Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-12615 EXPLOITDB HIGH text
Apache Tomcat 7.0.0-7.0.79 - Unauthenticated Remote Code Execution via JSP Upload
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
by xxlegend
CVSS 8.1
CVE-2017-0785 EXPLOITDB MEDIUM python
Android 4.4.4-8.0 - Information Disclosure via Bluetooth
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698.
by Kert Ojasoo
CVSS 6.5
CVE-2017-8731 EXPLOITDB HIGH text VERIFIED
Microsoft Edge - Remote Code Execution via Memory Corruption
Microsoft Edge in Microsoft Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8734, CVE-2017-8751, and CVE-2017-11766.
by Google Security Research
CVSS 7.5
CVE-2017-8734 EXPLOITDB HIGH html VERIFIED
Microsoft Edge - Remote Code Execution via Memory Corruption
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8731, CVE-2017-8751, and CVE-2017-11766.
by Google Security Research
CVSS 7.5
EIP-2026-103271 EXPLOITDB ruby
DenyAll WAF < 6.3.0 - Remote Code Execution (Metasploit)
by Mehmet Ince
CVE-2016-4372 EXPLOITDB CRITICAL python
HPE iMC PLAT <7.2 - Remote Code Execution
HPE iMC PLAT before 7.2 E0403P04, iMC EAD before 7.2 E0405P05, iMC APM before 7.2 E0401P04, iMC NTA before 7.2 E0401P01, iMC BIMS before 7.2 E0402P02, and iMC UAM_TAM before 7.2 E0405P05 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
by Raphael Kuhn
CVSS 9.8
CVE-2017-8682 EXPLOITDB HIGH text VERIFIED
Microsoft Office 2007 - Improper Input Validation
Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, Windows Server 2016, Microsoft Office Word Viewer, Microsoft Office 2007 Service Pack 3 , and Microsoft Office 2010 Service Pack 2 allows an attacker to execute remote code by the way it handles embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8683.
by Google Security Research
CVSS 8.8
CVE-2017-8683 EXPLOITDB MEDIUM text VERIFIED
Windows Graphics - Remote Code Execution via Embedded Font Handling
Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an attacker to execute remote code by the way it handles embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8682.
by Google Security Research
CVSS 5.5
CVE-2017-8678 EXPLOITDB MEDIUM c++ VERIFIED
Windows Kernel - Information Disclosure via Improper Memory Handling
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8677, CVE-2017-8680, CVE-2017-8681, and CVE-2017-8687.
by Google Security Research
CVSS 5.5
CVE-2017-8681 EXPLOITDB MEDIUM c++ VERIFIED
Windows Kernel - Information Disclosure via Improper Memory Handling
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8677, and CVE-2017-8687.
by Google Security Research
CVSS 5.5
CVE-2017-8680 EXPLOITDB MEDIUM c++ VERIFIED
Windows Kernel - Information Disclosure via Improper Memory Object Handling
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8677, CVE-2017-8681, and CVE-2017-8687.
by Google Security Research
CVSS 5.5
CVE-2017-8684 EXPLOITDB MEDIUM c++ VERIFIED
Windows GDI+ Kernel Memory Address Disclosure in Windows 7 SP1, 8.1, Server 2008 SP2/R2 SP1, Server 2012/2012 R2, RT 8.1
Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1, allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8685 and CVE-2017-8688.
by Google Security Research
CVSS 5.5
CVE-2017-8685 EXPLOITDB MEDIUM c++ VERIFIED
Windows GDI+ on Windows 7 SP1 and Windows Server 2008 SP2/R2 SP1 - Kernel Memory Address Disclosure
Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8684 and CVE-2017-8688.
by Google Security Research
CVSS 5.5
CVE-2017-8687 EXPLOITDB MEDIUM c++ VERIFIED
Windows Kernel - Information Disclosure via Improper Memory Handling
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8677, and CVE-2017-8681.
by Google Security Research
CVSS 5.5
CVE-2017-8708 EXPLOITDB MEDIUM c++ VERIFIED
Windows Kernel - Information Disclosure via Improper Memory Handling
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8679, CVE-2017-8709, and CVE-2017-8719.
by Google Security Research
CVSS 4.7
CVE-2017-9798 EXPLOITDB HIGH python
Apache httpd <2.4.28 - Use After Free
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.
by Hanno Bock
CVSS 7.5
CVE-2017-14244 EXPLOITDB CRITICAL text
iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 - Auth Bypass
An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access administrative router settings by crafting URLs with a .cgi extension, as demonstrated by /info.cgi and /password.cgi.
by Gem George
CVSS 9.8
EIP-2026-100244 EXPLOITDB python
Digirez 3.4 - Cross-Site Request Forgery (Update Admin)
by Ihsan Sencan
EIP-2026-100243 EXPLOITDB python
Digileave 1.2 - Cross-Site Request Forgery (Update Admin)
by Ihsan Sencan
EIP-2026-100242 EXPLOITDB python
DigiAffiliate 1.4 - Cross-Site Request Forgery (Update Admin)
by Ihsan Sencan
CVE-2017-14311 EXPLOITDB HIGH c
NetMechanica NetDecision 5.8.2 - Privilege Escalation
The Winring0x32.sys driver in NetMechanica NetDecision 5.8.2 allows local users to gain privileges via a crafted 0x9C402088 IOCTL call.
by Peter Baris
CVSS 7.8
CVE-2017-14507 EXPLOITDB CRITICAL text
Content Timeline plugin 4.4.2 - SQL Injection
Multiple SQL injection vulnerabilities in the Content Timeline plugin 4.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) timeline parameter in content_timeline_class.php; or the id parameter to (2) pages/content_timeline_edit.php or (3) pages/content_timeline_index.php.
by Jeroen - IT Nerdbox
CVSS 9.8
EIP-2026-111572 EXPLOITDB text
PTCEvolution 5.50 - SQL Injection
by Ihsan Sencan
EIP-2026-107996 EXPLOITDB text
iTech Gigs Script 1.20 - 'cat' SQL Injection
by 8bitsec
EIP-2026-106138 EXPLOITDB text
Contact Manager 1.0 - 'femail' SQL Injection
by Ihsan Sencan
By Source
All 50,076 Writeup 62,194 Exploitdb 50,076 Nomisec 22,389 Github 3,603 Metasploit 3,311 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,561 ruby 6,002 c 3,626 perl 2,849 html 2,075 php 1,333 bash 462 java 370 c++ 260 javascript 229 shell 131 go 73 postscript 25 typescript 25