Exploitdb Exploits

31,337 exploits tracked across all sources.

Sort: Activity Stars
CVE-2014-8147 EXPLOITDB text
Apple Mac OS X < 10.10.4 - Numeric Error
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text.
by Pedro Ribeiro
CVE-2015-3898 EXPLOITDB MEDIUM text VERIFIED
Bonita BPM Portal <6.5.3 - Open Redirect
Multiple open redirect vulnerabilities in Bonita BPM Portal before 6.5.3 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirectUrl parameter to (1) bonita/login.jsp or (2) bonita/loginservice.
by High-Tech Bridge SA
CVSS 6.1
CVE-2015-3001 EXPLOITDB text
SysAid Help Desk <15.2 - Auth Bypass
SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.
by Pedro Ribeiro
CVE-2015-2805 EXPLOITDB text
Alcatel-lucent Omniswitch Firmware < 6.4.5.r02 - CSRF
Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request.
by RedTeam Pentesting
CVE-2015-4137 EXPLOITDB text VERIFIED
Milw0rm Clone Script - SQL Injection
SQL injection vulnerability in related.php in Milw0rm Clone Script 1.0 allows remote attackers to execute arbitrary SQL commands via the program parameter.
by Pancaker
EIP-2026-114256 EXPLOITDB text
WordPress Plugin Wp-ImageZoom 1.1.0 - Multiple Vulnerabilities
by T3N38R15
EIP-2026-114222 EXPLOITDB text VERIFIED
WordPress Plugin WP Mobile Edition - Local File Inclusion
by Ali Khalil
EIP-2026-110490 EXPLOITDB text VERIFIED
Pasworld - 'detail.php' Blind SQL Injection
by Sebastian khan
EIP-2026-102062 EXPLOITDB text
TP-Link TD-W8950ND ADSL2+ - Remote DNS Change
by Todor Donev
EIP-2026-101650 EXPLOITDB text
D-Link DSL-526B ADSL2+ AU_2.01 - Remote DNS Change
by Todor Donev
EIP-2026-101648 EXPLOITDB text
D-Link DSL-2780B DLink_1.01.14 - Remote DNS Change
by Todor Donev
EIP-2026-101644 EXPLOITDB text
D-Link DSL-2730B AU_2.01 - Authentication Bypass DNS Change
by Todor Donev
EIP-2026-102313 EXPLOITDB text VERIFIED
WiFi HD 8.1 - Directory Traversal / Denial of Service
by Wh1t3Rh1n0 (Michael Allen)
EIP-2026-101576 EXPLOITDB text
Broadlight Residential Gateway DI3124 - Remote DNS Change
by Todor Donev
EIP-2026-113999 EXPLOITDB text VERIFIED
WordPress Plugin Really Simple Guest Post 1.0.6 - Local File Inclusion
by Kuroi'SH
CVE-2015-4153 EXPLOITDB text
Zanematthew ZM Ajax Login & Register < 1.0.9 - Path Traversal
Directory traversal vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to include and execute arbitrary php files via a relative path in the template parameter in a load_template action to wp-admin/admin-ajax.php.
by Panagiotis Vagenas
CVE-2015-4465 EXPLOITDB text
Zanematthew ZM Ajax Login & Register < 1.0.9 - XSS
Cross-site scripting (XSS) vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by Panagiotis Vagenas
EIP-2026-101117 EXPLOITDB text
ZTE AC 3633R USB Modem - Multiple Vulnerabilities
by Vishnu
EIP-2026-116529 EXPLOITDB text VERIFIED
WebDrive 12.2 (B4172) - Buffer Overflow (PoC)
by Vulnerability-Lab
EIP-2026-113058 EXPLOITDB text VERIFIED
VFront 0.99.2 - Cross-Site Request Forgery / Persistent Cross-Site Scripting
by hyp3rlinx
EIP-2026-113862 EXPLOITDB text VERIFIED
WordPress Plugin LeagueManager 3.9.11 - SQL Injection
by javabudd
EIP-2026-102893 EXPLOITDB text
Linux Kernel (PonyOS 3.0) - ELF Loader Local Privilege Escalation
by Hacker Fantastic
CVE-2015-1389 EXPLOITDB text
Aruba Networks ClearPass Policy Manager <6.4.5 - XSS
Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote attackers to inject arbitrary web script or HTML via the username parameter to tips/tipsLoginSubmit.action.
by Cristiano Maruti
EIP-2026-112574 EXPLOITDB text
TCPDF Library 5.9 - Arbitrary File Deletion
by Filippo Roncari
EIP-2026-102490 EXPLOITDB text
JSPMyAdmin 1.1 - Multiple Vulnerabilities
by hyp3rlinx
By Source
All 31,337 Writeup 60,059 Exploitdb 49,996 Nomisec 21,618 Metasploit 3,219 Github 2,556 Vulncheck_xdb 904 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,337 python 5,936 ruby 5,908 c 3,565 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 90 go 53 postscript 25 xml 24