Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-106475 EXPLOITDB text
Django 3.0 - Cross-Site Request Forgery Token Bypass
by Spad Security Group
CVE-2020-5735 EXPLOITDB HIGH python
Amcrest Cameras and NVR - Authenticated Stack-based Buffer Overflow via Port 37777
Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenticated remote attacker can abuse this issue to crash the device and possibly execute arbitrary code.
by Jacob Baines
CVSS 8.8
CVE-2020-37128 EXPLOITDB MEDIUM python
ZOC Terminal 7.25.5 - Denial of Service via Malicious REXX Script Processing
ZOC Terminal 7.25.5 contains a script processing vulnerability that allows local attackers to crash the application by loading a maliciously crafted REXX script file. Attackers can generate an oversized script with 20,000 repeated characters to trigger an application crash and cause a denial of service.
by chuyreds
CVSS 6.2
CVE-2020-37127 EXPLOITDB MEDIUM python
Dnsmasq-utils <2.79-1 - Buffer Overflow
Dnsmasq-utils 2.79-1 contains a buffer overflow vulnerability in the dhcp_release utility that allows attackers to cause a denial of service by supplying excessive input. Attackers can trigger a core dump and terminate the dhcp_release process by sending a crafted input string longer than 16 characters.
by JosueEncinar
CVSS 5.5
CVE-2025-34086 EXPLOITDB HIGH python
Bolt CMS <3.7.0 - Authenticated RCE
Bolt CMS versions 3.7.0 and earlier contain a chain of vulnerabilities that together allow an authenticated user to achieve remote code execution. A user with valid credentials can inject arbitrary PHP code into the displayname field of the user profile, which is rendered unsanitized in backend templates. The attacker can then list and rename cached session files via the /async/browse/cache/.sessions and /async/folder/rename endpoints. By renaming a .session file to a path under the publicly accessible /files/ directory with a .php extension, the attacker can turn the injected code into an executable web shell. Finally, the attacker triggers the payload via a crafted HTTP GET request to the rogue file. NOTE: The vendor announced that Bolt 3 reached end-of-life after 31 December 2021.
by r3m0t3nu11
CVSS 8.8
CVE-2020-37152 EXPLOITDB MEDIUM text VERIFIED
PHP-Fusion 9.03.50 - Cross-Site Scripting via Panel Content POST Parameter
PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting (XSS) via the 'panel_content' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted input to the 'panel_content' field in panels.php, resulting in execution of malicious scripts in the context of the affected site.
by hyp3rlinx
CVSS 6.1
CVE-2020-37136 EXPLOITDB HIGH text
ZOC Terminal 7.25.5 - Denial of Service via Private Key File Input Buffer Overflow
ZOC Terminal 7.25.5 contains a denial of service vulnerability in the private key file input field that allows attackers to crash the application. Attackers can overwrite the private key file input with a 2000-byte buffer, causing the application to become unresponsive when attempting to create SSH key files.
by chuyreds
CVSS 7.5
CVE-2020-37134 EXPLOITDB HIGH python
UltraVNC Viewer 1.2.4.0 - Denial of Service via Malformed VNC Server Input
UltraVNC Viewer 1.2.4.0 contains a denial of service vulnerability that allows attackers to crash the application by manipulating VNC Server input. Attackers can generate a malformed 256-byte payload and paste it into the VNC Server connection dialog to trigger an application crash.
by chuyreds
CVSS 7.5
CVE-2020-37133 EXPLOITDB HIGH python
UltraVNC < 1.2.4.0 - Denial of Service via Repeater Host Configuration Field
UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in the Repeater Host configuration field that allows attackers to crash the application. Attackers can paste an overly long string of 300 characters into the Repeater Host property to trigger an application crash.
by chuyreds
CVSS 7.5
CVE-2020-37132 EXPLOITDB MEDIUM python
UltraVNC < 1.2.4.0 - Denial of Service via Password Field Overflow
UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in its password configuration properties that allows local attackers to crash the application. Attackers can paste an overly long 300-character string into the password field to trigger an application crash and prevent normal launcher functionality.
by chuyreds
CVSS 6.2
CVE-2020-37131 EXPLOITDB MEDIUM python
Nsauditor Product Key Explorer <4.2.2.0 - DoS
Nsauditor Product Key Explorer 4.2.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting a specially crafted registration key. Attackers can generate a payload of 1000 bytes of repeated characters and paste it into the 'Key' input field to trigger the application crash.
by 0xMoHassan
CVSS 6.2
CVE-2020-37130 EXPLOITDB HIGH python
Nsauditor < 3.2.0.0 - Denial of Service via Registration Name Input Field
Nsauditor 3.2.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can create a malicious payload of 1000 bytes of repeated characters to trigger an application crash when pasted into the registration name field.
by 0xMoHassan
CVSS 7.5
CVE-2020-37129 EXPLOITDB CRITICAL text
Memu Play 7.1.3 - Privilege Escalation
Memu Play 7.1.3 contains an insecure folder permissions vulnerability that allows low-privileged users to modify the MemuService.exe executable. Attackers can replace the service executable with a malicious file during system restart to gain SYSTEM-level privileges by exploiting unrestricted file modification permissions.
by chuyreds
CVSS 9.8
EIP-2026-118032 EXPLOITDB python
Triologic Media Player 8 - '.m3l' Buffer Overflow (Unicode) (SEH)
by Felipe Winsnes
EIP-2026-116302 EXPLOITDB python
SpotAuditor 5.3.4 - 'Name' Denial of Service (PoC)
by 0xMoHassan
EIP-2026-115307 EXPLOITDB python
Frigate 3.36 - Denial of Service (PoC)
by inter
CVE-2020-11456 EXPLOITDB MEDIUM text
LimeSurvey < 4.1.12+200324 - Stored Cross-Site Scripting in Survey Groups
LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (aka survey groups).
by Matthew Aberegg
CVSS 5.4
CVE-2020-11455 EXPLOITDB CRITICAL text VERIFIED
LimeSurvey < 4.1.12+200324 - Path Traversal in LimeSurveyFileManager
LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.
by Matthew Aberegg
CVSS 9.8
CVE-2019-18426 EXPLOITDB HIGH text
WhatsApp Desktop < 0.3.9309 and WhatsApp for iPhone < 2.20.10 - Cross-Site Scripting via Link Preview
A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message.
by Gal Weizman
CVSS 8.2
EIP-2026-104476 EXPLOITDB ruby VERIFIED
Vesta Control Panel 0.9.8-26 - Authenticated Remote Code Execution (Metasploit)
by Mehmet Ince
CVE-2020-11457 EXPLOITDB MEDIUM text
pfSense < 2.4.5 - Stored Cross-Site Scripting via User Full Name Parameter
pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) of a user.
by Matthew Aberegg
CVSS 5.4
EIP-2026-116752 EXPLOITDB python
AIDA64 Engineer 6.20.5300 - 'Report File' filename Buffer Overflow (SEH)
by Hodorsec
EIP-2026-110463 EXPLOITDB python
Pandora FMS 7.0NG - 'net_tools.php' Remote Code Execution
by Basim Alabdullah
CVE-2020-37137 EXPLOITDB MEDIUM text
PHP-Fusion 9.03.50 - Remote Code Execution via panels.php Panel Content Parameter
PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'add_panel_form()' function that allows attackers to execute arbitrary code through an eval() function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panel_content POST parameters to the panels.php administration endpoint to execute malicious code.
by Unkn0wn
CVSS 6.1
CVE-2020-36881 EXPLOITDB HIGH python
Flexsense DiskBoss 7.7.14 - Buffer Overflow
Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Input Directory' component that allows unauthenticated attackers to execute arbitrary code on the system. Attackers can exploit this by pasting a specially crafted directory path into the 'Add Input Directory' field.
by Paras Bhatia
CVSS 7.8