Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-14243 EXPLOITDB CRITICAL text
UTStar WA3002G4 ADSL Broadband Modem - Auth Bypass
An authentication bypass vulnerability on UTStar WA3002G4 ADSL Broadband Modem WA3002G4-0021.01 devices allows attackers to directly access administrative settings and obtain cleartext credentials from HTML source, as demonstrated by info.cgi, upload.cgi, backupsettings.cgi, pppoe.cgi, resetrouter.cgi, and password.cgi.
by Gem George
CVSS 9.8
EIP-2026-118726 EXPLOITDB ruby
Lockstep Backup for Workgroups 4.0.3 - Remote Buffer Overflow (Metasploit)
by James Fitts
CVE-2014-0787 EXPLOITDB ruby
WellinTech KingSCADA < 3.1.2.13 - Remote Code Execution via Crafted Packet
Stack-based buffer overflow in WellinTech KingSCADA before 3.1.2.13 allows remote attackers to execute arbitrary code via a crafted packet.
by James Fitts
EIP-2026-118630 EXPLOITDB ruby
haneWIN DNS Server 1.5.3 - Remote Buffer Overflow (Metasploit)
by James Fitts
CVE-2013-0946 EXPLOITDB ruby
EMC AlphaStor 4.0 <build 910 - Buffer Overflow
Buffer overflow in the Library Control Program (LCP) in EMC AlphaStor 4.0 before build 910 allows remote attackers to execute arbitrary code via crafted commands.
by James Fitts
EIP-2026-118512 EXPLOITDB ruby
EMC AlphaStor Device Manager - Opcode 0x72 Buffer Overflow (Metasploit)
by James Fitts
EIP-2026-118373 EXPLOITDB ruby
Cloudview NMS 2.00b - Writable Directory Traversal Execution (Metasploit)
by James Fitts
EIP-2026-112645 EXPLOITDB text
Theater Management Script - SQL Injection
by Ihsan Sencan
EIP-2026-111569 EXPLOITDB text
PTC KSV1 Script 1.7 - 'type' SQL Injection
by Ihsan Sencan
EIP-2026-108944 EXPLOITDB text
Justdial Clone Script - 'fid' SQL Injection
by Ihsan Sencan
EIP-2026-106885 EXPLOITDB text
Enterprise Edition Payment Processor Script 3.7 - SQL Injection
by Ihsan Sencan
EIP-2026-104964 EXPLOITDB text
Adserver Script 5.6 - SQL Injection
by Ihsan Sencan
CVE-2017-11435 EXPLOITDB CRITICAL python
Humax HG100R-* 2.0.6 - Unauthenticated Exposure of Sensitive Information via API Session Token Bypass
The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authentication bypass vulnerability via specially crafted requests to the management console. The bug is exploitable remotely when the router is configured to expose the management console. The router is not validating the session token while returning answers for some methods in url '/api'. An attacker can use this vulnerability to retrieve sensitive information such as private/public IP addresses, SSID names, and passwords.
by Kivson
CVSS 9.8
CVE-2017-20184 EXPLOITDB HIGH ruby
Carlo Gavazzi Powersoft <2.1.1.1 - Path Traversal
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Carlo Gavazzi Powersoft up to version 2.1.1.1 allows an unauthenticated, remote attacker to download any file from the affected device.
by James Fitts
CVSS 7.5
CVE-2014-0780 EXPLOITDB CRITICAL ruby
InduSoft Web Studio 7.1 - Path Traversal and Arbitrary Code Execution via NTWebServer
Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests.
by James Fitts
CVSS 9.8
CVE-2011-3487 EXPLOITDB ruby
Carel PlantVisor <2.4.4 - Path Traversal
Directory traversal vulnerability in CarelDataServer.exe in Carel PlantVisor 2.4.4 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request.
by James Fitts
EIP-2026-119338 EXPLOITDB ruby
ZScada Modbus Buffer 2.0 - Stack Buffer Overflow (Metasploit)
by James Fitts
CVE-2017-5177 EXPLOITDB HIGH ruby
VIPA Controls WinPLC7 <5.0.45.5921 - Buffer Overflow
A Stack Buffer Overflow issue was discovered in VIPA Controls WinPLC7 5.0.45.5921 and prior. A stack-based buffer overflow vulnerability has been identified, where an attacker with a specially crafted packet could overflow the fixed length buffer. This could allow remote code execution.
by James Fitts
CVSS 7.5
EIP-2026-119130 EXPLOITDB ruby
Sielco Sistemi Winlog 2.07.16 - Remote Buffer Overflow (Metasploit)
by James Fitts
EIP-2026-118923 EXPLOITDB ruby
Motorola Netopia Netoctopus SDCS - Remote Stack Buffer Overflow (Metasploit)
by James Fitts
CVE-2017-8759 EXPLOITDB HIGH text
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 - Remote Code Execution
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."
by Voulnet
CVSS 7.8
EIP-2026-118755 EXPLOITDB text VERIFIED
Mako Web Server 2.5 - Multiple Vulnerabilities
by hyp3rlinx
CVE-2016-8377 EXPLOITDB HIGH ruby
Fatek Automation PLC WinProladder <3.11 Build 14701 - Buffer Overflow
An issue was discovered in Fatek Automation PLC WinProladder Version 3.11 Build 14701. A stack-based buffer overflow vulnerability exists when the software application connects to a malicious server, resulting in a stack buffer overflow. This causes an exploitable Structured Exception Handler (SEH) overwrite condition that may allow remote code execution.
by James Fitts
CVSS 8.0
CVE-2005-2842 EXPLOITDB ruby
DameWare Mini Remote Control <4.9.0 - RCE
Buffer overflow in dwrcs.exe in DameWare Mini Remote Control before 4.9.0 allows remote attackers to execute arbitrary code via the username.
by James Fitts
EIP-2026-118374 EXPLOITDB ruby
Cloudview NMS < 2.00b - Arbitrary File Upload (Metasploit)
by James Fitts
By Source
All 50,076 Writeup 62,194 Exploitdb 50,076 Nomisec 22,389 Github 3,603 Metasploit 3,311 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,561 ruby 6,002 c 3,626 perl 2,849 html 2,075 php 1,333 bash 462 java 370 c++ 260 javascript 229 shell 131 go 73 postscript 25 typescript 25