Exploitdb Exploits

50,073 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-6331 EXPLOITDB HIGH c VERIFIED
Symantec Endpoint Protection <SEP 14 RU1 - Privilege Escalation
Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that is run on servers and clients.
by hyp3rlinx
CVSS 7.1
CVE-2025-34095 EXPLOITDB CRITICAL ruby VERIFIED
Mako Server 2.5-2.6 - Command Injection
An OS command injection vulnerability exists in Mako Server versions 2.5 and 2.6, specifically within the tutorial interface provided by the examples/save.lsp endpoint. An unauthenticated attacker can send a crafted PUT request containing arbitrary Lua os.execute() code, which is then persisted on disk and triggered via a subsequent GET request to examples/manage.lsp. This allows remote command execution on the underlying operating system, impacting both Windows and Unix-based deployments.
by Metasploit
CVE-2017-11810 EXPLOITDB HIGH html VERIFIED
Microsoft Windows <10 - Code Injection
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.
by Google Security Research
CVSS 7.5
CVE-2017-16642 EXPLOITDB HIGH php VERIFIED
PHP <5.6.32, 7.x <7.0.25, 7.1.x <7.1.11 - Info Disclosure
In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.
by Wei Lei and Liu Yang
CVSS 7.5
CVE-2017-16542 EXPLOITDB HIGH text
Zoho ManageEngine Applications Manager <13 - SQL Injection
Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request.
by Cody Sixteen
CVSS 8.8
CVE-2017-16543 EXPLOITDB CRITICAL text
Zoho ManageEngine Applications Manager <13 - SQL Injection
Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter.
by Cody Sixteen
CVSS 9.8
EIP-2026-116605 EXPLOITDB python VERIFIED
Xlight FTP Server 3.8.8.5 - Buffer Overflow (PoC)
by bzyo
EIP-2026-110561 EXPLOITDB text VERIFIED
pfSense 2.3.1_1 - Command Execution
by s4squatch
CVE-2017-16935 EXPLOITDB CRITICAL
Ametys < 4.0.3 - Unauthenticated Access Control Bypass via Direct Request
Ametys before 4.0.3 requires authentication only for URIs containing a /cms/ substring, which allows remote attackers to bypass intended access restrictions via a direct request to /plugins/core-ui/servercomm/messages.xml, as demonstrated by changing the admin password by obtaining account details via a users/search.json request, and then modifying the account via an editUser request.
by SecuriTeam
CVSS 9.8
CVE-2017-5123 EXPLOITDB HIGH c
Linux Kernel 4.13 through 4.13.7 - Sandbox Escape via waitid
Insufficient data validation in waitid allowed an user to escape sandboxes on Linux.
by Chris Salls
CVSS 8.8
CVE-2017-11309 EXPLOITDB CRITICAL text
Avaya IP Office < 10.1.1 - Remote Code Execution via SoftConsole Long Response
Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response.
by hyp3rlinx
CVSS 9.6
EIP-2026-116256 EXPLOITDB python
SMPlayer 17.11.0 - '.m3u' Buffer Overflow (PoC)
by bzyo
CVE-2017-12969 EXPLOITDB HIGH text
Avaya IP Office Contact Center < 10.1.1 - Remote Code Execution via ViewerCtrl ActiveX Buffer Overflow
Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method.
by hyp3rlinx
CVSS 8.8
CVE-2017-16562 EXPLOITDB CRITICAL text
UserPro plugin <4.9.17.1 - Auth Bypass
The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the up_auto_log parameter in the QUERY_STRING to the default URI.
by Colette Chamberland
CVSS 9.8
EIP-2026-101151 EXPLOITDB text
Actiontec C1000A Modem - Backdoor Account
by Joseph McDonagh
CVE-2019-1010268 EXPLOITDB CRITICAL text
Ladon 0.6.1-0.9.39 - XML External Entity Injection in SOAP Request Handlers
Ladon since 0.6.1 (since ebef0aae48af78c159b6fce81bc6f5e7e0ddb059) is affected by: XML External Entity (XXE). The impact is: Information Disclosure, reading files and reaching internal network endpoints. The component is: SOAP request handlers. For instance: https://bitbucket.org/jakobsg/ladon/src/42944fc012a3a48214791c120ee5619434505067/src/ladon/interfaces/soap.py#lines-688. The attack vector is: Send a specially crafted SOAP call.
by RedTeam Pentesting
CVSS 9.8
CVE-2017-16352 EXPLOITDB HIGH python
GraphicsMagick 1.3.26 - Buffer Overflow
GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag.
by SecuriTeam
CVSS 8.8
EIP-2026-115493 EXPLOITDB python
Jnes 1.0.2 - Stack Buffer Overflow
by crash_manucoot
CVE-2017-16513 EXPLOITDB HIGH python VERIFIED
Ipswitch WS_FTP Pro <12.6.0.3 - Buffer Overflow
Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in the local search field and the backup locations field, aka WSCLT-1729.
by Kevin McGuigan
CVSS 7.8
CVE-2014-8517 EXPLOITDB ruby VERIFIED
macOS X - Remote Command Execution via HTTP Redirect Pipe Character
The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect.
by Metasploit
EIP-2026-113851 EXPLOITDB text
WordPress Plugin JTRT Responsive Tables 4.1 - SQL Injection
by Lenon Leite
CVE-2017-16568 EXPLOITDB MEDIUM text
Logitech Media Server 7.9.0 - Stored Cross-Site Scripting in Radio Functionality
Persistent Cross-Site Scripting (XSS) vulnerability in Logitech Media Server 7.9.0, affecting the "Radio" functionality. This vulnerability allows attackers to inject malicious JavaScript payloads, which become permanently stored on the server and execute when a user plays the compromised radio stream. Exploitation of this vulnerability can lead to Session hijacking and unauthorized access, Persistent manipulation of web content within the application, and Phishing or malicious redirects to external domains. This vulnerability can be exploited to manipulate media server behavior in enterprise and home network environments.
by Dewank Pant
CVSS 5.4
CVE-2017-16567 EXPLOITDB MEDIUM text
Logitech Media Server 7.9.0 - Stored Cross-Site Scripting in Favorites Feature
Persistent Cross-Site Scripting (XSS) vulnerability in Logitech Media Server 7.9.0, affecting the "Favorites" feature. This vulnerability allows remote attackers to inject and permanently store malicious JavaScript payloads, which are executed when users access the affected functionality. Exploitation of this vulnerability can lead to Session Hijacking and Credential Theft, Execution of unauthorized actions on behalf of users, and Exfiltration of sensitive data. This vulnerability presents a potential risk for widespread exploitation in connected IoT environments.
by Dewank Pant
CVSS 5.4
CVE-2017-16353 EXPLOITDB MEDIUM python
GraphicsMagick 1.3.26 - Info Disclosure
GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked.
by SecuriTeam
CVSS 6.5
CVE-2017-16249 EXPLOITDB HIGH python
Brother DCP-J132W Firmware < 1.20 - Denial of Service via Malformed HTTP POST Request
The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying (~300 seconds) with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web interface is inaccessible. An attacker can continuously send this malformed request to keep the device inaccessible to legitimate traffic.
by z00n
CVSS 7.5
By Source
All 50,073 Writeup 61,940 Exploitdb 50,073 Nomisec 22,287 Github 3,454 Metasploit 3,294 Vulncheck_xdb 926 Inthewild 514 Gitlab 470 Gitee 415 Patchapalooza 312
By Language
text 31,383 python 6,476 ruby 5,984 c 3,619 perl 2,849 html 2,069 php 1,331 bash 462 java 370 c++ 255 javascript 227 shell 125 go 72 postscript 25 typescript 24