Exploitdb Exploits

50,091 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-15982 EXPLOITDB HIGH text
Adobe Flash Player < 31.0.0.153 - Use-After-Free
Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
by smgorelik
CVSS 7.8
EIP-2026-114393 EXPLOITDB text
WSTMart 2.0.8 - Cross-Site Scripting
by linfeng
CVE-2018-19138 EXPLOITDB HIGH text
WSTMart 2.0.7 - Cross-Site Request Forgery via Admin Staff Add URI
WSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html URI.
by linfeng
CVSS 8.8
CVE-2018-25435 EXPLOITDB MEDIUM html
ZeusCart 4.0 - Cross-Site Request Forgery via regstatus Endpoint
ZeusCart 4.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of victims by crafting malicious requests. Attackers can deactivate customer accounts via the admin interface by tricking users into visiting attacker-controlled pages that submit requests to the regstatus endpoint with action=deny parameters.
by mqt
CVSS 5.3
EIP-2026-117515 EXPLOITDB text
Microsoft Windows - 'MsiAdvertiseProduct' Arbitrary File Read
by evil_polar_bear
EIP-2026-116788 EXPLOITDB python
AnyBurn 4.3 - Local Buffer Overflow (SEH)
by Matteo Malvica
EIP-2026-116787 EXPLOITDB python
AnyBurn 4.3 - Local Buffer Overflow (SEH)
by Matteo Malvica
EIP-2026-116330 EXPLOITDB python
SQLScan 1.0 - Denial of Service (PoC)
by Rafael Pedrero
EIP-2026-116329 EXPLOITDB python
SQLScan 1.0 - Denial of Service (PoC)
by Rafael Pedrero
EIP-2026-115644 EXPLOITDB html
Microsoft Edge 42.17134.1.0 - 'Tree::ANode::DocumentLayout' Denial of Service
by Bogdan Kurinnoy
CVE-2018-1160 EXPLOITDB CRITICAL python VERIFIED
netatalk < 3.1.12 - Unauthenticated Out-of-bounds Write in dsi_opensess.c
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.
by Jacob Baines
CVSS 9.8
CVE-2018-1160 EXPLOITDB CRITICAL python VERIFIED
netatalk < 3.1.12 - Unauthenticated Out-of-bounds Write in dsi_opensess.c
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.
by Tenable NS
CVSS 9.8
CVE-2018-25265 EXPLOITDB HIGH python
LanSpy 2.0.1.159 Local Buffer Overflow
LanSpy 2.0.1.159 contains a local buffer overflow vulnerability in the scan section that allows local attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious payloads using egghunter techniques to locate and execute shellcode, triggering code execution through SEH chain manipulation and controlled jumps.
by bzyo
CVSS 8.4
CVE-2018-19357 EXPLOITDB HIGH python
XMPlay 3.8.3 - Remote Code Execution via Crafted HTTP URL in M3U File
XMPlay 3.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted http:// URL in a .m3u file.
by s7acktrac3
CVSS 7.8
EIP-2026-117514 EXPLOITDB text
Microsoft Windows - 'MsiAdvertiseProduct' Arbitrary File Copy/Read
by SandboxEscaper
EIP-2026-116882 EXPLOITDB python
Base64 Decoder 1.1.2 - Local Buffer Overflow (SEH)
by bzyo
EIP-2026-116881 EXPLOITDB python
Base64 Decoder 1.1.2 - Local Buffer Overflow (SEH)
by bzyo
CVE-2018-8625 EXPLOITDB HIGH text VERIFIED
Internet Explorer 9, 10, 11 - Remote Code Execution via VBScript Engine Use-After-Free
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.
by Google Security Research
CVSS 7.5
CVE-2018-8619 EXPLOITDB HIGH text VERIFIED
Internet Explorer 9-11 - Remote Code Execution via VBScript Execution Policy Bypass
A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, aka "Internet Explorer Remote Code Execution Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.
by Google Security Research
CVSS 7.5
EIP-2026-103899 EXPLOITDB ruby VERIFIED
Erlang - Port Mapper Daemon Cookie Remote Code Execution (Metasploit)
by Metasploit
EIP-2026-103898 EXPLOITDB ruby VERIFIED
Erlang - Port Mapper Daemon Cookie Remote Code Execution (Metasploit)
by Metasploit
CVE-2018-25218 EXPLOITDB HIGH python
PassFab RAR Password Recovery 9.3.2 SEH Buffer Overflow
PassFab RAR Password Recovery 9.3.2 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a payload with a buffer overflow, NSEH jump, and shellcode, then paste it into the 'Licensed E-mail and Registration Code' field during registration to trigger code execution.
by Achilles
CVSS 8.4
CVE-2018-25217 EXPLOITDB HIGH python
PDF Explorer 1.5.66.2 Structured Exception Handler Local Code Execution
PDF Explorer 1.5.66.2 contains a structured exception handler (SEH) overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH records with malicious data. Attackers can craft a payload with buffer overflow, NSEH jump, and ROP gadget chains that execute when the Custom fields settings dialog processes the malicious input in the Label field.
by Achilles
CVSS 8.4
EIP-2026-117400 EXPLOITDB python
LanSpy 2.0.1.159 - Local Buffer Overflow
by Juan Prescotto
EIP-2026-117399 EXPLOITDB python
LanSpy 2.0.1.159 - Local Buffer Overflow
by Juan Prescotto