4.15 (Build 1236) - Privilege Escalation
by Elliott Lewis
EIP-2026-107108 EXPLOITDB text VERIFIED
FireEye Appliance - Unauthorized File Disclosure
by Kristian Erik Hermansen
EIP-2026-104595 EXPLOITDB text VERIFIED
Disconnect.me Mac OSX Client 2.0 - Local Privilege Escalation
by Kristian Erik Hermansen
EIP-2026-102134 EXPLOITDB text
Zhone ADSL2+ 4P Bridge & Router (Broadcom) - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-101777 EXPLOITDB text
HooToo Tripmate HT-TM01 2.000.022 - Cross-Site Request Forgery
by Ken Smith
By Source
All 31,337 Writeup 59,977 Exploitdb 49,996 Nomisec 21,600 Metasploit 3,218 Github 2,556 Vulncheck_xdb 904 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,337 python 5,936 ruby 5,907 c 3,565 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 90 go 53 postscript 25 xml 24